48
CapitaLand Mall Trust
Annual Report 2015
Enterprise Risk Management
Risk management is an integral part of CapitaLand
Mall Trust and its subsidiaries (CMT Group)’s business
at both the strategic and operational levels. A proactive
approach towards risk management supports the
attainment of CMT Group’s business objective and
strategy, thereby creating and preserving value.
The manager of CMT (Manager) recognises that risk
management is just as much about opportunities
as it is about threats. To capitalise on opportunities,
the Manager has to take measured risks. Therefore,
risk management is not about pursuing risk
minimisation as a goal, but rather optimising the risk-
reward relationship within known and agreed risk
appetite levels. The Manager therefore takes risks in a
prudent manner for justifiable business reasons.
The Board of Directors of the Manager (Board) is
responsible for the governance of risk across CMT
Group. The responsibilities include determining CMT
Group’s risk appetite, overseeing the Manager’s
Enterprise Risk Management (ERM) Framework,
regularly reviewing CMT Group’s risk profile, material
risks and mitigation strategies, and ensuring the
ef fectiveness of risk management policies and
procedures. For these purposes, it is assisted by the
Audit Committee (AC) which provides oversight of risk
management.
The AC currently comprises three independent
members of the Board and meets on a quarterly basis.
The meetings are attended by the Chief Executive
Officer as well as other key management staff of
the Manager.
The Board has approved CMT Group’s risk appetite,
which determines the nature and extent of material
risks that the Manager is willing to take to achieve
CMT Group’s strategic and business objectives.
CMT Group’s Risk Appetite Statement (RAS) is
expressed via formal, high-level and overarching
statements. Having considered key stakeholders’
interests, CMT Group’s RAS sets out explicit, forward-
looking views of CMT Group’s desired risk profile
and is aligned to CMT Group’s strategy and business
plans. The Manager incorporates accompanying
risk limits which determine specific risk boundaries
established at an operational level.
Enterprise Risk Management Framework
UÊ VVi«Ì
UÊ Û`
UÊ Ì}>Ìi
UÊ/À>ÃviÀ
UÊ iÞÊ,ÃÊ `V>ÌÀÃ
UÊ+Õ>ÀÌiÀÞÊ «>ViÊÊ
Checklist
ERM Framework
Risk Strategy
Board Oversight & Senior Management Involvement
Risk-Aware Culture
UÊ,ÃÊ ««iÌÌi
UÊ,ÃÊEÊ ÌÀ
Self-Assessment
UÊ ÛiÃÌiÌÊ,ÃÊ Û>Õ>Ì
UÊ -Vi>ÀÊ >ÞÃÃ
UÊ7
ÃÌiLÜ}É
Business Malpractice
Risk Identification
& Assessment
Risk
Response
Risk Monitoring
& Reporting
Independent Review & Audit
Internal Control System
