38
GHL Systems Berhad
(293040-D)
RESPONSIBILITY OF THE BOARD
The Board recognises the importance of a sound framework of risk management and internal controls for good
corporate governance and to safeguard the Group’s assets and shareholders’ interests. Towards this end, the
Board is committed to maintaining a sound risk management framework and internal control system for the
Group and ensuring its continued effectiveness, adequacy and integrity through a process of periodic review.
The Board has delegated the responsibility of undertaking this process of periodic review to the Audit and Risk
Committee (“ARC”), whose responsibilities and duties are detailed in the ARC Report section of this Annual
Report. However, the Board as a whole remains ultimately responsible for the effectiveness, adequacy and
integrity of the system of risk management and internal controls.
The Boards’ risk management approach has continued to evolve in line with the Group’s expanding activities.
In recent years, the Group’s business has rapidly expanded beyond its traditional Shared Services segment
into areas such as Solutions and Transaction Payment Acquisition (“TPA”) which are expected to contribute
significantly to the Groups business in the coming years. The Group is also committed to grow its overseas
markets and to identify suitable Merger and Acquisition (“M&A”) opportunities in ASEAN.
The Board is aware that expansion into new areas of business, operating in different countries and M&A activity
can involve new and different risk considerations. Whenever these events occur, the Board will, in addition to
its normal risk management process, pay particular attention to whether the overall risk profile of the Group has
been impacted and whether existing internal controls are sufficient to address additional risks, if any. The Board
has during FY2014, continued to strengthened the Groups’ governance and risk management framework to
identify, assess, mitigate, report and monitor significant risks in an effective manner.
The Board recognises the integral role of key management in the risk management and internal control process.
The Board had established the Risk Management Committee (“RMC”) comprising senior management to identify
and assess the Group’s risks and thereafter to design, implement and monitor appropriate risk management
processes and internal controls to address and mitigate such risks.
KEY INTERNAL CONTROL PROCESSES
The Groups’ internal control system comprises the following key processes:
1. Authority and Responsibility
a. Board Committees
Board Committees are established and operate under clearly defined Terms of Reference, which are
reviewed regularly, to objectively and independently focus on certain responsibilities delegated by the
Board.
b. Approval Matrix
A documented approval matrix is implemented that reflects the authority and authorisation limits of
Management in all aspects of the company’s key business decisions.
2. Monitoring and Reporting
Monthly management meetings are led by the respective country heads for various lines of operations and
business units, on key business performance, operating statistics and regular matters. This enables effective
monitoring of significant variances and deviation from standard operating procedures and budget. The
Board is also kept appraised on the Company’s performance during the scheduled board meetings with
the Company’s business performance and plans being reviewed and deliberated.
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
