69 Annual Report 2024 RISK GOVERNANCE AND INTERNAL CONTROL BUSINESS CONTINUITY We are committed to enhancing operational resilience through a robust Business Continuity Plan (BCP) that will equip us to respond effectively to disruptions, while continuing with critical business functions and minimising the impact on our people, operations and assets. As a Group, we have increased efforts in reviewing and testing our operational preparedness and effectiveness of these plans. Follow up actions are taken to strengthen operational resilience and key learning points are documented. Crisis management and communication procedures have also been embedded into the Group’s BCP processes. These procedures are constantly refined to allow us to respond in an orderly and coordinated way, as well as to expedite recovery. Our focus is on building capabilities to respond to crises effectively while safeguarding our people, assets and the interests of our stakeholders. C. TECHNOLOGY RISK INFORMATION TECHNOLOGY & CYBER SECURITY The Group has in place an Information Technology (IT) security framework to address evolving IT security threats. We recognize the criticality of global cyber threats and have established technology and cyber governance structures and frameworks to address both general technology and cyber security controls, covering key areas such as business disruption, theft/loss of confidential data and data integrity. Our IT security, governance and controls have been strengthened through the alignment of IT policies, processes and systems, and the consolidation of servers and storages. Extensive training has been conducted on user security education to heighten awareness of IT threats. Measures and considerations have also been taken to safeguard against loss of information, data security, and prolonged service disruption of critical IT systems. We ensure compliance with our internal information technology and security policies and procedures. D. COMPLIANCE RISK We have a defined framework and continue to work towards strengthening our policies and processes surrounding regulatory compliance, to foster a compliance-centric culture. The framework deals with the structure, people, policies and activities required for management to identify, assess, mitigate and monitor key compliance risks. I. LAWS, REGULATIONS & COMPLIANCE Given the geographical diversity of our businesses, we closely monitor developments in laws and regulations in countries where the Group operates, to ensure that our businesses and operations comply with all relevant laws and regulations. We regularly engage with local government authorities and agencies to keep abreast of changes in regulations. Recognising that non-compliance with laws and regulations has potential significant reputational and financial impact, particular emphasis is placed on regulatory compliance in all our operations. II. CORPORATE GOVERNANCE - POLICIES AND PROCEDURES a) Employee Code of Conduct We have a strict Code of Conduct that applies to all employees, who are required to acknowledge and comply with the code. The Code of Conduct sets out principles to guide employees in carrying out their duties and responsibilities to the highest standards of personal and corporate integrity when dealing with the Company, customers and suppliers. It covers areas such as conduct in the workplace and business conduct, including anti-corruption and conflict of interests. These policies are reviewed regularly and updated to reflect changes where required. b) Whistle-Blowing Policy CSE has had a whistle-blowing policy and procedures, which provide employees with well-defined and accessible channels within the Group through which they may, in confidence, raise concerns about possible improprieties in matters of business activities, financial reporting or other matters to the Audit Committee. This arrangement facilitates independent investigation of such matters for appropriate resolution.
RkJQdWJsaXNoZXIy NTM2MDQ5