37
CapitaLand Mall Trust
Annual Report 2015
Overview
Sustainability
Business
Review
Portfolio
Details
Corporate
Governance &
Transparency
Financials &
Additional
Information
The Board has overall responsibility for the governance of risk and oversees the Manager in the design,
implementation and monitoring of the risk management and internal controls systems. The AC assists the
Board in carrying out the Board’s responsibility of overseeing the risk management framework and policies of
CMT Group.
The AC is guided by its terms of reference, in particular, the AC:
(a) makes recommendations to the Board on Risk Appetite Statement (RAS) for CMT Group;
(b) assesses the adequacy and effectiveness of the risk management and internal controls systems established
by the Manager to manage risks;
(c) oversees Management in the formulation, updating and maintenance of an adequate and effective risk
management framework, policies and strategies for managing risks that are consistent with CMT Group’s risk
appetite and reports to the Board on its decisions on any material matters concerning the aforementioned;
(d) makes the necessary recommendations to the Board such that an opinion relating to the adequacy and
effectiveness of the risk management and internal controls system can be made by the Board in the annual
report of CMT in accordance with the Listing Manual and the Code; and
(e) considers and advises on risk matters referred to it by Management or the Board including reviewing and
reporting to the Board on any material breaches of the RAS, any material non-compliance with the approved
framework and policies and the adequacy of any proposed action.
The Manager adopts an Enterprise Risk Management (ERM) Framework which sets out the required environmental
and organisational components for managing risk in an integrated, systematic and consistent manner. The ERM
Framework and related policies are reviewed annually.
The Manager consistently seeks to improve and strengthen its ERM Framework. As part of the ERM Framework,
the Manager, among other things, undertakes and performs a Risk and Control Self-Assessment (RCSA)
process. As a result of the RCSA process, the Manager produces and maintains a risk register which identifies
the material risks CMT Group faces and the corresponding internal controls it has in place to manage or mitigate
those risks. The material risks are reviewed annually by the AC and the Board. The AC also reviews the approach
of identifying and assessing risks and internal controls in the risk register. The system of risk management and
internal controls is reviewed and, where appropriate, refined regularly by the Manager, the AC and the Board.
Where relevant, reference is made to the best practices and guidance in the Risk Governance Guidance for
Listed Boards issued by the Corporate Governance Council.
The Manager has established an approach on how risk appetite is defined, monitored and reviewed for CMT
Group. Approved by the Board, CMT Group’s RAS addresses the management of material risks faced by CMT
Group. Alignment of CMT Group’s risk profile to the RAS is achieved through various communication and
monitoring mechanisms put in place across the various functions within the Manager.
More information on the Manager’s ERM Framework can be found in the Enterprise Risk Management section
on pages 48 to 50 of this Annual Report.
Internal and external auditors conduct audits that involve testing the effectiveness of the material internal controls
for CMT Group addressing financial, operational, compliance and information technology risks. This includes
testing, where practical, material internal controls in areas managed by external service providers. Any material
non-compliance or lapses in internal controls together with corrective measures recommended by the internal
and external auditors are reported to and reviewed by the AC. The adequacy and effectiveness of the measures
taken by the Manager in response to the recommendations made by the internal and external auditors are also
reviewed by the AC.
