ENTERPRISE RISK MANAGEMENT AT ASTRO
In the aforementioned corporate governance context, Astro's listed vehicle, AMH states in its Annual Report 2013: "The Board is committed to applying and upholding high standards of corporate governance to safeguard and promote the interests
Exhibit 35.2 AOL's Regional Investments
of the shareholders and to enhance the long-term value of the Group. To this end, it has adopted the principles and recommendations set out in the Malaysian Code on Corporate Governance 2012."
The annual report states that the board is charged with, among other responsibilities, the review and approval of changes to management and control structures, including ERM. "The Board is committed to the implementation of Group Risk Management (GRM) as an integral part of the Group's planning practices and business processes, encapsulating the continuous identification, assessment, monitoring, and reporting of risks at all levels, from projects, [to] operations to strategy. The Group Risk Management Framework, consistent with the Committee of Sponsoring Organizations (COSO) enterprise risk management framework, sets out the risk management governance and infrastructure, risk management processes and control responsibilities."
The board of directors, through its Audit Committee, is assisted in these responsibilities by AMH's Group Risk Management Committee (GRMC). The GRMC meets at least quarterly, includes senior management from each business segment and unit, and is chaired by AMH's CEO. The CEO and CFO are accountable to the board of directors for the implementation of strategies, policies, and procedures to achieve an effective risk management framework.
Furthermore, Astro has linked senior executive pay to sound risk management up to the highest level of the organization: "Risk management has been identified as a key result area in the annual performance evaluation of the CEO and CFO."
If the lack of disclosure of key risks (other than financial risks) by top Malaysian companies was noted in the 2013 Corporate Governance Scorecard mentioned earlier, it is not the case at Astro, which also follows the guidance of the Global Reporting Initiative Framework and discloses – in addition to financial risks – seven other key risks: market and competition; political, legal, and regulatory; services availability; procuring exclusive and compelling content; technology and innovation; people; and branding and reputation.
Astro is also committed to what is increasingly recognized as a key success factor of long-lasting ERM implementation: risk culture. "Risk awareness and control consciousness are integral in cultivating a good risk and governance culture among the Group employees. Risk and control briefings, online training, and a web portal are in place to facilitate the ease of reference and better understanding of the risk management framework and internal control procedures."
Finally, to ensure consistent practices, Astro has adopted the concepts and terminology of the ISO 31000 International Standard (Risk Management – Principles and Guidelines, 2009) and the COSO process to ensure the ERM program is effectively implemented.