Annual report 2014
39
3. Policies and Procedures
The Group has defined and documented internal policies and standard operating procedures to ensure,
inter alia sound internal controls are embedded and compliance with applicable laws and regulations. The
policies and procedures are also reviewed on a regular basis to ensure relevance and effectiveness.
4. Internal Audit Function
As part of the Groups’ efforts to establish a sound framework for risk management and internal control, an
in-house audit function is established as a key component of its internal control process. The Group Internal
Audit (“GIA”) reports independently to the ARC and is guided by a formalised Internal Audit Charter.
In attaining this, the GIA undertakes Internal Audit reviews for the Group based on an annual internal audit
plan approved by the ARC. The results of all internal audit reviews, together with recommendations, are
presented to management for discussion and agreement on necessary corrective action plans prior to
finalisation of the report. At each ARC meeting, the Head of Internal Audit updates the ARC of all the
status of ongoing audits and where appropriate, presents Internal Audit Reports and observations. Relevant
management are invited to be present to during such presentations.
5. Risk Management
a. Risk Management Committee
The RMCwas established by the Board in 2012 as a key component of the Risk Management Framework.
The RMC, which is headed by the Group’s Chief Executive Officer (“CEO”), comprises the Group’s
Chief Financial Officer (“CFO”) and country heads and financial controllers from each country. The
responsibilities of RMC are as follows:
• To identify and assess on an ongoing basis, the risks faced by the Group and thereafter to design,
implement appropriate risk management processes and internal controls to address and mitigate
such risks in an effective manner;
• To periodically assess and review the continued effectiveness and appropriateness of risk
management processes;
• To determine and recommend to the Board the Groups’ risk appetite and tolerance;
• To continuously promote an effective risk awareness culture throughout the Group through written
and other forms of communication to employees and stakeholders;
• To be accountable and periodically report to the Board, through the ARC, for the design,
implementing and monitoring of the system of risk management and providing assurance to the
Board that it has done so.
The Head of Internal Audit function was invited to attend meetings of the RMC as an observer
and provides the ARC with an independent assessment of the adequacy and reliability of the risk
management processes and compliance with risk policies.
The RMC met once in 2014 to conduct a yearly risk assessment and reported the findings to the Audit &
Risk Committee. On a quarterly basis, the RMC chairman i.e. Group CEO and the Group CFO is invited
to the ARC meeting to formally brief the committee of the latest risks faced by the Group and the
corresponding action plans taken to mitigate them.
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
