Manulife US REIT - Annual Report 2021

ANNUAL REPORT 2021 75 Board of Directors/ Audit and Risk Committee Senior Management Three Lines of Defence Regulator Trustee External Auditor • The 2 nd line of defence includes the oversight functions such as the Legal and Compliance teams. The ARC also contributes to the oversight of risk-taking and risk mitigation activities. • The 3 rd line of defence comprises the outsourced Internal Audit teamfromtheSponsor,whichprovides independent assurance that controls are adequate, effective and appropriate relative to the risk inherent in the business, and that risk mitigation programmes and risk oversight functions are effective in managing risks. Risk-taking activities are managed within the REIT’s overall risk appetite and approved by both the ARC and the Board. Risk appetite defines the amount and types of risks MUST is willing to assume, which comprises risk philosophy, risk appetite statements and risk limits and tolerances. This requires business units and functional support groups to identify and assess key and evolving risks arising from their activities on an ongoing basis. A standard inventory of risks is used in all aspects of risk identification, measurement and assessment, and monitoring and reporting. Risk limits and tolerances are reviewed on an annual basis to ensure that they remain appropriate taking into consideration MUST’s overall risk objectives and risk management plans, business strategy and changing external environment. Risk reduction strategies andactivities aredefined individually for each risk and can include full or partial risk offset, full risk elimination or risk reduction within limits. Financial risk mitigation tactics include ensuring aggregate risk exposures remain within MUST’s risk appetite and limits. In addition, another tactic is to follow MUST’s approved plans so as to reduce aggregate risk exposure and keep them within risk limits. The identification and assessment of external environment for emerging risks plays a pivotal role in the ERM Framework. The ability to detect and adapt to changes in the environment may not only prevent problems arising but also help the Manager identify new opportunities. The risk reporting will be presented to the ARC and the Board to highlight, but not limited to, the risk profile, risk dashboard on high risks, unresolved major risk issues and new or emerging risks. The following describes the risk management strategies to identify certain key risks. 1 st Line of Defence Management Control & Internal Control System 2 nd Line of Defence Legal & Compliance 3 rd Line of Defence Internal Audit