2020 INTEGRATED REPORT

CORPORATE GOVERNANCE REPORT (CONTINUED) RISK MANAGEMENT SYSTEM The risk management system comprises the totality of strategies, policies and related procedures, and tools for identifying, assessing, measuring, monitoring, managing reporting and mitigating of all reasonably foreseeable current and emerging material risks that may affect the PPS Group’s ability to meet its strategic objectives. Risk management is part of the day-to-day business activities conducted at the PPS Group. The system takes into account the probability, potential impact, velocity and duration of risks and is adapted as the business and the external environment change. The system supports the PPS Group Boards in meeting their responsibilities relating to the promotion of sound risk management, compliance and policyholder protection. The objectives of the PPS Group are aligned with its environmental policies. The risk management system takes into account the alignment of sustaining and growing the business while preserving the environment. The risk management system comprises the following components: a. A clearly defined and documented risk management strategy that includes the risk management objectives, principles and approach to assumption setting, and assignment of risk management responsibilities across all activities consistent with the overall business strategy; b. Adequate written policies consistent with the risk management strategy; c. Appropriate policies, processes, procedures, controls and tools for identifying, measuring, monitoring, managing and reporting on all material risks; d. Reports to inform Senior Managers, the Risk Committee (Risk and Audit Committee where applicable), the PPS Group Boards and other key persons in control functions on all material risks faced by PPS Group and on the effectiveness of the risk management system itself; e. Processes for ensuring adequate contingency planning, business continuity and crisis management. The detailed particulars of the risk management system are set out in the PPS Group Enterprise Risk Management Framework. INTERNAL CONTROL SYSTEM The internal control system consists of the totality of strategies, policies, procedures, and controls to assist the PPS Group Boards and Senior Managers in the fulfilment of their oversight and management responsibilities. The PPS Group has adopted a Five Lines of Assurance model, supported by a combined assurance framework, to facilitate and ensure effective governance across all processes and functions. The internal control system provides the PPS Group Boards and Senior Managers with reasonable assurance from a control perspective that the business is operated consistently within the following parameters: ~ Business objectives of the PPS Group. ~ Strategy determined by the PPS Group Boards. The detailed particulars of the strategic planning process are set out in the PPS Group Capital Management Policy. ~ Key business, information technology and financial policies and processes, as well as related risk management policies and procedures, determined by the PPS Group Boards. ~ Applicable laws, regulations and supervisory requirements. The internal control system comprises the following components: a. Appropriate accounting policies and controls for all key business processes to ensure the fairness, accuracy, reliability and completeness of the PPS Group’s financial and non-financial information; b. Annual compliance plan; c. Appropriate segregation of duties and controls to ensure that such segregation is observed; d. Detailed control processes for complex business activities; e. Training in respect of relevant components of the system of internal controls, particularly for employees in positions of trust or responsibility, or who carry out the PPS Group’s activities that involve significant risk; f. Regular monitoring of key controls to ensure that they remain effective, form a coherent system and that the internal control system functions as intended, fits within the overall governance framework and complements the risk identification, risk assessment and risk management activities; g. Regular, independent testing and assessments to determine the adequacy, completeness and effectiveness of the internal control system and its usefulness to the PPS Group Boards and Senior Managers for controlling the operations. CONTROL FUNCTIONS In terms of the Prudential Standard GOI 3: Risk Management and Internal Controls, an insurer must establish and adequately resource at least certain control functions. The following four key control functions are established, resourced and in place within the two PPS Group insurance companies: 80 | PPS INTEGRATED REPORT 2020