29
FRONTKEN CORPORATION BERHAD
(651020-T)
ANNUAL REPORT
2015
Risk Management Framework (cont’d)
Details of specific risks are recorded in individual risk registers, covering the risk description, causes of risk, risk consequences
(both actual and potential), internal controls implemented by Management to address the causes of risk, Management’s
assessment of the effectiveness of internal controls and the residual risk rating, i.e. the balance of risk after considering the
effects of controls deployed to mitigate the risk.
The risk responses and internal controls that Management has taken and/or is taking to treat the risks to acceptable levels
are reported by the RMUs to the Audit Committee and the outcome thereof is documented in the minutes of Audit Committee
meetings. For each of the business risks identified, a risk owner is entrusted to ensure appropriate actions are taken to
mitigate the risk within specified timeline.
Internal Control System
The Group’s internal control system comprise the following key elements:
•
an organization structure with clearly defined lines of responsibilities and appropriate levels of delegation and authority,
including financial limits of authority in approving transactions/activities as well as mandate to operate bank accounts.
The structure also sets out clear reporting lines and segregation of duties for major processes like strategic management,
operations, sales and collections, procurement and payment, human resource, capital expenditure, research and
development, financial reporting, corporate affairs, and investments;
•
a process of hierarchical reporting which provides a documented and auditable trail of accountability, with appropriate
sign-off by personnel entrusted with the responsibilities;
•
an annual budgetary exercise that requires all business units and companies in the Group to formulate financial budgets
which are then consolidated into a Group budget, presented to the Board for comments and approval. Quarterly
review of the Group’s performance against budget is carried out at Board meetings where explanations on significant
variances are furnished by Management. Management meetings at operational level are conducted to review financial
performance against business plans and monitor the respective business unit’s performance against budget;
•
significant changes in business development are reported by Management to the Board at scheduled meetings. This
oversight review process enables the Board to evaluate and monitor the Group’s business performance vis-à-vis its
corporate objectives;
•
the Audit Committee, which is entrusted by the Board to oversee the Company’s financial reporting process, in particular
the quarterly and annual announcements of the Group’s financial performance, meets at least quarterly to review the
announcements, seek clarification and explanations from Management before recommending the announcements to
the Board for approval;
•
internal policies and procedures pertaining to key business processes have been formalized for application across
the Group. These policies and procedures serve as a guide to enable compliance by personnel with internal control
requirements and applicable laws and regulations;
•
structured whistle-blower policies and procedures have been formalized to enable employees of the Group to raise
genuine concerns about possible improprieties on matters of financial reporting, compliance, malpractices or unethical
business conduct within the Group at the earliest opportunity and in an appropriate way without fear of reprisal or
victimization; and
•
where issues arise that affect the reliability and integrity of financial information of any business unit, special audits are
commissioned by the Audit Committee or Senior Management, as the case may be, to assist the Board in fulfilling its
oversight responsibilities.
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
(cont’d)