Annual Report 2023

145 2023 Annual Report Transport International Holdings Limited The Group’s risk management structure is as follows: Risk rating is determined by Impact and Vulnerability. A dynamic risk rating matrix, using both quantitative and qualitative factors, is used to assess risk. A Key Risk Indicators Report (“KRI Report”) is submitted to the Audit and Risk Management Committee every six months. The Group’s major risks as identified by the Management are listed in the KRI Report, together with a comprehensive profile of such risks and the monitoring mechanism as established by the Management. TIH Risk Management Framework Internal Audit Internal Audit Board of Directors Evaluates and provides direction to the Group on the nature and extent of the risks that shall be taken in achieving its strategic objectives (i.e. setting the Risk Appetite). Ensures review of the effectiveness of the risk management and internal control systems. Audit and Risk Management Committee Ensures that the Risk Management Taskforce (“RMTF”) and Business Lines have fulfilled their duties in establishing and maintaining an effective risk management programme. Reviews the KRI Reports semi-annually. Risk Management Taskforce (“RMTF”) Comprises the Operations Director, Administration Director, Finance Director, Safety Director and Legal Director. The RMTF is chaired by the Operations Director. Maintains an oversight of the Group’s risk management system, framework and programme. Proposes to the Board for approval at least annually enhancements as needed, including those to fulfil the statutory requirements of regulators or governance bodies. Reviews and/or approves the Risk Inventory in the risk management programme and monitors the KRI Reports. Ensures the Business Lines of the Group commit sufficient resources to carrying out the risk management exercise. Individual Department Head/Director (Collectively Referred to as “Business Lines”) Develops policies and controls to effectively embed the Group’s risk management directions into day-to-day operations. Promotes the risk management culture to those working under the Business Lines so that they comply with the risk management policies and procedures when conducting day-to-day operations. Identifies the risks associated with business activities (including new business) within his/ her own Business Lines, and implements appropriate action plans to manage the identified risks and opportunities.