29

FRONTKEN CORPORATION BERHAD

(651020-T)

ANNUAL REPORT

2015

Risk Management Framework (cont’d)

Details of specific risks are recorded in individual risk registers, covering the risk description, causes of risk, risk consequences

(both actual and potential), internal controls implemented by Management to address the causes of risk, Management’s

assessment of the effectiveness of internal controls and the residual risk rating, i.e. the balance of risk after considering the

effects of controls deployed to mitigate the risk.

The risk responses and internal controls that Management has taken and/or is taking to treat the risks to acceptable levels

are reported by the RMUs to the Audit Committee and the outcome thereof is documented in the minutes of Audit Committee

meetings. For each of the business risks identified, a risk owner is entrusted to ensure appropriate actions are taken to

mitigate the risk within specified timeline.

Internal Control System

The Group’s internal control system comprise the following key elements:

•

an organization structure with clearly defined lines of responsibilities and appropriate levels of delegation and authority,

including financial limits of authority in approving transactions/activities as well as mandate to operate bank accounts.

The structure also sets out clear reporting lines and segregation of duties for major processes like strategic management,

operations, sales and collections, procurement and payment, human resource, capital expenditure, research and

development, financial reporting, corporate affairs, and investments;

•

a process of hierarchical reporting which provides a documented and auditable trail of accountability, with appropriate

sign-off by personnel entrusted with the responsibilities;

•

an annual budgetary exercise that requires all business units and companies in the Group to formulate financial budgets

which are then consolidated into a Group budget, presented to the Board for comments and approval. Quarterly

review of the Group’s performance against budget is carried out at Board meetings where explanations on significant

variances are furnished by Management. Management meetings at operational level are conducted to review financial

performance against business plans and monitor the respective business unit’s performance against budget;

•

significant changes in business development are reported by Management to the Board at scheduled meetings. This

oversight review process enables the Board to evaluate and monitor the Group’s business performance vis-à-vis its

corporate objectives;

•

the Audit Committee, which is entrusted by the Board to oversee the Company’s financial reporting process, in particular

the quarterly and annual announcements of the Group’s financial performance, meets at least quarterly to review the

announcements, seek clarification and explanations from Management before recommending the announcements to

the Board for approval;

•

internal policies and procedures pertaining to key business processes have been formalized for application across

the Group. These policies and procedures serve as a guide to enable compliance by personnel with internal control

requirements and applicable laws and regulations;

•

structured whistle-blower policies and procedures have been formalized to enable employees of the Group to raise

genuine concerns about possible improprieties on matters of financial reporting, compliance, malpractices or unethical

business conduct within the Group at the earliest opportunity and in an appropriate way without fear of reprisal or

victimization; and

•

where issues arise that affect the reliability and integrity of financial information of any business unit, special audits are

commissioned by the Audit Committee or Senior Management, as the case may be, to assist the Board in fulfilling its

oversight responsibilities.

STATEMENT ON RISK MANAGEMENT

AND INTERNAL CONTROL

(cont’d)