The FMI Group instils and promotes a risk management culture to allow prudent risk-based decision-making by embedding core values, principles, compliance and dynamic internal control systems in its day-to-day operations. Ongoing communication, education, monitoring and mitigation are an integral part of the FMI Group’s dynamic risk management culture and is adopted across all its businesses.
Investment assessments and due diligence exercises are carried out on prospective business opportunities to ensure that potential financial, operational and strategic risks are identified and mitigated prior to commitment. In addition, Fraud Risk Assessment is conducted across the group as part of the Annual Internal Audit Programme to ensure consistency with anti-corruption commitment. Half yearly and annual enterprise risk assessments are carried out to validate the existence and effectiveness of the controls in place, review the changes in risk profile, and update the existing controls if required.
Risk Management Framework provides a sound system of risk management and internal control, and is underpinned by a strong foundation of the FMI Group’s strong corporate governance culture, supported by five pillars of management control system being: Policies Procedures Internal External Audits Due Diligence Reviews Compliance Monitoring Reporting and Enterprise Risk Assessments, all of which are overseen by the Audit Committee and the Board.
Risk-based internal audit is one of the main functions carried out by Group Risk Management to help the businesses to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes through:
- Identification of potential risks inherent within the FMI Group and external risks which the FMI Group faces in the pursuit of its corporate objectives
- Assessing and rating all the identified risks in a meaningful way in order for the FMI Group to determine the extent of risks that it faces
- Treating all identified risks, as far as possible, through established controls or pending control plans
- Monitoring and updating any changes to the severity of the identified risks and any new risks that have emerged and
- Reporting key risks and the established controls (or pending controls plans) to the Audit Committee and the Board regularly.