2020 Integrated Annual Report
165
The Board of Directors is committed and responsible for the implementation effectiveness and maintenance of risk management.
To help carry out its functions, the Board
of Directors established a Risk and Business Continuity Committee (“RBCC”) which is responsible to ensure the Company adopts sound and effective policies, procedures and practices for all its Risk and Compliance functions.
RBCC roles and responsibility can be found on page 145
The Board of Commisioners oversee the design, implementation, and monitoring of the risk management. BoC setup a Board of Risk and Compliance Committee (“BRCC”) to supervise the implementation of the risk management process to evaluate the effectiveness of risk and compliance management in the Company.
BRCC roles and responsibility can be found on page 123
Risk Management Implementation
Risk management approach is focused on identifying, managing, and monitoring risk in proactive, pragmatic, and consistent manners through the implementation of an integrated risk management framework and program throughout the Company.
The risk management process is facilitated by Risk and Compliance Division (RC). RC is responsible for the development of risk management framework and methodologies, as well as facilitates the implementation of risk management system.
In conducting risk management activities, Company has applied Risk and Control Self- Assessment (“RCSA”) technique where the risk owners (business owners) self-identify the risk that may have impact on their business objective and provide a mitigation plan to prevent or control the risk.
RC is facilitating the process of RCSA through
a meeting and discussion with Management to provide input and feedback on identified risks, as well as monitor the status of managing risk and report the result of mitigation plan implementation.
The Company also establishes a Business Continuity Management (“BCM”) coordinated by RC to maintain the long-term business continuity of the Company which focuses on the safety of its employees and their families, the continuity of service for the customers, as well as to minimize the Company’s losses. BCM also includes Business Impact Analysis (“BIA”), Disaster Recovery Plan (“DRP”), and Business Continuity Plan (“BCP”).
Aside from business risks, regulatory compliance risks are also subject to Management’s attention by ensuring that all Company’s operations are
in compliance with applicable regulations. RC coordinates this activity by conducting tests to the relevant units on the implementation of applicable regulations that may have impact on the Company.
XL Axiata has developed the Risk Rating Matrix based on Axiata Risk Assessment Guideline,
to evaluate the significance/ scale of the risk and effectiveness of existing control, if any.
The risk rating matrix provides a foundation in the assessment of identified risks so that the management at all levels has the ability to ensure that the risk management actions and resources are appropriately directed across business and functions.
XL Axiata has also determined the level of risk appetite and risk tolerance for the Company based on this Risk Rating Matrix. The risk appetite and risk tolerance is monitored by the management and formally reviewed as part of the Company’s strategy and planning process. This also considers whether the risk appetite remains appropriate in delivering organizational goals from both internal and external as well as constraints. Any risk that exceeds the appetite level must have a response plan. It is communicated to the respective Director/ Chief and reported in the RBCC meeting for the agreement of mitigation plan.
TRANSFORM FASTER TO EMERGE STRONGER – GIVING BACK TO THE NATION PT. XL AXIATA TBK