64 CSE Global Limited RISK GOVERNANCE AND INTERNAL CONTROL Our ERM framework is constantly refined, ensuring relevance in a dynamic operating environment. The main references of this ERM Framework are: • ISO 31000 - This ERM Framework Manual is based on the ISO 31000:2018 Risk Management - Guidelines. ISO 31000 is a generic framework on Risk Management and is not specific to any sector or industry. Whilst CSE’s ERM Framework Manual has drawn guidance from ISO 31000, further customisation has been made to better suit CSE’s operating environment. • COSO Enterprise Risk Management Framework. The ERM framework within CSE is to embed and build on the 4 lines of defence (as illustrated in the diagram below), a prerequisite to ensure the overall ERM process and system of internal controls is robust across CSE. th LINES OF DEFENCE 1 Business Governance / Policy Management – This refers to CSE’s policies and procedures (e.g. Standard Operating Procedures) and operational staff that help to manage and monitor key risks and detect changes in the organisation’s risk profile. 2 Management and Assurance – This refers to CSE’s Risk Management function and other functions, involved in ensuring compliance, which enforce and coordinates risk and control activities in CSE. 3 Independent Assurance – This refers to independent sources of assurance on CSE’s internal controls, risk mitigating measures or financial statements. 4 Board Oversight – This refers to CSE’s Board and/or Audit & Risk Committee (ARC) and their oversight over CSE’s key risks, controls and measures to manage risks within the organisation. Process 3rd line of defence: Independence assurance 2nd line of defence: Management and assurance 1st line of defence: Business governance/policy management Risk management Operational governance Internal/External audit Systems People Compliance Financial governance Policy management RISKS RISKS 4 line of defence: Highest level oversight
RkJQdWJsaXNoZXIy NTM2MDQ5