ESR-REIT Annual Report 2024 91 The outsourced internal auditor also conducts independent review of the risk management and internal control systems implemented by the Manager so as to provide independent assurance to the ARCC and the Board on the adequacy and effectiveness of the risk management and internal control systems. Together, these monitoring tools provide greater assurance that ESR-REIT’s and the Managers’ identified risks are adequately managed. (D) Risk Reporting Reports are provided to the ARCC, the Board and/or regulators on a regular basis to provide updates on the Managers’ risk and compliance management activities. Whistleblowing The Manager has put in place a Policy on Whistleblowing to provide an avenue to all employees and external parties to raise any concerns about possible improprieties in matters of financial reporting or other matters to the ARCC Chairman, without fear of reprisals. Valid reports made in good faith are investigated independently with appropriate follow-up actions. (C) Risk Monitoring The Board and ARCC are kept abreast of ESR-REIT and the Managers’ key risk exposures as well as the risk management activities and results via the following quarterly reports by the Management: 1. Quarterly monitoring of the Manager’s RAS 2. Quarterly review of the Key Risk and Control Matrix 3. Quarterly monitoring of outstanding internal/external audit recommendations and regulatory inspection findings 4. Quarterly attestations from employees, appointed representatives, Heads of Departments and Directors in terms of compliance with relevant regulatory requirements 5. Quarterly reporting of actual and potential breaches and loss events In addition to the above risk monitoring methods, the Manager has formulated a Compliance Monitoring Framework using the Compliance Matrix as a base document. A risk assessment of all regulatory requirements impacting the ESR-REIT and Managers is performed on an annual basis. This will guide the approach taken for Compliance’s oversight function which includes a combination of routine monitoring and riskbased monitoring programmes (otherwise known as the Compliance Monitoring Program). A two-year Compliance Monitoring Program based on the results of the risk assessment is then tabled to both the ARCC as well as the Board for approval. Upon the approval of the program, the Compliance and Risk Management team will proceed to implement the program and the results of the reviews will be tabled to both ARCC and the Board on a quarterly basis for their review. In order to give the ARCC and the Board the assurance that the Manager’s risk management and internal control systems are adequate and effective, an annual internal control review based on the top risks identified in the Key Risk and Control Matrix is conducted by the Compliance and Risk Management team and the results are tabled to both the ARCC and the Board.
RkJQdWJsaXNoZXIy NTM2MDQ5