70 CSE GLOBAL LIMITED C. TECHNOLOGY RISK INFORMATION TECHNOLOGY & CYBER SECURITY The Group has in place an Information Technology (IT) security framework to address evolving IT security threats. We recognize the criticality of global cyber threats and have established technology and cyber governance structures and frameworks to address both general technology and cyber security controls, covering key areas such as business disruption, theft/loss of confidential data and data integrity. Our IT security, governance and controls have been strengthened through the alignment of IT policies, processes and systems, and the consolidation of servers and storages. Extensive training has been conducted on user security education to heighten awareness of IT threats. Measures and considerations have also been taken to safeguard against loss of information, data security, and prolonged service disruption of critical IT systems. We ensure compliance with our internal information technology and security policies and procedures. D. COMPLIANCE RISK We have a defined framework and continue to work towards strengthening our policies and processes surrounding regulatory compliance, to foster a compliance-centric culture. The framework deals with the structure, people, policies and activities required for management to identify, assess, mitigate and monitor key compliance risks. (I) LAWS, REGULATIONS & COMPLIANCE Given the geographical diversity of our businesses, we closely monitor developments in laws and regulations in countries where the Group operates, to ensure that our businesses and operations comply with all relevant laws and regulations. We regularly engage with local government authorities and agencies to keep abreast of changes in regulations. Recognising that non-compliance with laws and regulations has potential significant reputational and financial impact, particular emphasis is placed on regulatory compliance in all our operations. (II) CORPORATE GOVERNANCE - POLICIES AND PROCEDURES a) Employee Code of Conduct We have a strict Code of Conduct that applies to all employees, who are required to acknowledge and comply with the code. The Code of Conduct sets out principles to guide employees in carrying out their duties and responsibilities to the highest standards of personal and corporate integrity when dealing with the Company, customers and suppliers. It covers areas such as conduct in the workplace and business conduct, including anti-corruption and conflict of interests. These policies are reviewed regularly and updated to reflect changes where required. b) Whistle-Blowing Policy CSE has had a whistle-blowing policy and procedures, which provide employees with well-defined and accessible channels within the Group through which they may, in confidence, raise concerns about possible improprieties in matters of business activities, financial reporting or other matters to the Audit Committee. This arrangement facilitates independent investigation of such matters for appropriate resolution. c) Training & Communications Training is a key component within CSE’s regulatory compliance framework and we continue to focus on refining our compliance training programme and curriculum for new and existing employees. Training programmes are tailored to the audience and we leverage Group-wide forums to reiterate the key messages. Our employees are also required to complete mandatory annual assessment covering key policies, as well as to acknowledge that they have read and understood our policies and declare any potential conflicts of interest. RISK GOVERNANCE AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NTM2MDQ5