Ni Hsin Berhad Annual Report 2018

Ni Hsin Resources Berhad (653353-W) Annual Report 2018 30 THE SYSTEM OF RISK MANAGEMENT AND INTERNAL CONTROL (continued) • Each department measures its performance against its business objectives and monitors the identified risks associated with the achievability of its objectives; • The public releases of quarterly financial reports are made after the review by the ARMC and the approval of the Board; • There are guidelines within the Group for hiring and termination of staff. Appointment of staff is based on the required level of qualification, experience and competency to fulfil their responsibilities. Training and development are provided for selected employees to enhance their competency in carrying out their responsibilities; • A formal employee appraisal to evaluate and measure employee’s performance and their competency is performed at least once a year; • A centralised accounting and disbursement function ensures compliance with the procedures and approval authority; • A co-ordinated procurement function for major purchases and maintenance expenditures that ensures adherence to approval procedures as well as to leverage on economies of scale; • Regular production meetings, which involve the senior production management and related units to promptly address any production problems faced; • ISO 9001:2015 Quality Management System has been implemented for a subsidiary, Ni Hsin Corporation Sdn Bhd documented internal procedures and standard operating procedures have been put in place and internal quality audits are carried out by the management and annual surveillance audits are conducted by a certification body to provide assurance of compliance with the procedures. The key aspects of the risk management process are: • The RMWC coordinates and oversees risk management activities across the Group; • The RMWC will report to the Board significant risks that require the Board’s attention; • An enterprise risk assessment will be performed with inputs from Executive Directors and Heads of Departments; • The RMWC maintains a Registry of Risk which is the identification and analysis of risks to the achievement of business objectives. A scoring of the risks is then performed based on the likelihood of the risks occurring and the evaluation of the consequence of the occurrence. This forms a basis for determining how risks should be managed. The Registry of Risk is updated on a half yearly basis, and when any material changes in risks are identified; • The RMWC then deliberates and decides the risk response to the identified risks. The risk response could be to transfer, reduce, accept or avoid the risks. The residual risks are then tabled to determine whether it should be reported as a key issue or a supplemental issue where internal controls could be used to mitigate the risks; • Heads of Departments will then monitor and review the key risks and report to the RMWC from time to time. Any significant change in existing risks with significant impact or the emergence on new risks will warrant an immediate reporting to the RMWC; and • Key risks will be highlighted to the internal audit function to review and monitor proper controls are implemented and carried out to mitigate those risks. Statement on Risk Management and Internal Control (continued)