31
FRONTKEN CORPORATION BERHAD
(651020-T)
ANNUAL REPORT 2014
Introduction
Paragraph 15.26 (b) of the Listing Requirements of Bursa Malaysia Securities Berhad (“Bursa”) stipulates that a
listed issuer must ensure that its board of directors makes a statement (“Internal Control Statement” or “Statement”)
about the state of internal control of the listed issuer as a group. Accordingly, the Board of Directors (“Board”) is
pleased to provide the Internal Control Statement, which outlines the nature and scope of the risk management and
internal control system in the Group (comprising the Company and its subsidiaries) for the financial year ended 31
December 2014 and up to the date of approval of this Statement for inclusion in the Annual Report of the Company.
For the purpose of disclosure, this Statement takes into consideration the “Statement on Risk Management and
Internal Controls - Guidelines for Directors of Listed Issuers”, a publication of Bursa which provides guidance to
boards on the issuance of the Internal Control Statement.
Board Responsibility
The Board acknowledges its overall responsibility for the Group’s system of risk management and internal control
to safeguard shareholders’ investment and the Group’s assets as well as reviewing its adequacy and integrity. The
Board is mindful of the need to establish clear roles and responsibilities in discharging its fiduciary and leadership
functions in line with Recommendation 1.2 of the Malaysian Code on Corporate Governance 2012 (“MCCG 2012”).
Accordingly, the Board is aware that its principal responsibilities, as outlined in the Commentaries of the same
Recommendation of the MCCG 2012, include, inter-alia, the following:
• identifying principal risks and ensuring the implementation of appropriate controls and mitigation measures;
and
• reviewing the adequacy and integrity of the management information and internal controls system of the
Company.
The Group’s risk management and internal control system addresses strategic, operational, financial and compliance
risks as well as the associated internal controls deployed by Management to mitigate the risks. In view of the
limitations inherent in any system of risk management and internal control, the system is designed to manage,
rather than to eliminate, the risk of failure to achieve the Group’s business and corporate objectives. The system
can therefore only provide reasonable, but not absolute assurance, against any material misstatement, financial
loss or fraudulent practice.
In line with Recommendation 6.1 of the MCCG 2012, the Board has formalized an Enterprise Risk Management
(“ERM”) framework that provides policies and procedures to address risk management activities of the Group in a
structured manner to safeguard shareholders’ investment and the Group’s assets. Based on this framework, the
Board has established an on-going process for identifying, evaluating and managing the significant risks faced by the
Group. The Board, through its Audit Committee, reviews the results of this process, including mitigating measures
taken by Management to address areas of key risks as identified. This process has been in place for the financial
year under review and up to the date of approval of this Statement for inclusion in the Annual Report of the Company.
Risk Management Framework
Risk management is firmly embedded in the Group’s key business processes through its ERM framework. To
streamline the risk management processes and activities, the Board has also formalized in writing pertinent risk
management policies and guidelines for adoption by business units across the Group. The ERM framework embodies
a risk management process which results in the compilation of specific risk profiles of key business units and
companies in the Group by Risk Management Units (RMUs”). The individual risks in the profile are scored for their
likelihood of occurrence and the impact thereof based on risk parameters established for each key business unit or
company in the Group. The risk parameters take into consideration financial and non-financial metrics in measuring
risks in terms of likelihood of risk occurrence and the impact thereof – this essentially articulates the Board’s risk
appetite, i.e. the extent of risk the Group is prepared to take or seek in achieving its corporate objectives. The risk
responses and internal controls that Management has taken and/or is taking are reported by the RMUs to the Audit
Committee and the outcome is documented in the minutes of the Audit Committee meetings. For each of the risks
identified, a risk owner is entrusted to ensure appropriate actions are taken to mitigate the risk.
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
