Frontken Berhad Annual Report 2020

Annual Report 2020 41 FRONTKEN CORPORATION BERHAD 200401012517 (651020-T) INTERNAL AUDIT FUNCTION – ITS COMPOSITION AND SCOPE OF COVERAGE (CONT’D) Outsourced internal audit coverage – Group (save for Taiwan operations) The outsourced internal audit team, which is helmed by an average of four (4) professionals fromthe firm, including the head of the team, Mr Karthigayan Supramaniam, who is a member of the Malaysian Institute of Accountants and the Institute of Internal Auditors, Malaysia, conducted an assessment of the Group’s system of internal control during the financial year under review, focusing on selected significant business units and reported its observations, including Management’s response and action plans thereto, directly to the Audit Committee. The internal audit function also conducted a follow- up on the status of implementation of action plans by Management on the recommendations highlighted, as deemed relevant. The Audit Committee took note of the issues highlighted and questions were posed to Management on the timeliness of measures to address the issues as reported. The internal audit plan for the financial year was prepared based largely on the Group’s financial information and the relative risks of the business units to the achievement of the Group’s business objectives. The outsourced internal audit function adopted a risk-based and process life cycle approach in identifying auditable entities within the Group as well as the auditable areas. This approach deployed aligns with the International Professional Practices Framework of the Institute of Internal Auditors Inc. (“IIA”), which encompasses, inter-alia, the Definition of Internal Auditing, Code of Ethics, Core Principles and International Standards for the Professional Practice of Internal Auditing, and the IIA Risk Based Internal Auditing Guidance. For the financial year ended 31 December 2020, the following two (2) business units in Malaysia, together with the identified processes, were selected for internal audit with the Audit Committee’s concurrence: Name of business unit Processes coveredby internal audit, addressing the key business risks therein Frontken (Singapore) Pte Ltd • Sales to receipts (including customer credit management and debt monitoring and collection) • Procure to pay (including vendor management) • Health, Safety and Environment Frontken (East Malaysia) Sdn Bhd • Sales to receipt (including debt monitoring) • Procure to pay (including vendor management) • Health, Safety and Environment Internal audit tests were carried out by the internal audit function to assess the adequacy and operating effectiveness of the business units’ system of internal controls in achieving corporate objectives. Transactions and activities were selected for testing on a sample basis. Due to travel restrictions under the Movement Control Order, the internal auditors have adapted the following to support the provision of assurance in the course of their audit: • Remotely working to perform the audit, and what, if any, impact remote working has on the assessment of the control environment being considered and practicalities of how the audit would need to be undertaken. Obtained electronic documentation and requested evidence as far as possible in advance. • Identified all key stakeholders per reviewand understand their availability during planned fieldwork dates. Scheduled time with individuals to undertake remote walkthrough, progress updates and to discuss emerging findings. • Adopted the use of new technologies to deliver work, such as Zoom or Skype for virtual meetings. Recording such interactions to enhance internal audit evidence. • Accelerated the deployment of analytics to deliver internal audit work remotely and focus on outliers. Observations on systems weakness and areas for improvement, including recommended mitigating measures to address the concerns raised, were highlighted in internal audit reports presented to the Audit Committee during the financial year under review. Statement On Risk Management and Internal Control (cont’d)