APPENDIX A: COVER PAGE

KOLEJ UNIVERSITI TUNKU ABDUL RAHMAN

FACULTY OF ACCOUNTANCY, FINANCE AND BUSINESS
ACADEMIC YEAR 2022/2023

MBBD5044 RISK MANAGEMENT

Coursework 2: Group Assignment

TUTOR : Mr. Wallance Tan Chun Eng, ACIS (CS) (CGP)

PROGRAMME : Master of Corporate Governance (MCG)

No. Group Members Name Student ID No.

1 Ang Kei Hoong 22WRM08869
2 Chew Mi Tze Celestine 22WRM09594
3 Heng Leng Wuu 22WRM03962
4 Pua Chen Yen 22WRM09080
5 Soh Yee Leng 22WRM09311
6 Toong Wei Yen 22WRM09053

SUBMISSION DATE : 16th December 2022

APPENDIX B: PLAGIARISM STATEMENT

KOLEJ UNIVERSITI TUNKU ABDUL RAHMAN

FACULTY OF ACCOUNTANCY, FINANCE AND BUSINESS
MBBD5044 RISK MANAGEMENT
Coursework 2: Group Assignment

Plagiarism Statement

We confirm that the submitted works are all our own work and are in our own
words.

Name (Block Capitals) Regn. No. Signature

1. Ang Kei Hoong 22WRM08869 ANG

2. Chew Mi Tze Celestine 22WRM09594 Chew

3. Heng Leng Wuu 22WRM03962 Heng

4. Pua Chen Yen 22WRM09080 Yen

5. Toong Wei Yen 22WRM09053 Toong

6. Soh Yee Leng 22WRM09311 Leng

PROGRAMME: MCG DATE: 15 / 12 / 2022

APPENDIX C: PEER EVALUATION FORM

1st MEMBER’S CONTRIBUTION TO THIS ASSIGNMENT

My contribution to this assignment is in the following area / part:

Part C

Total number of group meetings held for this assignment: 3

Number of group meetings I attended and participated: 3

Name: Ang Kei Hoong Signature: Ang

Group members’ evaluation to this member’s contribution:

We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:

Confirmed by the remaining members of the group:

Name Signature
Chew Mi Tze Celestine Chew

Heng Leng Wuu Heng

Pua Chen Yen Yen

Soh Yee Leng Leng

Toong Wei Yen Toong

*Please read all instructions above.

 2nd MEMBER’S CONTRIBUTION TO THIS ASSIGNMENT

My contribution to this assignment is in the following area / part:

part e

Total number of group meetings held for this assignment: 3

Number of group meetings I attended and participated: 3

Name: Chew Mi Tze Celestine Signature: Chew

Group members’ evaluation to this member’s contribution:

We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:

Confirmed by the remaining members of the group:

Name Signature
Ang Kei Hoong Ang

Heng Leng Wuu Heng

Pua Chen Yen Yen

Soh Yee Leng Leng

Toong Wei Yen Toong

*Please read all instructions above.

 3rd MEMBER’S CONTRIBUTION TO THIS ASSIGNMENT

My contribution to this assignment is in the following area / part:

Part e

Total number of group meetings held for this assignment: 3

Number of group meetings I attended and participated: 3

Name:Heng Leng Wuu Signature: HENG

Group members’ evaluation to this member’s contribution:

We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:

Confirmed by the remaining members of the group:

Name Signature
Ang Kei Hoong Ang

Chew Mi Tze Celestine Chew

Pua Chen Yen Yen

Soh Yee Leng Leng

Toong Wei Yen Toong

*Please read all instructions above.

4th MEMBER’S CONTRIBUTION TO THIS ASSIGNMENT

My contribution to this assignment is in the following area / part:

I have done the 4.0 Risk Management Framework and include all the relevant reference and

appendices that I used.

Total number of group meetings held for this assignment: 3

Number of group meetings I attended and participated: 3

Name: Pua Chen Yen Signature: Yen

Group members’ evaluation to this member’s contribution:

We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees,
please give your reason or reasons below:

Confirmed by the remaining members of the group:

Name Signature
Ang Kei Hoong Ang

Heng Leng Wuu Heng

Chew
Chew Mi Tze Celestine
Soh Yee Leng Leng

Toong Wei Yen Toong

*Please read all instructions above.

 5th MEMBER’S CONTRIBUTION TO THIS ASSIGNMENT

My contribution to this assignment is in the following area / part:

Part a, b and f.

Total number of group meetings held for this assignment: 3

Number of group meetings I attended and participated: 3

Name:Toong Wei Yen Signature: Toong

Group members’ evaluation to this member’s contribution:

We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:

Confirmed by the remaining members of the group:

Name Signature
Ang Kei Hoong Ang

Heng Leng Wuu Heng

Pua Chen Yen Yen

Soh Yee Leng Leng

Chew Mi Tze Celestine Chew

*Please read all instructions above.

 6th MEMBER’S CONTRIBUTION TO THIS ASSIGNMENT

My contribution to this assignment is in the following area / part:

Part C

Total number of group meetings held for this assignment: 3

Number of group meetings I attended and participated: 3

Name: Soh Yee Leng Signature: Leng

Group members’ evaluation to this member’s contribution:

We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:

Confirmed by the remaining members of the group:

Name Signature
Ang Kei Hoong Ang

Heng Leng Wuu Heng

Pua Chen Yen Yen

Chew Mi Tze Celestine Chew

Toong Wei Yen Toong

*Please read all instructions above.

APPENDIX D: ASSIGNMENT QUESTIONS
Total Marks: 50 marks; Overall Weightage: 50% [CLO2, Bloom's C6]
1) GROUP ASSIGNMENT (50%, 3500 – 4000 words)
Industrial Case Study Writing
The contemporary business world is constantly changing, unpredictable, full of various
prevailing and emerging risk exposures. Organisations are striving to perform their best to
manage risk exposures internally and externally to sustain their businesses. These endeavours
have highlighted the imperative for organisations to understand the internal risk concerns as
well as the dynamics and critical risk forces in their respective industries. In many
circumstances, industry factors can have a greater impact on the organisation’s fate than
internal issues.
A risk management consultant or chartered governance professional does have pivotal
roles and a critical value-adding contribution to the organisation by understanding and
possessing the competency to respond to industry forces. An in-depth research study to
identify, analyse, learn and transfer affirmative experiences across industries should be
conducted regularly. The research findings are able to provide a better understanding of their
own industry as well as to benchmark other industries’ good practices in numerous aspects.
Meanwhile, the findings can also build the organisation to become more agile in adapting to
changes and seizing lucrative opportunities.
As a group of risk management consultants, you are required to conduct thorough
research on the risk and compliance management frameworks, regulations, standards, and
practices/arrangements of TWO (2) industries. A comprehensive comparative study will also
be conducted. The research findings will be the foundation for your group to relate, synthesise,
and write out an industry case study.
Each group is to select only ONE (1) industry pairing from the following options for
their group assignment. The selection of the industry pairing is on a FIRST-COME-FIRST-
SERVE basis. You may seek advice from your lecturer regarding the industry pairing of your
choice. The course representative has to coordinate and ensure that the assignment groups in
the class are not clashing in their choices, before they start work.
Industry Pairing Options
1) Construction vs. Property
2) Consumer Products & Services vs. Financial Services
3) Telecommunications & Media vs. Technology
4) Energy vs. Utilities
REQUIRED:
Based upon your group’s selection, conduct secondary research on at least FIVE (5) public
listed companies listed on Bursa Malaysia for each industry. In other words, each group will
have to study at least TEN (10) companies (for instance, 5 construction companies vs. 5
property companies) on their risk and compliance management frameworks, standards and
practices/arrangements.
A compare and contrast study will be conducted simultaneously with your research review
process. The similarities and differences between the industries will be identified, analysed,
correlated, and synthesised for your case study writing. The additional review of those relevant
statutory acts/legal provisions and/or industrial guidelines (self-regulatory) which are
applicable to the industries will also be included in your writing.
Write an industry case study based on the above research findings, capturing (but not limited
to) the following contents:
a) Executive Summary (Half page length);
b) Brief Introduction of the Nature of Industry (the selected two industries);
c) Analysis on Industries’ Risk and Compliance Management Issues (Describe inclusively
on THREE (3) risk management and compliance related
issues/problems/weaknesses/failures found in these industries for the past 5 years and
also include the brief details of response implemented to eradicate these
issues/problems/weaknesses/failures);
d) Risk Management Framework (Based on the findings from earlier comparative study,
discuss the similarities and differences in the aspects of risk management
processes/procedures, types of risk faced, the nature of the risks, the risk assessment
mechanisms, risk appetite framework, risk controlling strategies and shareholder’s
expectations [if any] in these industries);
e) Risk Governance and Compliance Arrangements (Based on the comparative study’s
findings, discuss the similarities and differences in the aspects of types of statutory
acts/legal provisions and/or industrial standards/guidelines/regulations [self-
regulatory] which are relevant and applicable to these industries for their compliance;
and the functions [roles and responsibilities] of governance gatekeepers, such as Board
of Directors, Audit & Risk Committee, Risk Management Committee, Auditors or
Company in assuring the soundness of risk governance and compliance);
f) Summary of Risk and Compliance Management Best Practices (A concise summary of
best practices identified from this industry analysis in relation to risk and compliance
management which could serve as a future benchmark for organisations in these
industries).

Guidance Note
Students are encouraged to refer to some business and/or academic case studies online to learn
the academic writing techniques and skills as well as the case study’s structure, in which this
effort will definitely be helpful in developing this case study.
APPENDIX E: ASSESSMENT CRITERIA & MARK LIST
Assessment Criteria for Group Assignment
Assessment Excellent Good Average Poor Very Poor Marks
Criteria
(a) [25-30] [19-24] [13-18] [7-12] [0-6]
- Critically
analyse and Well focused, Logical, Logical, clear Attempt Little
evaluate convincing justified presentation made to meet evidence of
the argument which argument and with objectives. analysis or
question. demonstrates effective, competent May lack develop an
- Relevance precision of mature style; style; Wide balance or argument;
of the thought; Wide and in research; ability to Little
principles Extensive and depth of Developing develop an beyond

24
and concepts in depth of research; maturity in argument; supplied
that are research; Considerable handling Limited course
highlighted. Maturity in ability and concepts/prin research; materials;
- Depth of handling maturity in c iples; Limited Little or no
research and concepts/ handling Average ability to ability to
knowledge of principles; concepts/princi reliability handle handle
principles Great reliability p les; Good source of concepts/princ concepts/pr
and concepts source of data. reliability data. iples; Poor i nciples;
that are source of data. reliability Very poor
highlighted. source of data. reliability
- Reliable source of
source of data.
data.
(b) [9-10] [7-8] [5-6] [3-4] [0-2]
- Originality/
Creativity of Demonstrates Demonstrate Demonstrate Limited No
Presentation excellent s insight and s synthesis of evidence of originality
(in compliance insight and individual knowledge; thought or ; Very
with creativity; thought; Reasonably originality; little
plagiarism Well-structured Coherent, easy to Some attempt of
requirements) and easily soundly understand. attempt to how to
.
- Clear,
understood. structured. Adequately
structured.
structure. structure.
7
concise and
interesting
presentation
(includes of
grammar and
language
clarity).
(c) [9-10] [7-8] [5-6] [3-4] [0-2]
- Format/ Style
(includes High degree Skilled use of Adequate use Limited use of Very little
references) of skill in use references etc.; of references references; or no

7
of references Good quality etc.; Average Poor quality reference to
etc.; Excellent of formatting. quality of of formatting. the
quality of formatting. literature;
formatting. Very poor
quality of
formatting.
TOTAL 38 / 50
 APPENDIX F: OVERALL ASSESSMENT FEEDBACK
FACULTY OF ACCOUNTANCY, FINANCE AND BUSINESS
COURSEWORK FEEDBACK FORM FOR WRITTEN REPORT

COURSE CODE/ COURSE TITLE: MBBD5044 Risk Management

NAME OF STUDENT(s): ID No:
1) Ang Kei Hoong 22WRM08869
2) Chew Mi Tze Celestine 22WRM09594
3) Heng Leng Wuu 22WRM03962
4) Pua Chen Yen 22WRM09080
5) Soh Yee Leng 22WRM09311
6)Toong Wei Yen 22WRM09053
PROGRAMME: MCG
YEAR OF STUDY: 1 ACADEMIC YEAR: 2022/2023
SEMESTER: 2
COURSEWORK NO: 2 NATURE OF Marks Allocated:
COURSEWORK: Group
Assignment 38 /50
= 76 /100

Overall feedback (e.g. strengths, weaknesses, areas for improvement etc):

The overall assignment was moderately written, pretty informative, numbers of

essential facts are inclusively discussed. However, there are formatting issues,
lack of proper citations, incorrect referencing style, unorganised flow of presentation,
and there is no Turnitin plagiarism percentage summary page included as per the
requirements.

Group Leader’s Date: Lecturer’s /Tutor’s Date:

Acknowledgement: Name & Signature:
Wallance Tan Chun Eng 15/12/2022
ACIS (CS) (CGP)
Note: This form must be submitted together with the assessment grid/grading
criteria used for the coursework.
Table of Contents
No. Particulars Page No.
1 1.0 Executive Summary 1
2 2.0 Introduction of the Nature of Industry 2
3 3.0 Analysis on Industries’ Risk and Compliance Management 3–5
Issues
4 4.0 Review of Industries’ Risk Management Framework

4.1 Risk Management Process 6

4.2 Type and nature of risk faced 6–8

4.3 What types of risk assessment/evaluation they used 8–9

4.4 The structure of their risk appetite statement 9 – 10

4.5 Risk controlling strategies 10 – 11

5 5.0 Risk Governance and Compliance Arrangements 12 – 16

6 6.0 Summary of Risk Compliance Management Best Practices 16 – 17
7 7.0 References 18 – 23
8 8.0 Appendices 24 – 36
1.0 Executive Summary

The selected industry topic in this report is “consumer products & services industry”
and “financial services industry”. Five food manufacturing companies that have been selected
for the “consumer products & services industry” are Nestle (Malaysia) Berhad, Capital A
Berhad, Sime Darby Berhad, Dutch Lady Milk Industries Berhad and Hup Seng Industries
Berhad. The five banking companies that have been selected for the “financial services
industry” are RHB Bank Berhad, CIMB Group Berhad, Allianz Malaysia Berhad, Hong Leong
Bank Berhad and AMMB Holdings Berhad (AmBank). Furthermore, several topics will be
discussed in this report, including a brief introduction to the nature of both industries, risk
management framework, risk governance and compliance arrangements, and a summary of
risk and compliance management best practices.

1
2.0 Introduction of the Nature of Industry

Consumer Products & Services Industry

The consumer products and services industry is defined as a sector that produces and
provides goods and services that are bought mainly for personal, family and household use.
Examples of products are food, groceries, hygiene products and more (Grabner-Kräuter &
Kolb, 2018). The most significant characteristic of the consumer products and services industry
is the wide range of consumer needs and preferences involved. In the sense that there is no one
marketing plan that can successfully satisfy all customer wants, the purchasers might be
thought as fragmented (Gribbins et al., 2001). Moreover, the consumer products and service
industry usually focuses on marketing by promoting their brand name and product features.
This industry is highly competitive as it usually sells common goods as its competitors.
Examples of this industry are food & beverage, beauty and cosmetics, fashion, hospitality and
more (Carnegie Mellon University, 2014).
In-text citations can be more updated.
Financial Services Industry

s
The financial service industry refers to a sector that provides financial and monetary
services to common family households and organisations. Its components include banking
services, deposits & loans, insurance, investment management and many more (Turkekole,
2015). The financial industry plays an important role in the world and is responsible for
economic growth and development by encouraging cash flow throughout every nation.
(Turkekole, 2015). The financial industry is a financial intermediary in society by valuing and
pricing financial assets, keeping an eye on borrowers, managing financial risks, setting up the
payment system, and covering the costs associated with events that people prefer to avoid.
(Segui-Mas et al., 2018). In short, the financial services sector serves as a link between lenders
and borrowers (Watson et al., 2003). Examples of financial services industry businesses include
banks, Insurance companies, real estate investment trust (REITs) and more.

In-text citations can be more updated.

2
3.0 Analysis of Industries’ Risk and Compliance Management Issues
Consumer Product and Service Industry Issues

The first and second issues discuss the Capital A Berhad (Capital A) and Nestle
(Malaysia) Bhd which include regulatory risk and product quality and safety risk
respectively under the consumer product and services industry.

According to Capital A 2021 Annual Report, there is a risk identified as regulatory

risk, which is defined as non-compliance or breach of local laws, regulations, industry
guidelines, or consumer authority requirements of multiple jurisdictions and could result in
revocation of license and/or operations (Capital A 2021). Based on reported news, the issues
regarding AirAsia’s Air Service Licence (ASL) is a big concern in Capital A. Mavcom1 really
needs to assuage public concerns about the conditional renewal of AirAsia’s ASL2 which could
affect Capital A's reputation and harm consumers' rights. It should be noted that AirAsia has a
history of violating safety procedures and other conventions. Despite this, this ASL issue is
just the latest in a long line of problems for AirAsia, most notably with passenger-related issues
such as cancelled flights, irresolvable refunds, online booking structures, flight delays, and
many others (HAMZAH 2022).

Hence, Capital A has put the effort into maintaining strong involvement with the
regulators of each authority to stay current on all regulatory standards by establishing the GRC
system. Capital A also monitors the regulatory environments of all markets they operate for
revised regulations affecting the Group. Capital A could comply with all relevant regulations
since it had a regulatory team (Capital A 2021). According to reported news, Capital A Berhad
has settled upwards of 90% of refund queries and is determined to resolve the remaining
claims. As evidence, their current refund progress is only 0.03% of the refund requests
received. They plan to complete the refund exercise for all exceptional queries in Malaysia
within the next few months (Daniele 2022).

1
Malaysian Aviation Commission

3
 The second issue happened in Nestle (Malaysia) Berhad. The world's largest food
corporation has admitted that more than 60% of its mainstream food and beverage products do
not meet a "recognised definition of health" and that "some of our categories and goods will
never qualify as 'healthy' no matter how much we renovate" (Agencies 2021). This is linked to
product quality and safety risk. This is defined as a major event caused by a serious food
safety, product quality, or another product-related non-compliance issue that negatively
impacted Nestlé's reputation and/or brands. This may result in consumer distrust, penalties,
and/or fines (Nestle 2021).

Hence, Nestlé Quality Policy established to address the risk to ensure quality and food
safety is guided (Policy Mandatory Nestlé Quality Policy 2017) by defining plan to develop
trust by providing products and services that meet consumer expectations and preferences,
comply with all internal and external food safety, regulatory, and quality requirements, achieve
a zero-defect, no-waste attitude by everyone and make quality a group-wide objective. Besides,
Nestlé also established the Quality Management System (QMS) which is the platform to
ensure food safety and quality standards compliance. Independent certification bodies audit
and verify Nestle internal QMS to ensure compliance with internal standards, ISO norms, laws,
and regulatory requirements. Nestle also used Good Manufacturing Practices (GMP) to
ensure quality and food safety. GMP encompasses all aspects of manufacturing, including
standard operating procedures, human resource management and training, equipment
maintenance, and material handling (Nestle 2019).

Financial Service Industry Issues

The problem arose when Allianz Malaysia Berhad (Ambank) was singled out for
liquidity risk in the financial services industry. Liquidity risk is defined in Allianz Annual
Return (2021) as the risk of incurring losses resulting from threat that short-term current or
will not
future payment obligations won't be able to be met or will only be met under different
circumstances, as well as the possibility that, in the event of company liquidity crisis,
refinancing will only be possible at higher interest rates or that assets may need to be liquidated
at a loss. Ambank's quarterly revenue decreased 11.06% from RM2.21 billion to Spacing issue

4
 RM1.97 billion. In the most recent quarter, the banking group did not announce a
dividend. For the entirety of the final year 2021, the settlement, impairment costs, and increased
loan provisions led to RM3.83bil net loss. Due to addition of insurance provisions, Core
PATMI (excluding special items and associated legal and professional expenses) was RM
961.6mil, a decrease of 28.3% from previous year (Lim 2021).

According to Allianz (2021), Ambank regularly assesses asset positions using an

investment strategy that focuses on investment quality and guarantees that the portfolio
contains an adequate amount of liquid assets. Ambank draws money to cover claims when an
incident surpasses a predetermined threshold set forth in the reinsurance contract and uses other
methods to ensure that its assets and liabilities are completely matched (Allianz 2021).
Ambank's priorities will improve cost-effectiveness, maintain a healthy liquidity cushion, and
strengthen its balance sheet. Ambank has several difficulties in the final year of 2021, but they
have been able to advance without difficulty and reach their full potential. They have
demonstrated tenacity and a will to put the past behind them so they may keep putting growth
first (Lim 2021).

5
4.0 Industries’ Risk Management Framework Review

4.1 Risk Management Process

Similarities

Both industries have similarities in adopting the Enterprise Risk Management (ERM)
process. ERM is designed and adapted as reasonably practicable from ISO 31000:2018 Risk
Management Guidelines; the framework aims at establishing a robust risk management process
across companies and ensuring that all business risks are prudently identified, analysed and
effectively managed. Therefore, the financial services and consumer and product industries
adopted this framework. For example, CIMB Bank and Allianz Bank use different terms to
describe ERM, such as enterprise-wide risk management (ERWM). Usually, ERM is linked
with Three-Line Defence; thus, both industries employed the Three Lines of Defence model in
implementing the ERM framework. In-text citation?

Differences

The difference between these two industries is the financial services industry has
practised the guidelines set out in the “Statement on Risk Management and Internal
Control: Guidelines for Directors of Listed Issuers” endorsed by Bursa Malaysia. Example,
RHB Bank (RHB Annual Report 2021). These guidelines are intended to assist directors of
listed issuers in making risk management and internal control disclosures in the company's
annual report following Listing Requirements paragraph 15.26(b) (Bursa Malaysia 2022).

As for Allianz Bank, they have in place a Risk Management Framework Manual
(“RMFM”) for all companies within the Group (Allianz Annual Report 2021). RMFM outlines
the risk management approach, structure, roles, responsibilities, accountabilities, reporting
requirements, and the Group’s risk identification, evaluation, and monitoring process, with the
intent to formalise the Group’s risk management functions, practises and raise employee
awareness of risk identification, measurement, control, ongoing monitoring, and reporting.
Besides, RMFM complies with relevant requirements of guidelines and policies issued by Bank
Negara Malaysia.

6
4.2 Type and Nature of Risk Faced

Similarities

Both industries have similarities in market risk, cybersecurity risk, and compliance risk.
Both industries have a high probability and impact on Market risk. Capital A, for example, is
losing market share because some of its markets have yet to open borders to international travel
(Capital A Annual Report 2021). Besides, despite being vulnerable to global macroeconomic
and geopolitical factors, Sime Darby must compete in industrial equipment and automotive
markets against intense price competition and innovative product offerings. Moreover, RHB
and CIMB Bank face market risk, as the risk of losses resulting from adverse movements in
market indicators such as interest/profit rates, credit spreads, equity prices, currency rates, and
commodity prices (RHB Bank Annual report 2021).
How about CIMB's citation?

Furthermore, Cybersecurity/Cyber risk has become a high-exposure trend in both

industries. For example, Daixin Team, a hacker organisation, is allegedly responsible for
ransomware attacks targeting Capital A (Fam 2022). The ransomware attack exposes Capital
A employees and five million passengers' personal information. Besides, increased
digitalisation makes financial service industries more vulnerable to cyber risk. Digitalisation
introduces user mobility, emphasising ease of access - at any time, anywhere, and in any way.
This entails using cloud computing and cloud services, sharing an Application Programming
Interface that allows one application to communicate with another, and opening backend
systems to remote access (RHB Bank Annual Report 2021). Recognising that most financial
institutions provide such access, hackers and cybercriminals have begun targeting financial
institutions to exploit the new digital business model.

Moreover, Compliance risk is high exposure risk for both industries as non-
compliance or breach of local laws, regulations, industry guidelines, or consumer authority
requirements of multiple jurisdictions could lead to revoking their license and operations.
Dutch Lady, Capital A and AmBank are severely cautious of compliance risk. Financial service
industries are faced with a highly dynamic regulatory landscape. Their role as financial services
providers is contingent on a solid corporate governance framework and Spacing issue

7
compliance culture and must prevent losses arising from regulatory sanctions, financial loss or
reputational damage. In-text citation?

Differences

The difference between the two industries include the consumer product and service
industry have strategic, health and safety risks. Strategic risk is the possibility that a company
will make poor business decisions. Example, Dutch Lady, Hup Seng and Sime Darby are
prepared to take calculated risks to realise their performance objectives and long-term goals.
s
Nestle, Hup Seng, and Dutch Lady are also cautious of health and safety risks and food Safety
a
Assurance is an important principle for them as this risk may cause severe impact on the
company’s operation and reputation. In-text citation?
s
The financial service industry has credit, liquidity, bribery, and corruption risks.
s industry has
Financial service industries have a high probability and exposure to Credit risk and Liquidity
risk due to these two types of risks creating potential losses and depleting financial capital,
adversely affecting business continuity and compromising the bank’s ability to allocate
adequate investments to manage material matters. Bribery and corruption risk is highly
exposed because banks are used to strong regulation, but they are lagging with regard to their
anti-corruption preparedness. Therefore, the impact of bribery and corruption on poverty,
inequality and social injustice directly affects reputation and profitability. That is why all banks
must follow Anti Money Laundering and Terrorism Financing Act and activities to mitigate
this risk. In-text citation?

4.3 Types of Risk Assessment/Evaluation

Similarities

Both industries have shared similarities in using Scenario Analysis to assess risk
evaluation. Examples include Top Glove and CIMB Bank. Top Glove conducted its first
c
climate change scenario analysis in FY2022 across value chain (Appendix 1) because Climate
change presents a range of risks and opportunities that could impact and benefit Top Glove.
Besides, CIMB risk management teams are involved at the early stage of strategy discussion
and risk-taking process by providing independent inputs, including relevant Spacing issue

8
valuations and scenario analysis, to make more accurate probability and impact values for
extreme events. In-text citation?

Differences

The difference between these two industries is consumer products and service industries
???
use Risk registers to assess their risk. Example, Hup Seng and Dutch Lady use risk registers
(Appendix 2) to store and monitor results of risk assessment activities. Risk registers/profiles
are updated regularly by Dutch Lady management team and business leaders (Appendix 2).
The above should be risk monitoring not assessment.
y
For financial services industries, Stress testing is used. Example, RHB Bank risks are
measured, assessed and aggregated using comprehensive qualitative and quantitative risk
measurement methodologies: stress testing. The process is essential to assess capital adequacy
and solvency (RHB Annual Report 2021). Stress testing assesses the effect extreme movements
in financial and economic variables may have on RHB Bank's income statement, balance sheet,
capital adequacy and the company's solvency. Besides, AmBank also used stress testing to
evaluate risk assessment (Appendix 3).

y
Furthermore, financial services industries used Risk and Control Self-Assessment.
Allianz Bank and Hong Leong Bank use risk and control self-assessment (Appendix 4)
(Appendix 5) to provide a systematic means for identifying control weaknesses and gaps that
may threaten the achievement of objectives or operational efficiency of systems and processes.
A key output is the production of action plans that help to allocate scarce resources to address
control gaps or weaknesses where the benefits of doing so (in terms of reduced residual risk
exposure) exceed the associated costs of increased control. In-text citation?

4.4 Structure of Risk Appetite Statement

Similarities

Both industries have similarities in using risk appetite statements, structured by how
many principal risk categories have been identified. Each has been assigned a qualitative risk
appetite statement supplemented by various principal risk metrics. For example, Sime Darby

9
 B
(Appendix 6), Allianz bank (Appendix 7) and AmBank (Appendix 8). Companies mentioned
above focus on achieving sustainable and profitable growth within the risk management
framework by ensuring sound risk practices and business outcomes are achieved and aligned
through limits and controls, policies and procedures to safeguard the Group’s sustainable risk-
taking and sufficient returns. In-text citation?

Differences

The first difference between these two industries is consumer and service industries
has
have structured risk appetite statements with zero-tolerance risk policies. The structure of
Dutch Lady and Hup Seng explains in the risk appetite statement that risk has zero appetites
(tolerance). For example, Dutch Lady complies with a zero-tolerance policy to compliance risk
(Appendix 9). At the same time, some risks take a certain degree that does not fall over their
appetite, which is a strategic risk. In-text citation?

s
For the financial service industry, RHB Bank used probability and impact
boundaries to show preferred risk tolerance limits and make strategic decisions to avoid taking
activities that fall into amber and red zones (Appendix 10). Risk should be controlled when in
the amber range to prevent the level of exposure from moving to red. Moreover, RHB Bank
and CIMB Bank stated their organisation’s value in their risk appetite statement and created a
risk culture for stakeholders. For example, RHB Bank believes that “Risk and Compliance is
Everyone’s Responsibility,” and thus, risk management is a core responsibility of the
respective businesses and operating units. In-text citation?

4.5 Risk Controlling Strategies

Similarities

Both industries have shared similarities in using the best ways to control market risk
f
which identity, measure, monitor and manage market risk within the approved risk
a
appetite as well as the confines of the Market Risk Policy Framework, Automation of market

10
risk monitoring and assessment tools to enhance coverage and increase efficiencies. Examples
such as Allianz Bank, AmBank, Capital A and Nestle. In-text citation?

Furthermore, Business Continuity Management Plan/ Business Continuity Plan is

a good control method for operational risk. Example, Capital A, Nestle (Appendix 11) and
CIMB Bank have Business Continuity Plans for containment, damage control and support
business recovery. Besides, CIMB Bank has a business continuity management to minimise
disruptions and ensure continuity of service to customers and supporting business processes
R
(CIMB Annual report 2021).

Differences

The distinction between these two industries is the use of different risk control strategies
for cyber risk. Capital A implemented a strong information security system based on ISO/IEC
27001 process and methodology to secure all systems. To ensure cyber resilience, these
systems undergo regular security assessments, penetration tests, and source code reviews
(Capital A Annual Report 2021). For RHB Bank, the rapid adoption of digitalisation introduced
new inherent risks that did not exist in a traditional on-premises computing system. The
current security infrastructure needed to be updated. Example, consider gradually
deploying digitally friendly cloud-based security infrastructure and hiring support personnel
with cloud security skill sets. Continuous assessment of third-party cybersecurity postures
and a subscription to threat intelligence services to understand the current cyber landscape
better. In-text citation?

11
5.0 Risk Governance and Compliance Arrangements

a. Statutory Acts/Legal Provisions and/or Industrial Standards/Guidelines/Regulations

Similarities

1. Companies Act 2016 (CA2016)

The mandatory statutory act for both industries is the CA2016. CA2016 includes the duties and
liabilities of directors in the company, legal duty to act in the best interest of the company (Shih
2018).

2. Main Market Listing Requirement (MMLR)

MMLR objective includes promoting clear, relevant and practical requirements on the
corporate disclosure policies and safeguarding shareholder interest by addressing gaps and
Board of listed companies are to adhere to MMLR (Malaysian Bar 2019).

on
3. Malaysian Code of Corporate Governance 2021 (MCCG 2021)

Listed companies in Malaysia must ensure that the board of directors provide an
overview statement on applying principles as set out in MCCG in the annual report (SC 2022).
MCCG 2021 promotes ethical behavior, accountability, transparency and sustainability.

4. Malaysian Financial Reporting Standards (MFRS) and International Financial

Reporting Standards (IFRS)

When preparing the financial statements, companies from both industries are to comply
with approved accounting standards including MFRS and IFRS (Deloitte 2022). Companies
are to prepare financial statements according to IFRS when listed in Bursa Malaysia (Deloitte
2022), with the aim to enhance financial reporting credibility and transparency in Malaysia
(PWC 2022).

12
 5. Personal Data Protection Act 2010 (PDPA 2010)

Companies are to respect privacy, safeguard data and promote privacy and data
protection best practices (Henriquez 2022), which is related to data privacy risk. In Malaysia,
PDPA 2010 is enforced to regulate personal data being collected and processed for commercial
and other purposes to safeguard consumers' rights to personal data (Shahwahid & Miskam
2015).

6. ISO 9001:2015 What about ISO31000?

Both industries are recommended to adopt ISO 9001:2015. ISO 9001:2015 emphasises
the quality management system on the need to demonstrate ability to meet customer, statutory
and regulatory requirements on providing products and services and enhance customer
satisfaction by improving the system and providing assurance of conformity to customers,
statutory and regulatory requirements through effective system application (ISO 2022).

Differences

Applicable to Financial Service Industry

1. Financial Services Act 2013 (FSA 2013) and Islamic Financial Services Act 2013
(IFSA 2013)

FSA 2013 and IFSA 2013 are regulated by Bank Negara Malaysia and are applicable
to financial service companies (BNM 2022). FSA 2013 is the legislation to promote financial
stability and ensure fair, professional and responsible business products (Ahmed & Ibrahim
2018). Furthermore, as financial services companies are conducting business in Malaysia
which comprises Muslim consumers, companies conducting Islamic financial transactions are
to comply with IFSA 2013 to promote financial stability and to achieve compliance with
Shariah (IFSA 2013).

13
 2. Bank Negara Malaysia (BNM) Guidelines

BNM has various guidelines for the companies operating in financial services (BNM
2022). This includes Payment Cards Framework to ensure that the interchange fee for payment
service providers and merchants are fair and transparent (BNM 2022).

3. Prudential Regulation and Supervisory Framework (PRS Framework)

n
The PRS Framework supports Malaysia financial institution resilience to strengthen
risk management capabilities to quickly identify and respond to emerging risk preemptively
(BNM 2022). PRS Framework emphasises board and senior management's responsibility to
manage risk in line with business strategies and provide high-level principles of sound financial
and business practices (BNM 2022).

Applicable to Consumer Products and Services Industry

1. FSSC 22000 and ISO22000

Companies producing food in the consumer products and services industry are to adopt
the FSSC 22000 and ISO22000. Both are international standards relating to ensuring food
safety (Kiwa 2022). The standards integrate the Hazard Analysis and Critical Control Point
system to ensure food safety from harvest to consumption (Alberta 2022).

b) Roles and functions

Similarities

The roles and responsibilities of the industry's governance and compliance gatekeepers,
including the board of directors, audit committee, internal audit, and staff members, are similar
in both sectors. The board of directors provides the highest level of corporate governance. The
board's responsibilities include providing leadership, approving the organisation's long-term
strategic direction to maximise shareholder value, directing and supervising the management
team as they implement the organisation's strategic plans and Spacing issue

14
desired culture in accordance with its core values, and reviewing, approving, and monitoring
the group's risk management systems across all of its businesses. In-text citation?

Furthermore, the audit committee has a specific compliance management role in

ensuring that an organisation complies with the rules and laws related to true and accurate
financial reporting. The audit committee should meet as frequently as necessary to carry out its
duties. It is advised that at least four meetings be held annually, timed to fall on important dates
for the audit cycle and financial reporting (quarterly results and annual reporting) (Bursa
Malaysia, 2022). For example, Nestle (Appendix 12), Dutch Lady (Appendix 13), and
Alliance Bank (Appendix 14) meet at least four times a year to discuss the suggested
disclosures. In the meeting, all parties are encouraged to ask questions or offer suggestions.
Audit committee members should feel confident that they have covered everything on the
agenda without feeling rushed to make decisions. In-text citation?

Besides, the internal audit function is similar in both industries. Internal audit
frequently collaborates with the compliance function to complete compliance reviews, which
thoroughly examine the safeguards in place to guarantee compliance with laws and regulations.
Internal audit should be expected to express any concerns about the company's overall
compliance management or its exposure to specific compliance risks. For example, Dutch Lady
as a consumer product services industry has an in-house internal audit and internal control
department to conduct investigations into any complaints that have been received and to offer
independent assurance of the sufficiency and effectiveness of the risk management, internal
control, and governance processes (Appendix 15), while financial services industries such as
The Group Corporate Assurance Division (GCAD) at CIMB conduct independent evaluations
of the sufficiency, effectiveness, and efficiency of risk management. The GCAD adopts a risk-
centric audit plan that is authorised by the Audit Committee and it identifies new risks,
including elevated risks as a result of the COVID-19 pandemic (Appendix 16). In-text citation?

15
 department?
The two industries also share similarities in risk management. It supervises the
management of any compliance risks relating to laws and regulations and supports the
compliance function and other specialised functions by offering guidance on how to manage
compliance risks. For example, Capital A's risk management committee recommends the ERM
strategies for managing risks faced by the group for the financial year. In addition, the risk
department also identified and established Crisis Management Teams to minimise significant
operational disruptions in the event of a crisis (Appendix 17). AmBank invests in group
compliance in the financial services industry to foster a positive compliance culture and reduce
risk exposure (Appendix 18). In-text citation?

Hence, there is no difference since both industries have the same similarities.

6.0 Summary of Risk Compliance Management Best Practices

Consumer Products & Services Industry

According to Ng et al. (2017), their research revealed that all food and beverage
industry and food manufacturing industries in Malaysia adopted these standards which are
HACCP (Hazard Analysis Critical Control Point) food safety management systems and GMP
(Good Manufacturing Practice) food hygiene practices. Both of these practices were based on
the standards of ISO 9001, which is a quality management system that will help this industry
to prevent or reduce risk and to mitigate any potential side effects of an undesirable outcome
to accomplish its intended outcomes. (ISO Global, 2022). These practices were exercised by
Hup Seng, Nestle, Dutch Lady Milk Industries and other food manufacturers.

s
Financial Service Industry

According to Bank Negara Malaysia (BNM) (2018), BNM issued a Credit Risk policy
document for banking institutions, financial and monetary service companies, insurance firms
and takaful operators, named “Best Practices for the Management of Credit Risk Guidelines”.
This guideline further advances credit risk management procedures throughout the sector,
considering changes in product diversity and scale, increased financial system globalisation,
and the expanding significance of domestic capital markets as an alternative funding source.
One of the “Best Practices for the Management of Credit Risk Guidelines” guidelines is the

16
Pillar 3 disclosure requirements. As seen in RHB bank, CIMB bank and other banks, their best
risk practice is adhering to the Pillar 3 guidelines issued by BNM. The objectives of Pillar 3
disclosure requirements are to promote transparency by establishing the minimal standards for
information on banking institutions' risk management procedures and capital adequacy that
must be disclosed to the market. According to Malay Mail (2018), CIMB bank won the
“Achievement in Enterprise Risk Management” award as they adhered to Enterprise-Wide
Risk Management Framework which gave a summary of each risk detected to support
transparent and accountable risk management practices and to improve readiness and
compliance with regulatory standards. In-text citation?

17
 Incorrect reference format, no numbering is needed.
7.0 References
1. Agencies 2021, Nestle papers show over 60% of its food portfolio is ‘unhealthy’,
Business Standard India, viewed 24 November 2022, < https://www.business-
standard.com/article/international/nestle-papers-show-over-60-of-its-food-portfolio-
is-unhealthy-121060100038_1.html. >
2. Allianz Malaysia 2021, Annual Report 2021, viewed 26 November 2022, <
https://www.allianz.com.my/content/dam/onemarketing/azmb/wwwallianzcommy/pdf
/financial-reports/annual-reports/AllianzAnnualReport2021.pdf >.
3. Alberta 2022, Hazard Analysis Critical Control Point Programme Planning, viewed
15 December 2022, <https://www.alberta.ca/hazard-analysis-critical-control-point-
program-planning.aspx>.
4. Ahmed, H & Ibrahim, IR 2018, ‘Financial consumer protection regime in Malaysia:
Assessment of the legal and regulatory framework’, Journal of Consumer Policy, 41(2),
pp.159-175.
5. AmBank Group Malaysia 2022, Integrated Annual Report 2022, viewed 26 November
2022, <
https://www.ambankgroup.com/eng/InvestorRelations/AnnualReports/Documents/20
22/AMMB%20IR22%20Website.pdf >.
6. Bank Negara Malaysia 2022, Financial Stability, viewed 12 December 2022,
<https://www.bnm.gov.my/market-conduct>.
7. Bank Negara Malaysia 2022, Payment Systems, viewed 15 December 2022,
<https://www.bnm.gov.my/payment-systems>.
8. Bank Negara Malaysia 2022, Prudential Regulation, viewed 15 December 2022,
<https://www.bnm.gov.my/prudential-
regulation#:~:text=The%20prudential%20regulatory%20framework%20emphasises,t
o%20the%20circumstances%20and%20exposures>.
9. Bursa Malaysia 2022, Statement on Risk Management & Internal Control: Guidelines
for Directors of Listed Issuers, viewed 03 December 2022,
https://www.bursamalaysia.com/sites/5bb54be15f36ca0af339077a/assets/5bb54d0a5f
36ca0c341f0028/Statement_on_Risk_Management___Internal_Control_-
_Guidelines_for_Directors_of_Listed_Issuers.pdf >.

Seen

18
10. Bursa Malaysia 2022, Guidance on effective audit and risk management, Corporate
Governance Guide Pull-out II, viewed 9 December 2022,
<https://www.bursamalaysia.com/sites/5bb54be15f36ca0af339077a/assets/5bb54d1a5
f36ca0c341f0066/Pull-out_II.PDF>
11. Capital A 2021, Annual Report 2021, viewed 26 November 2022, <
https://www.capitala.com/misc/Capital_A_ar2021.pdf >.
12. CIMB Bank 2021, Integrated Annual Report 2021, viewed 26 November 2022, <
https://www.cimb.com/content/dam/cimb/group/documents/investor-relations/annual-
general-meeting/2022/final/cimb-ar-2021.pdf >.
13. Control Union Certification 2022, ISO 22000 Food Safety Management System, viewed
15 December 2022, <https://certifications.controlunion.com/en/certification-
programs/certification-programs/iso-22000-food-safety-management-system>.
14. Daniele, U. 2022, AirAsia faces backlash over delayed pandemic refunds, viewed 24
November 2022, < https://www.aljazeera.com/economy/2022/5/23/airasia-faces-
customer-backlash-over-delayed-pandemic-refunds. >
15. Deloitte 2022, Financial Reporting Framework in Malaysia, viewed 15 December
2022, <https://www.iasplus.com/en/jurisdictions/asia/malaysia>.
16. Dutch Lady Milk Industries 2021, Annual Report 2021, viewed 26 November 2022, <
https://www.dutchlady.com.my/wp-content/uploads/2022/04/DLMI-AR2021.pdf >.
17. Fam 2022, AirAsia allegedly hit with ransomware attack, data of five million
passengers and employees reportedly compromised (Updated), Star 23 November,
viewed 26 November 2022, < https://www.thestar.com.my/tech/tech-
news/2022/11/23/airasia-allegedly-hit-with-ransomware-attack-data-of-five-million-
passengers-and-employees-reportedly-compromised >.
18. Laws of Malaysia, 2013, Financial Services Act 2013, viewed 15 December 2022,
<https://www.bnm.gov.my/documents/20124/820862/Financial+Services+Act+2013.
pdf>.
Incorrect citation format
19. Hassani, Bertrand, and Bertrand K. Hassani, 2016. Scenario analysis in risk
management. Springer International Publishing Switzerland.

Seen

19
20. Henriques, M 2022, Data Privacy Day: Raising Awareness and Encouraging
Compliance, <https://www.securitymagazine.com/articles/96948-data-privacy-week-
raising-awareness-and-encouraging-compliance>.
21. Hong Leong Bank 2022, Annual Report 2022, viewed 26 November 2022, <
https://www.hlb.com.my/content/dam/hlb/my/docs/pdf/About-Us/Investor-
Relations/annual-quaterly-reports/2022/annual-report/hlb-annual-report-2022.pdf >.
22. Hup Seng 2021, Annual Report 2021, viewed 26 November 2022, <
https://disclosure.bursamalaysia.com/FileAccess/apbursaweb/download?id=215383&
name=EA_DS_ATTACHMENTS >.
23. Ishak, Naharul 2022, The issues regarding AirAsia’s Air Service Licence, viewed 24
November 2022, < https://themalaysianreserve.com/2022/10/17/the-issues-regarding-
airasias-air-service-licence/ >
24. Laws of Malaysia, 2013, Islamic Financial Services Act 2013, viewed 15 December
2022, <https://www.bnm.gov.my/documents/20124/8102422b-e6dd-d149-8db0-
e3637e89ed5c>.
25. ISO 2022, ISO 9001:2015 Quality Management Systems – Requirements, viewed 15
December 2022, <https://www.iso.org/standard/62085.html>.
26. Kiwa 2022, Difference between FSSC 22000 and ISO 22000, viewed 15 December
2022, <https://www.kiwa.com/en/themes/fssc-22000-food-safety-management-
system/difference-fssc-22000-and-iso-22000/>.
27. Malaysian Bar 2019, Issuance of Amendments to Main Market Listing Requirements
and ACE Market Listing Requirements on 8 May 2019, viewed 15 December 2022,
<https://www.malaysianbar.org.my/cms/upload_files/document/Circular%20No%201
07-2019.pdf>.
28. Nestle 2019, Quality and safety, viewed 24 November 2022, <
https://www.nestle.com/aboutus/quality-and-safety >.
29. Nestle Malaysia 2021, Corporate Governance & Financial Report 2021, viewed 26
November 2022, < https://www.nestle.com.my/sites/g/files/pydnoa251/files/2022-
03/CGFR-NESTLE-AR21.pdf >.

Seen

20
30. Laws of Malaysia, 2010, Personal Data Protection Act 2010, viewed 15 December
2022,
<https://www.kkmm.gov.my/pdf/Personal%20Data%20Protection%20Act%202010.p
df>.
31. Policy Mandatory Nestlé Quality Policy 2017, Nestle Quality Policy, viewed 24
November 2022, < https://www.nestle.com/sites/default/files/asset-
library/documents/library/documents/suppliers/quality_policy_nestle.pdf. >
32. PWC 2022, Overview of MFRS, viewed 15 December 2022,
<https://www.pwc.com/my/en/services/assurance/mfrs.html#:~:text=Overview%20of
%20MFRS&text=It%20is%20fully%20compliant%20with,milestone%20for%20the
%20capital%20market.>.
33. RHB Bank 2021, Integrated Annual Report 2021, viewed 26 November 2022, <
https://www.rhbgroup.com/~/media/files/malaysia/investor-relations/annual-
reports/rhb-bank-ir-2021.ashx >.
34. Securities Commission Malaysia 2022, Frequently Asked Questions on the Malaysian
Code on Corporate Governance, viewed 15 December 2022,
<https://www.sc.com.my/api/documentms/download.ashx?id=a9ae6572-32c1-483a-
ae20-
52ebc18ac63d#:~:text=As%20stated%20in%20MCCG%2C%20while,the%20practic
es%20in%20the%20MCCG>.
35. Shahwahid, FM & Miskam, S 2015, ‘Personal Data Protection Act 2010: Taking the
First Steps towards Compliance: Akta Perlindungan Data Peribadi 2010: Mengambil
Langkah Awal ke arah Pematuhan’, Journal of Management and Muamalah, 5(2),
pp.64-75.
36. Shih, L 2018, ‘Navigating the Directors’ Duty to Act in the Best Interest of the
Company: the Petra Perdana Decision and the Companies Act 2016’.
37. Sime Darby 2022, Annual Report 2022, viewed 26 November 2022, <
https://www.simedarby.com/sites/default/files/annualreport-
pdf/sime_darby_ar2022_interactive_221017.pdf >.
38. Sweity, RM & Yeon, AL 2017, ‘The Application of Corporate Disclosure Policy among
Public Listed Companies in Properties Business’, International Journal of Economics,
Business and Management Research, Vol. 1, No. 04.
39. Top Glove 2022, Annual Report 2022, viewed 13 December 2022, <
https://www.topglove.com/annual-report >.
Seen
21
 40. Carnegie Mellon University, Consumer products, viewed 13 December 2022,
<https://www.cmu.edu/career/documents/industry-guides/consumer-products-tip-
sheet.pdf>.
41. Grabner-Kräuter, S & Kolb, R, 2018, The SAGE Encyclopedia of Business Ethics and
Society, SAGE Publications, Inc, viewed 13 December 2022,
<https://www.researchgate.net/publication/326059029_Consumer_Goods>.
42. Segui-Mas, E, Polo-Garrido, F & Bollas-Araya, HM, 2018, Sustainability Assurance in
Socially-Sensitive Sectors: A Worldwide Analysis of the Financial Services Industry,
Economic and Business Aspects of Sustainability, vol. 10, no. 8, viewed 13 December
2022, <https://www.mdpi.com/2071-1050/10/8/2777>.
43. Turkekole, T, 2015, Strategic Approach to Financial Services Industry, Bogazici
University, viewed 13 December 2022,
<https://www.researchgate.net/publication/286777573_Strategic_Approach_to_Finan
cial_Services_Industry>.
44. Watson, T, Blair, D & Laurence, J, 2003, Financial Services: A Report on the Industry,
Industrial College of the Armed Forces National Defense University, viewed 13
Deember 2022,
<https://www.researchgate.net/publication/235044876_Financial_Services_A_Report
_on_the_Industry>.
45. Gribbins, M, Chandrasekar Subramaniam & Shaw, MJ, 2001, e-Business in Consumer
Packaged Goods Industry: A Case Study, Department of Business Administration,
University of Illinois at Urbana-Champaign, viewed 13 December 2022,
<https://www.academia.edu/2030799/E_business_in_consumer_packaged_goods_ind
ustry_a_case_study>.
46. Bank Negara Malaysia, 2018, Credit Risk, viewed 13 December 2022,
<https://www.bnm.gov.my/-/credit-risk-22012018>.
47. Malay Mail, 2018, CIMB recognised for strong risk management, viewed 13 December
2022, <https://www.malaymail.com/news/money/2018/06/17/cimb-recognised-for-
strong-risk-management/1642740>.

Not in alphabetical order.

22
 48. Ng, KS, Lim HC & Abdul Rahman Ahmad, 2017, Quality Assurance Practices of the
Food Manufacturers in Malaysia, Journal of Computational and Theoretical
Nanoscience, vol. 23, no. 15, viewed 13 December 2022,
<https://www.researchgate.net/publication/314256520_Quality_Assurance_Practices_
of_the_Food_Manufacturers_in_Malaysia>.
49. ISO Global, 2022, Risk Management and ISO 9001 Quality Management, viewed 13
December 2022, <https://isoglobal.com.au/articles/risk-management-iso-
9001/#:~:text=According%20to%20ISO%209001%2C%20planning,effects%20of%2
0an%20undesired%20outcome.>.
50. Lim, S. 2021, ‘AmBank slips into the red in 4Q, no thanks to 1MDB settlement and
impairments’, viewed 15 December 2022,
<https://www.theedgemarkets.com/article/ambank-slips-red-4q-no-thanks-1mdb-
settlement-and-impairments>.
51. Allianz 2021, Annual Report 2021, viewed 15 December 2022,
<https://www.allianz.com.my/content/dam/onemarketing/azmb/wwwallianzcommy/p
df/financial-reports/annual-reports/AllianzAnnualReport2021.pdf>.

Not in alphabetical order.

23
8.0 Appendices

Appendix 1: Top Glove Annual report 20212 stated that they use scenario analysis to assess
the risk assessment. Source?

Appendix 2: Dutch Lady Annual Report 2022 stated that they have prepare a risk profile to
assess their risk evaluation and updated it regularly and then tabulated it inta o heat map for
risk monitor purpose. Proper source citation?

24
Appendix 3: AmBank in the Annual report 2022 used stress testing in semi-annual to
conduct their risk assessment. Proper source citation?

Appendix 4: Allianz Bank Malaysia Berhad using the Risk and Control Self-Assessments to
undertake their risk assessment activities. Proper source citation?

Appendix 5: From the Hong Leong Bank Annual report, they are using risk and control self-
assessment to evaluate their risk assessment.
Proper source citation?

25
Appendix 6: Sime Darby inaugural risk appetite statements, risk tolerance and key risk
indicators were developed in FY2020 and are tracked on a quarterly basis. There are a total of
14 risk appetite statements covering 12 sub-enterprise risk areas. There were no critical
breaches of risk tolerance limits during the year. Risk tolerance that encroached alert level
(code yellow) were notified to the RMC and acted upon by the management.
Proper source citation?

Appendix 7: Allianz Bank Annual report 2021 stated the principal risk that they will faced.

Proper source citation?

26
 Proper source citation?
Appendix 8: AmBank Annual Report 2022 of their key principal risk

Appendix 9: Dutch Lady risk appetite statement contains zero tolerance policy

Proper source citation?

27
Appendix 10: RHB Bank used probability and impact boundaries to identify the risk appetite.
Proper source citation?

28
Appendix 11: Capital A Annual report 2021 and Nestle Annual Report 2021 stated that they
have business Continuity Management Plan to deal with their operational risk- System Outages
(Capital A) and Business Disruptions risk (Nestle).
Proper source citation?

Appendix 12: Nestle Corporate Governance & Financial Report 2021 (p. 6)

29
Appendix 13: Dutch Lady Annual Report 2021 (p.65)

30
Appendix 14: Alliance Bank Annual Report 2022 (p.78)

31
Appendix 15: Dutch Lady Annual Report 2021 (p.57)

32
Appendix 16: CIMB Annual Report 2021 (p.138)

33
Appendix 17: Capital A Annual Report 2021 (p.178,179)

34
Appendix 17: Capital A Annual Report 2021 (p.178,179)

Appendix 18: Ambank Annual Report 2022 (p.154,156)

35
Appendix 18: Ambank Annual Report 2022 (p.154,156)

36