Bursa Malaysia • Annual Report 2013
67
c.
The second line of defence is provided by the RMC, assisted by
the Corporate Risk Management (CRM) team, which is collectively
responsible for overseeing the risk management activities of the Group
and ensuring compliance with, as well as effective implementation of
risk policies and objectives. In discharging its oversight function, the
RMC through its scheduled meetings in 2013 apprised and deliberated
upon the efforts taken by Management to address and mitigate the
key corporate risks faced by Bursa Malaysia. The RMC also reviewed
the progress and status of ERM activities, provided feedback on
revisions to the risk parameters as well as raised issues of concern for
Management’s attention.
d. The third line of defence is the AC, assisted by GIA. It provides
independent assurance of the adequacy and reliability of the risk
management processes and system of internal control, as well as
compliance with risk-related regulatory requirements.
e.
Within the framework, we have an established and structured process
for the identification, assessment, communication, monitoring as
well as continual review of risks and effectiveness of risk mitigation
strategies and controls at the divisional and corporate levels. An
automated system has also been implemented to standardise and
facilitate the risk documentation and reporting process in regard to
divisional risks.
f.
Under our framework, our level of risk tolerance is expressed through
the use of a risk impact and likelihood matrix with an established risk
tolerance boundary demarcating those risks that are deemed to have
“exceeded risk tolerance” and those which have not. We have clear
risk treatment guidance on the actions to be taken for the relevant
risks.
g. To ensure that our ERM framework remains sound and effective, in
2013 we implemented the following: a new set of quantitative and
qualitative parameters for measuring different impact dimensions;
additional quantitative parameters with probability for assessing
likelihood; a revised heat map to align with the risk tolerance; and
revised risk treatment guidance.
h. Our significant risks for 2013, and the management of these risks are
outlined below:
Business interruption risk
i.
A comprehensive Business Continuity Plan (BCP), including a
Disaster Recovery Plan which is tested annually, is in place to
ensure continuity of our business and technology operations.
In 2013, Bursa Malaysia did not face any major business
interruption.
Statement on Internal Control and Risk Management
ii.
In conjunction with the new Bursa Trade Securities (BTS2)
systems roll out in December 2013, Bursa Malaysia conducted
many tests/exercises internally as well as with industry
participants. There were five BCP tests conducted in the month
of September and October 2013 with industry participants,
including the activation of alternate site and backup systems.
This is to provide assurance that in the unlikely event that Bursa
Malaysia encounters major business interruption, our alternate
site and backup systems can be successfully activated to resume
our critical business operations.
iii. For the derivatives market which operates on the Globex
platform, in addition to two successful BCP tests with some
market participants on 11 May 2013 and 15 June 2013, the team
successfully conducted an industrywide BCP test with market
participants and CME Group Inc. (CME) on 13 July 2013. This
exercise involved simulating the recovery and resumption of the
derivatives critical functions/systems following the failure of the
derivatives systems during trading hours.
Talent management risk
i.
In 2013, we undertook several initiatives to ensure accelerated
growth in behavioural, technical and functional competencies
with an emphasis on increasing our employee value proposition
and motivating our employees. These initiatives included:
• The implementation of the revised Job Grading Structure &
Rewards Structure to ensure internal and external equity as
well as ensure that our human resource practices are fair as
we strive to be on par with the financial institutions market.
The revised structure also serves as a foundation to ensure
more effective implementation of strategic human resource
initiatives;
• The introduction of new Behavioural Competencies (which
have been mapped to human resource practices) have
provided a more uniform view while serving as a basis for
defining leadership and/or managerial capabilities. The
Behavioural Competencies are critical in order to ensure
effective development of our leadership pipeline;
• The enhancement of technical competencies for Middle
Management to increase the capacity and productivity
of the talent within the organisation. Specific “technical
skills” and knowledge are charted to depict the required
competencies necessary to perform specific functions;
• Leadership programmes focused on harnessing leadership
capability as well as grooming future leaders;
Governance
