RISK MANAGEMENT RISK MANAGEMENT FRAMEWORK The Group maintains a robust risk management framework anchored on five key pillars which adopt principles and guidance from standards such as the International Organisation for Standardisation's 31000 Risk Management Standards, as well as relevant best practices and guidelines. The framework provides the principles and guidance for the Group’s risk management activities. The Group’s Enterprise Risk Management (ERM) function carries out periodical review to ensure that the framework remains relevant and practical to facilitate risk-informed decision-making. During the year, the Group’s ERM function also undertook and implemented several initiatives targeted at strengthening internal control system and building resilience in the ever-changing risk landscape. Some of the notable initiatives included: • Adopting a more proactive approach to asset-level readiness against geopolitical uncertainties and physical climate hazards. • Leveraging on loss modelling to optimise the balance between risk retention and risk transfer. • Enhancing policies, processes and training to deter and prepare internal stakeholders against cyber threats, data privacy and money laundering, and terrorism financing non-compliance threat. • Investing in resources strategically to strengthen governance, risk management and compliance activities • Refreshing of Control Self-Assessment (CSA). RISK STRATEGY AND CULTURE Our risk strategy and culture are based on the belief that risk management is the responsibility of all employees and that it must be integrated into strategy formulation, capital allocation, decision-making and day-to-day operations. The fostering of strong and sustainable ‘self-driven’ risk culture is guided by defined guiding principles that underpin the ERM operating model. Management is fully committed to fostering a strong riskcentric culture by setting the appropriate tone at the top and demonstrating strong support for risk management. Risk awareness and accountability are embedded in our culture through our governance structure that ensures appropriate oversight and accountability for effective management of risks throughout the Group, further supported by risk management principles that are embedded in all our decision-making and business processes. RISK APPETITE The risk appetite was set to define the extent of risks the Group is able and willing to take on to achieve our strategic and business objectives. The purpose of establishing a risk appetite framework is not to limit risk-taking, but to ensure that the Group’s risk profile remains within tolerable boundaries as opportunities are maximised. The risk appetite statements, along with the accompanying risk tolerance limits in both quantitative and/or qualitative terms, are reviewed annually. The Board has approved the following risk appetite statements: • The Group will continue to focus on business activities in identified core markets. Apart from the core markets, the Group shall otherwise not be overly exposed to any other single country. • The Group is prepared to undertake new investment and innovation initiatives commensurate to expected returns, and/or are in line with the Group’s core strength and strategic objectives. From acquisition to divestment, all investments undertaken should not have potential loss exposure that could significantly threaten the Group’s ability to continue as a going concern. • The Group will avoid any situations and/or actions that may result in negative impact on our reputation and branding. Should such situations arise, they will be managed aggressively to preserve our reputation and brand image. • The Group will maintain adequate liquid assets to cover planned cash outflows and shall not take speculative positions on interest rates and foreign exchange. • The Group maintains a ‘zero-tolerance’ position in relation to environment, health and safety breaches or lapses, non-compliance with laws and regulations, as well as criminally dishonest acts such as fraud, corruption, bribery and extortion. • The Group will minimise operational and IT risk, subject to the cost-benefit trade-off. The ERM function reports to the Management Risk Committee (MRC). The MRC monitors the Group risk profiles and regulatory compliance status on a quarterly basis. The five key pillars serve as the foundation of ERM execution and implementation CDL GROUP RISK MANAGEMENT FRAMEWORK Stakeholder engagements, scenario analysis incidents and loss modelling Key risk indicators, quarterly risk reporting, Control Self-Assessment Defined risk appetite, limits and threshold RISK MANAGEMENT PROCESS External environment as well as emerging or evolving threats on business execution Market concentration, liquidity, interest rate, foreign and internal financial management and control People, Processes, Systems Loss of information, data security, service disruption of critical IT systems Identify 1 2 3 4 Assess Treat Monitor & Report Managing risk is an integral part of the Group’s business and we continually strive towards best risk management practices. The Board is responsible for the governance of risk, sets the strategy for the Group and ensures that management maintains a sound system of risk management and internal controls. The Board is supported by the Audit & Risk Committee (ARC) and other Board committees which are constituted to address different aspects of the business. The ARC oversees financial reporting and audit matters, as well as the governance of risks. The ARC considers the nature and extent of significant risks which the Group may undertake in achieving its strategic objectives, and guides management in the formulation and implementation of the risk management framework, policies and processes. This ensures that significant risks are effectively identified, evaluated and mitigated, to safeguard shareholders’ interests and the Group’s assets, furthering corporate sustainability. The ARC also reports to the Board on crucial risk issues, material matters, findings, and recommendations. Guiding Principles Line managers are to own risks and be accountable Risk management activities are to hinge not only on processes and systems, but equally on a right mindset and attitude Risk management is to be benchmarked against global best practices A desired risk culture and mindset RISK CULTURE Defined risk appetite statements and tolerance limits RISK APPETITE Effective risk governance structure RISK GOVERNANCE A fit for purpose process for managing, monitoring and reporting risks RISK PROCESS Clear objectives, focus and guiding principles RISK STRATEGY STRATEGIC TREASURY AND FINANCIAL OPERATIONAL AND COMPLIANCE INFORMATION AND TECHNOLOGY CORPORATE GOVERNANCE 65 64 CORPORATE GOVERNANCE ANNUAL REPORT 2023 CITY DEVELOPMENTS LIMITED
RkJQdWJsaXNoZXIy ODIwNTc=