CORPORATE GOVERNANCE POLICIES, PRINCIPLES & GUIDELINES
Disclosure & Transparency Policy
- MAPCO’s corporate governance framework ensures that timely and accurate disclosure is made on all material matters regarding the corporation, including the financial situation, performance, ownership, and governance of MAPCO.
- Disclosure must include, but not limited to, information on audited financial results and operation results of MAPCO. MAPCO will also disclose, from time to time, procedures and practices relating to business ethics, environmental and social issues, human rights and other public policy related matters.
- MAPCO will disclose major share ownership, related party transaction, foreseeable risk factors and remuneration of members of Board and key executives.
Risk Management Policy
1. Statement of Policy
A “risk” is defined as anything that threatens to prevent MAPCO from achieving its business objectives. It is the policy of MAPCO to ensure that the risks are identified, analyzed and managed systematically and appropriately. In order to implement its policy, MAPCO aims to conduct effective risk management by operating the processes described below.
2. Approach to Risk Management
The Board considers it essential that the various categories of risk are clearly identified and that appropriate senior management accountability is designated, which together with adequate risk management processes, ensures that the need to be conscious of and identify risk is part of the embedded management processes in MAPCO.
Included in the key categories of risk are:-
- Business development (Strategies/practices, joint ventures, acquisition and disposals)
- Financial management, cash flow and debt management
- Operational performance
- Statutory responsibilities
- Health and Safety
The Board considers it essential that all levels of management and employees have knowledge of and are made aware of the types of risks involved in both planning activities and day to day performance aspects of the business. Apart from senior management accountability, every employee is responsible for managing risks in his or her work supported as necessary by expert advice and assistance, both internal and external. It is the Board’s aim to engender a culture in which risks are communicated to appropriate levels in MAPCO and information on risk is shared through effective communication. This enables appropriate action to be identified and taken.
3. Risk Management Process
Risk management within MAPCO is aimed to be comprehensive, systematic and continually improved and based on constant monitoring of business risks.
Risk analysis identifies the risks to which MAPCO is exposed, the basic causes of each risk, the impact of its potential realization and assesses how that risk should be managed. This includes analysis of MAPCO’s operating environment, business processes and information used in decision making. Any negative consequences of taking a risk are compared with the benefit derived from it and decisions are made accordingly.
Following risk analysis, MAPCO shall determine whether the risk is acceptable. If it is decided that the risk is to be taken, then an assessment shall be made as to how the risk is to be managed, which may be by one or more of the following methods:
• Acceptance of the risk (i.e. do nothing)
• Transfer of the risk to a third party (e.g. insurance or outsourcing)
• Reduction of the risk (its impact or likelihood) through internal controls.
If a control system is adopted it should be assessed regularly and if necessary, improved.
Details of the main risks that have been identified and the control systems applicable to them should be recorded in a risk register. This is continuously monitored and updated. The function of the risk register is to:
• Identify and prioritize the significant risks faced by MAPCO
• Identify owners for each risk
• Set out methods by which each risk is managed
• Set out any action plan required to improve control mechanisms.
4. Responsibility for Risk Management
The Board is responsible for identifying and managing the risks arising from the strategic objectives and policies which it sets. In addition the Board has overall responsibility for risk management. The Board shall, on a quarterly basis, monitor and, where necessary, act upon the aggregation of risks across MAPCO and the efficacy of the risk management process, including the actions to be taken. In addition, the Board shall undertake a formal annual review.
Except in relation to the risks for which the Board has retained direct responsibility, the Board has delegated the responsibility for implementing the process of risk management to operational managing director. The responsibility is allocated in each and every concerned committee and department as well as business units. Operational managing director is responsible for ensuring that:
• The process of risk management is operated within the approval risk management policy framework and that it is implemented satisfactorily.
• Key risks are identified and assessed, that management responsibility is properly allocated and that monitoring is carried out to ensure that risks remain adequately identified, analyzed and controlled.
Each business unit executive director or other identified risk owner shall be responsible for:
• Regularly reviewing the risk register and ensuring that the risk management processes and control systems in their area are appropriate.
• Developing an open and transparent culture for the identification and management of risk and encouraging employees to instill risk awareness in their behavior.
• Demonstrating that risk issues and any new risks are considered, via an explicit item on the Leadership Teams’ agenda.
• Ensuring ownership of risks is properly allocated to permit clear responsibility for controls and action plans.
• Ensuring that support and assistance is provided to all employees in fulfilling their individual risk management duties.
• Ensuring that appropriate employees are aware of the key risk issues facing MAPCO.
• Providing quarterly reports on risk management activities to Board which should aim to assess the risks in the area covered and identify steps to mitigate such risks.
Each employee shall, in the context of their business unit objectives, be responsible for:
• Indentifying risks surrounding their work.
• Implementing and operation controls over those risks through application of MAPCO policy and processes.
• Highlighting any areas for concern (e.g. new risks, internal control weaknesses or breakdown) through normal management controls.
An internal management committee will be responsible for monitoring and overseeing the operation of the risk management process. It will report to the Audit Committee, Managing Director, the Board of Directors, at least on a bi-annual basis. In carrying out its monitoring function, the risk management committee aims to review the quarterly reports it receives from business units, to consider and, where necessary, make recommendations or changes to improve the effectiveness of
MAPCO’s internal controls.
Undertake an annual assessment, the results of which will be reported to the Audit Committee, to enable the Board to make its annual statement on internal control. In this context, the risk management committee aims to consider, in particular, any changes in the risk profile of MAPCO, the scope and quality of the ongoing management of risk and internal control and the extent and effectiveness of the regular reporting and monitoring process.
5. The Audit Committee
It is the responsibility of the Audit Committee to review the systems which are in place and to provide assurance to the Board that the process of risk management is operating effectively.