Datasonic Group Berhad Annual Report 2021

DATASONIC GROUP BERHAD 80 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL RISK MANAGEMENT & INTERNAL CONTROL SYSTEMS FIRST LINE OF DEFENCE • Own, manage and control risks by implementation of internal controls in the business operations and activities. • Provided by the Executive Directors, Management and Heads of Department. SECOND LINE OF DEFENCE • Coordinate and facilitate risk management activities routinely among the various business units and / or support and administration functions, including monitoring progress of risk mitigation plans. • Provided by Risk Management function. THIRD LINE OF DEFENCE • Perform regular reviews of the Group’s operations and system of internal controls and risk management. Provide independent assurance on the adequacy and effectiveness of the controls processes implemented by business process owners and Management. • Provided by the Internal Audit Department. Generally, Datasonic risk management and internal control systems are guided by the ISO 31000 Risk Management - Principles and Guidelines and the Committee of Sponsoring Organisations of the Treadway Commission (“COSO”) Framework respectively. The key features of the Group’s risk management and internal control system are the three (3) lines of defence with established functional responsibilities and accountability for the management of risks and internal controls of Datasonic as depicted below:-