90 STRATEGICALLY ADVANCING Business continuity measures include annual testing of Disaster Recovery systems, regular review and updating of the Business Continuity Plan, staff emergency response training, and comprehensive risk analysis for all business functions. The Manager also maintains appropriate insurance coverage and has developed specific response plans for various scenarios including pandemic situations. (B) Risk Management Application Other risk management tools are used to manage risks besides the RAS and the Key Risks & Control Matrix. Compliance Matrix The Manager maintains a register known as the Compliance Matrix to record major rules and regulations relevant to both ESR-REIT and the Manager. The register is reviewed yearly or whenever the business environment changes substantially or whenever there are new or changes to relevant rules and regulations. Policies and Procedures Policies and procedures have been established to reduce operational risks by providing uniform practices that serve as a basis for guidance in day-to-day operations and to facilitate the understanding and correct implementation of different work processes. All policies and procedures must be reviewed and updated where relevant at least once a year to ensure they are kept up-to-date. Any revisions, amendments and supplements to the various policies must be approved by the Board, the ARCC or the CEO, as appropriate. Education and Training To increase the level of awareness and knowledge of various risks, controls, requirements and processes within ESR-REIT and the Managers, all new employees are required to undergo induction training by the various departments. On-the-job training is provided to equip the employees with the knowledge and skills to carry out their work. Internal bite-sized compliance training is also conducted for the purpose of information sharing, especially on changes relating to internal policies. As part of the ESR Group’s compliance training program, employees are required to complete mandatory compliance online training which covers topics that are relevant to the corporate compliance policies and other governance related matters. Employees are also encouraged to source for external training to deepen their field of expertise and/or acquire new skills and knowledge as part of their personal development plans. Skills and knowledge acquired via such training can be applied to their work to improve work processes or control requirements thus effectively reducing operational risks for the Managers. In addition, a Board Sustainability Committee has been established to assist the Board in overseeing ESR-REIT’s wider sustainability strategy, policies and initiatives. The responsibilities of the Board Sustainability Committee include, amongst others, ensuring that the Manager continuously identifies, assesses and monitors material ESG risks and obtains sufficient resources, including manpower, to develop tools and metrics to monitor ESRREIT’s exposure to ESG risks. The Board Sustainability Committee also ensures that the sustainability governance, management and disclosures of ESR-REIT (including the sustainability report of ESR-REIT) are in line with the rules, requirements and guidelines set out by the relevant regulatory requirements and global best practices. For more information, please refer to ESRREIT’s 2024 Sustainability Report on pages 121 to 190. (vi) People Risk The inability to retain staff, attract talent and inadequate succession planning, talent management and insufficient measures to upskill employees may lead to sudden loss of key management personnel and identified talents, which can cause disruptions to the Managers’ business operations. Talent management including succession planning have been put in place for key management personnel and staff remuneration is reviewed periodically to ensure it remains competitive to retain and attract talent. The Manager also carries out periodic employee engagement survey to gather feedback on the general sentiments among the employees. (vii) Technology Risk Inadequate management of IT infrastructure and business continuity planning can result in operational disruptions, data breaches, and compromised business processes, potentially leading to financial losses and reputational damage. The Manager has implemented a comprehensive IT Information Risk Management Framework that is reviewed annually to ensure robust cybersecurity protection and business continuity. This includes a multi-layered security approach with 24/7 Security Operation Centre monitoring, Endpoint Detection and Response (EDR) solutions, and advanced email protection systems including Advanced Threat Protection to combat phishing attempts. Data protection measures include daily full backups (both internal and cloud-based), encryption of sensitive information, and Data Loss Prevention (DLP) software deployment. Access controls are strictly enforced through Two-Factor Authentication, conditional access policies for company resources, and regular reviews of user permissions.
RkJQdWJsaXNoZXIy NTM2MDQ5