Basic HTML Version
Annual Report 2013
• 37 •
The Board of Directors ( “the Board”) is responsible for the risk management and internal control system of the Group pursuant
to Paragraph 15.26(b) of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad and Recommendation 1.2
of Malaysian Code on Corporate Governance (“MCCG”) 2012. This statement has been approved by the Board and reviewed
by the external auditors as required under Paragraph 15.23 of the Main Market Listing Requirements. The external auditors have
reported to the Board that nothing has come to their attention that causes them to believe that this statement is inconsistent with
their understanding of the process the Board has adopted in the review of the adequacy and integrity of the risk management and
internal control system of the Group.
Responsibility
The Group’s risk management is an ongoing process and the Board recognizes its responsibility for identifying principal risks and
ensuring the implementation of appropriate systems to manage the risks. It is also responsible for reviewing the adequacy and
integrity of the Group’s risk management and internal control system and management information system for compliance with
applicable laws, regulations, rules, directives and guidelines.
The risk management & internal control system not only cover financial controls but operational and compliance controls and risk
management. Due to limitations inherent in the system, this system can only manage rather than to eliminate the risk of failure
to achieve business objectives. Therefore, any part of this system can only provide reasonable and not absolute assurance against
material misstatement, fraud or loss occurrence.
Risk Management
The Board recognizes and pursuant to Recommendation 6.1 of MCCG 2012, a risk management program must be implemented to
ensure that all key risks are identified and managed appropriately and sufficiently.
Risk management practices are embedded in the day-to-day operations of the Group which the Board has established a framework
for identifying, evaluating, managing and reporting the significant risks found by the Group.
The Board together with the assistance of the Management Executive Committee (“MANCO”), the Risk Management Committee
(“RMC”) and professionals and advisers such as the Internal Auditors, identify risks as an ongoing process and ensure continuous
risk management arising therefrom.
Risk Management Committee (“RMC”)
To further enhance and improve the process of risk management, the RMC comprising Executive Directors as well as Senior
Management personnel has a duty to act and execute in accordance with the Terms of Reference laid down.
The duties and responsibilities of the RMC are defined in the Terms of Reference, Policy and Guidelines. It carries out risks
identification, evaluate, monitor and formulate mitigation strategies on risks identified. The RMC executes its duty based on the
Group’s operational activities and manages risks as directed by the MANCO who in turn reports to the Board.
The RMC periodically reviews risk management processes and policies to ensure relevancy and effectiveness. It will then submit
an annual report on the overall risk management processes to the Board for review through the MANCO.
During the financial year under review, the RMC held four (4) meetings and worked within the adopted risk management framework.
This process is monitored and reviewed by the MANCO who shall report and recommend to the Board in ensuring the adequacy
and integrity of the system of risk management and internal control and to ensure that an appropriate mix of techniques is used to
obtain level of assurance required by the Board.
The risk responses and internal controls that the management have taken and/or are taking are documented in the minutes of
meeting of the RMC. For each of the risks identified, the management is assigned to ensure appropriate risk response actions are
carried out.
The Board has received assurance from the Group Managing Director and Group Chief Financial Officer, through the MANCO that
the Company’s risk management and internal control system is operating adequately and effectively.
Internal Audit Function
Whilst the RMC operates independently within the confines of its Terms of Reference and reports to the MANCO in ensuring
that a sound system of risk management and internal control is maintained, the adequacy and integrity of the risk management
and internal control system are further assured by the existence of an Independent Internal Audit Function which possesses the
necessary expertise to perform their duties. The Internal Audit Function’s activities are outsourced to an independent service
provider, who is adequately resourced to ensure the audit activities are carried out professionally with independence, objectivity
and impartiality without interference.
STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL