Risk Management & Internal Control
Effective risk management is fundamental to maintaining CCG’s integrity, ensuring business continuity, and supporting our long-term sustainable development goals.
We have established two key policies to guide our risk management approach:
- Risk Management Policy
Defines the roles and responsibilities of division and department heads in identifying, assessing, and managing risks - Internal Control Framework and Management Policy
Aligned with the Internal Control – Integrated Framework issued by the Committee of Sponsoring Organisations of the Treadway Commission (COSO), this policy ensures a structured and consistent approach to internal controls.
To reinforce these policies in practice, we conducted five internal risk management workshops in FY2024/25 with department heads across the Group. These workshops ensured colleagues’ competence in risk management principles and facilitate communication regarding our risk management and internal control.
As the third line of defence, the Internal Audit Department plays a critical role in the Group’s risk governance structure by providing independent and objective assurance.
Enterprise Risk Management (ERM)
We have adopted an ERM framework that enables systematic risk identification, assessment, and management.
Led by our CFO and COO, the ERM working group collaborates closely with business units to prioritise both current and emerging risks, and to evaluate appropriate controls and mitigation strategies. As part of this process, each department regularly reviews its own risks and controls, updating the risk register to ensure accuracy and relevance. The ERM working group consolidates these updates, identifies principal risks across the Group, and reports to senior management, Audit and Risk Committee and the Board on a quarterly basis.
Project-Level Risk Management
Recognising the importance of robust risk oversight in development and construction activities, in addition to departmental risk register, Project Department monitors project-specific risks via two key reports – Development Implementation Plan and Bi-Weekly Project Report.
Development Implementation Plan
Aim to identify, assess, and mitigate potential risks at an early stage, ensuring that risk considerations are embedded from project inception
Bi-Weekly Project Review Report is prepared by the Project-in-Charge, covering key aspects of:
- Construction site safety
- Incident recording and reporting
- Compliance with statutory and regulatory requirements
These reports are reviewed by the Project Director and CEO. In addition, the reports are submitted to Project Owners, senior management and the Board on a monthly basis. This mechanism enhances transparency, accountability, and proactive risk management throughout the entire project lifecycle.
Climate-Related Risk Management
In response to evolving sustainability expectations and insights from our materiality analysis, we have embedded sustainability and climate-related risks into our ERM framework. Through a structured climate risk assessment, we identify and assess material climate-related risks, develop mitigation plans, and align actions with our long-term sustainable development goals. For more information, please refer to the section “Accelerating Our Green Transformation” in this report.”
