We are committed to identifying and managing the risks that inevitably arise during the normal course of business in order to minimise any potential negative impacts on the achievement of the Company’s strategic business objectives, reputation, and business continuity and sustainability. Matahari’s integrated, company-wide approach to risk management is led by the Risk Management Committee, the Audit Committee, the Internal Audit and the Company’s External Auditors, which work together to identify, evaluate and mitigate risks by reviewing risk parameters in various areas, particularly critical systems, areas affecting costing and/or profitability, fraud, and abuse of authority.
Enterprise Risk Management Framework
Matahari’s Enterprise Risk Management (ERM) framework describes the Company’s risk management objectives, strategy, governance, organization, methodology, monitoring and reporting processes. This enables us to identify and address risks proactively in strategic areas in every part of the organization. While the Board of Directors, the Board of Management and the relevant committees and management functions have overall accountability for risk management, with the ERM we seek to drive ownership of risks at every level of the organization by engaging all employees, business partners and other stakeholders in identifying, monitoring and managing risks. The ERM framework covers:
1. Risk identification, measurement, monitoring and control, including awareness;
2. Risk management infrastructure, including organizational structure, governance systems, data collection, analysis methods, policies and procedures and reporting; and
3. Corporate culture, including training, performance measurement, value development and rewards.
The Company has developed a road map for implementing risk management processes across the organisation via several functions in Loss Prevention, Security and Safety, to protect corporate assets.
At the same time, the Risk Control Awareness and Assessment Program was implemented continuously to ensure that all stakeholders (including business partners) understand and support the Company-wide risk management approach. From this we have developed a risk treatment, risk tolerance and risk control matrix. Regular Internal Control Newsletters/Bulletins and Compliance updates, which contain information on key risks, best practices in risk mitigation and new regulations, were distributed to all business process owners several times a year. As part of our overall approach to risk management, we maintain a zero tolerance policy towards integrity issues.
Key Risks and Mitigation
Data on the principal risks and controls in each business process are generated by the Managing Risk Project. We use these data to assess the likelihood, severity or impact of specific risks with regard to the Company’s financial situation, operations, employees, image and reputation, and regulatory matters.
The Company’s stores are also exposed to security risks. To mitigate these risks, we have installed an advanced Electronic Article Surveillance system, which includes Closed Circuit Television (CCTV), Pedestals and other store security systems. This allows for more effective control over operations by enabling enhanced monitoring in selected stores with a high risk profile.