ACCOUNTABILITY AND AUDIT Risk Management and Internal Controls Principle 9 The ARC assists the Board in overseeing the risk governance of the Group to ensure that there is a sound system of risk management and internal controls to manage risks in a way that is aligned with the Group’s risk tolerance. The Company has put in place an Enterprise Risk Management (“ERM”) framework which was established to ensure adequate and effective management of risks and facilitate the Board’s assessment on the adequacy and effectiveness of the Group’s risk management system. The framework sets out governing policies, processes and systems pertaining to each of the key risk areas to which the Group are exposed. The framework also facilitates the assessment by the Board in the effectiveness of the Group in managing each of the key risks. The Board, through the ARC’s reviews, monitors the adequacy of the Company’s internal controls including financial, operational, compliance and information technology controls and risk management policies and systems established by Management. The internal auditor also conducts independent reviews of the adequacy and effectiveness of the Company’s material internal controls, including financial, operational and compliance controls, information technology and risk management, at least annually and reports these findings to the ARC. The ARC also reviews the effectiveness of the actions taken by Management on the recommendations made by the internal auditor in this respect. In addition, the external auditors have also performed a review of the internal financial systems and operating controls for the financial statements attestation purpose. Such reviews have also been reported to the ARC. Further details on the CSE Global Risk Management Framework can be found on pages 61 to 71 of this Annual Report. The Board has received assurance from the CEO and CFO that, as at 31 December 2025, the financial records have been properly maintained, and the financial statements give a true and fair view of the Group’s operations and finances. The Board has also received assurance from the CEO and key management personnel that the internal controls (including financial, operational, compliance and information technology controls) and risk management systems were adequate and effective as at 31 December 2025 to address the risks that the Group considers relevant and material to its operations. Based on the internal controls established and maintained by the Company, work performed by the internal and external auditors and reviews performed by Management, as well as the said assurances set out above, the Board, with the concurrence of the ARC, is of the view that the Company’s system of risk management and internal controls (including financial, operational, compliance and information technology controls) were adequate and effective as at 31 December 2025 to risks which the Company considers relevant and material to the Group’s operations. The system of risk management and internal controls provides reasonable, but not absolute, assurance that the Company will not be adversely affected by any event that could be reasonably foreseen as it strives to achieve its business objectives. However, the Board also notes that no system of risk management and internal controls could provide absolute assurance in this regard, or absolute assurance against the occurrence of material errors, poor judgment in decision making, human error, losses, fraud or other irregularities. The process of reviewing and strengthening the Company and Group’s control environment is an evolving process. When controls should be enhanced, the Board and Management take action to rectify and strengthen the internal controls and risk management systems. The Board and Management will continue to devote resources and expertise towards improving its internal policies and procedures to maintain a high level of governance and internal controls. REPORT ON CORPORATE GOVERNANCE ANNUAL REPORT 2025 53
RkJQdWJsaXNoZXIy NTM2MDQ5