22. The SWF should have a framework that identifies, assesses, and manages the risks of its operations.
22.1. The risk management framework should include reliable information and timely reporting systems, which should enable the adequate monitoring and management of relevant risks within acceptable parameters and levels, control and incentive mechanisms, codes of conduct, business continuity planning, and an independent audit function.
22.2. The general approach to the SWF’s risk management framework should be publicly disclosed.
As a global investor aiming to meet the highest standards of governance, Mubadala is committed to understanding and managing risks in achieving its mandate and business objectives.
Mubadala’s risk-management framework is enterprise-wide and enables risks to be understood and managed effectively, through the application of the risk -management process at various levels within Mubadala. It also ensures that risk information and insight provide a basis for decision making, reporting and accountability within Mubadala.
The Mubadala Board Executive Committee and ARCC have ultimate responsibility for Mubadala’s risk management, with assistance and advice from several committees and units, including Enterprise Risk Management, Responsible Investing, Portfolio Strategy, Treasury & Investor Relations, Ethics & Compliance, Legal & Governance, Tax, Business Continuity and Internal Audit.
Risk management is embedded in Mubadala’s investment and asset management related activities including portfolio capital allocation, individual investment decisions and ongoing asset management.
The responsibility for the implementation of risk management activities resides with Mubadala’s investment platforms, corporate units and Investees (Mubadala’s first line of defense).
The Enterprise Risk Management (ERM) unit is responsible for the continual development and coordination of the implementation of the ERM framework, providing specialist ERM guidance to Mubadala (Mubadala’s second line of defense).
The Responsible Investing unit is responsible for the integration of ESG principles and considerations into Mubadala’s investment process. ESG assessment is conducted at all stages of the investment life cycle, as detailed in our Responsible Investing Policy.
The Internal Audit unit forms Mubadala’s third line of defense. The Internal Audit unit delivers independent, objective assurance and consulting services designed to add value and improve Mubadala’s operations. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The independence of the Internal Audit unit is secured by the Executive Director – Internal Audit reporting functionally to the ARCC, and administratively to the Managing Director.
The purpose, authority and responsibility of the Internal Audit unit is formally defined in the Internal Audit Charter and is consistent with the mandatory elements of the IIA’s IPPF, and the globally recognized professional framework for internal audit, as well as ADAA Resolution 89. The Internal Audit Charter is approved by the ARCC and is reviewed each year and updated as necessary.
The Internal Audit unit’s activities are governed by policies and procedures that are consistent with the IPPF. These include preparing a risk-based, three- year internal audit plan and associated budget for approval by the ARCC. The Executive Director – Internal Audit attends each meeting of the ARCC to present the results of ongoing internal audit work. The ARCC is provided with assurance over the quality of internal audit work through the activities of the Internal Audit unit’s Quality and Excellence function.
In line with the IPPF, the Internal Audit unit is required to subject itself to external assessment at least once every five years to ensure its continued conformance to the IPPF. This assessment was last completed in 2019, when the Internal Audit unit received a rating of ‘generally conforms’, the highest rating available.