Annual Report 2014
81
Risk Management, Internal Controls and Internal Audit
Principle 11: Sound system of risk management and internal controls
Principle 13: Setting up independent internal audit function
Risk Management – In November 2012, the TIH board decided that the entire board as a whole should handle the
Risk Governance matters and policies and that a Risk Governance meeting should be held at least once a year.
The Board also decided that there is no necessity to have a separate Risk Officer appointed as the management of
TIH is handled by the Investment Manager. The Investment Manager is to report on risk matters and propose a
schedule on such reporting to include all risk governance, monitoring, policies and implementation.
The Board held its Risk Governance Committee (“
RGC
”) meeting on 6 November 2014 which was chaired
by Mr Daniel Budiman, the Chairman of the RGC. BDO LLP was appointed to assist the Board in reviewing
and updating the risk register based on an Enterprise Risk Management (“
ERM
”) workshop conducted for
the Company during the year. This register is meant to be an ongoing record of the major risks affecting the
Company. This register should be updated whenever the ERM exercise is extended to additional clusters.
The ERM defines the risk management policies and procedures that TIH needs to be complied with. It provides
a systematic and continuous approach to identifying and prioritizing risks that can affect the organisation and
also the corresponding countermeasures to the risks, where available and ultimately, reporting the assessment of
risks and countermeasures in place to the highest authority in the organisation to enable monitoring and relevant
decisions to be undertaken.
Terms of References of the Board Risk Committee are:
To determine and review the Company’s overall risk tolerance and strategy;
To determine and review the current risk exposures and future risk strategy of the Company;
In relation to risk assessment:
(a)
keep under review the Company’s overall risk assessment processes;
(b)
review regularly and approve the parameters used in these measures and the methodology adopted;
and
(c)
set a process for the accurate and timely monitoring of large exposures and certain risk types of
critical importance;
Company’s capability to identify and manage new risk types;
The proposed strategic transactions, focusing in particular on risk aspects and implications for the risk
tolerance of the Company, and taking independent external advice where appropriate and available;
Any material breaches of risk limits and the adequacy of proposed action;
Keep under review the effectiveness of the Company’s internal controls and risk management systems and
review and approve the statements to be included in the annual report concerning the effectiveness of the
Company’s internal control and risk management systems;
