Manulife US REIT - Annual Report 2020

• The 3 rd line of defence comprises the outsourced Internal Audit team from the Sponsor, which provides independent assurance that controls are adequate, effective and appropriate relative to the risk inherent in the business, and that risk mitigation programmes and risk oversight functions are effective in managing risks. Risk-taking activities are managed within the REIT’s overall risk appetite and approved by both the ARC and the Board. Risk appetite defines the amount and types of risks MUST is willing to assume, which comprises risk philosophy, risk appetite statements and risk limits and tolerances. This requires business units and functional support groups to identify and assess key and evolving risks arising from their activities on an ongoing basis. A standard inventory of risks is used in all aspects of risk identification, measurement and assessment, and monitoring and reporting. Risk limits and tolerances are reviewed on an annual basis to ensure that they remain appropriate taking into consideration MUST’s overall risk objectives and risk management plans, business strategy and changing external environment. Risk reduction strategies and activities are defined individually for each risk and can include full or partial risk offset, full risk elimination or risk reduction within limits. Financial risk mitigation tactics include ensuring aggregate risk exposures remain within MUST’s risk appetite and limits. In addition, another tactic is to followMUST’s approved plans so as to reduce aggregate risk exposure and keep them within risk limits. The identification and assessment of external environment for emerging risks plays a pivotal role in the ERM Framework. The ability to detect and adapt to changes in the environment may not only prevent problems arising but also help the Manager identify new opportunities. The risk reporting will be presented to the ARC and the Board to highlight, but not limited to, the risk profile, risk dashboard on high risks, unresolved major risk issues and new or emerging risks. The following describes the risk management strategies to identify certain key risks. Board of Directors/ Audit and Risk Committee Senior Management 1 st Line of Defence Management Control & Internal Control System 2 nd Line of Defence Legal & Compliance 3 rd Line of Defence Internal Audit Three Lines of Defence Regulator Trustee External Auditor 58 MANULIFE US REIT ENTERPRISE RISK MANAGEMENT