SCC Holdings Berhad Annual Report 2017

SCC Holdings Berhad (511477-A) | Annual Report 2017 19 KEY ELEMENTS OF THE INTERNAL CONTROL SYSTEM Internal controls are embedded in the Group's operations as follows: Organisational Structure The Group has in place an organisational structure with clearly defined lines of responsibilities and functionalities which promotes appropriate levels of accountability for risk management, control procedures and effectiveness of operations. All new employees are required to undergo an orientation programme and the job function is clearlywritten for transparency and better accountability. Board and Management Meetings Strategic planning and detailed target setting for each area of business are established during the year end. Business unit conducted their monthly departmental meeting discussing departmental progress and planning for future including any departmental risk management matters. The management will meet on a bi-monthly basis to monitor the Company's actual results against a target, whereby significant variances are being investigated and management action is taken, where necessary as well as to obtain feedbacks on daily operational issues. The Board meets on a quarterly basis to review agendas which amongst others include periodical internal audit reports. Performance Management Framework Management reports are generated on monthly and quarterly basis to allow the Board and the Group's management to monitor the performance of its respective business units. The Group's management information system is designed to provide the management with better reporting and review encompasses financial and non-financial matters for compliance and daily operational use. Limits of Authority The level of authorities and lines of responsibilities from business divisions up to the Board level are well-defined to ensure accountabilities and responsibilities for risk management and control activities. Operational policies and procedures The Group's policies and procedures form an integral part of the internal control system to safeguard the Group's assets against material losses and to ensure that the daily operations are running smoothly. Regular reviews are performed to maximise operation efficiency. Operation control procedures have been established in accordance to ISO 9001 standard. This is to ensure that the business processes flow is being executed as per best practices recommended by the standard. The new ISO9001:2015 standard will have a section for risk management which will further enhance our risk management and internal control procedures. We shall be converting to the new standard in May 2018. AUDIT COMMITTEE AND INTERNAL AUDIT The Company adopts a risk-based approach to the implementation and monitoring of relevant internal controls. The Audit Committee was entrusted by the Board to ensure that an effective and adequate internal control system is in place at all times. To assist the Audit Committee in discharging its duties and responsibilities, the internal audit function was outsourced to an independent professional service firm to take charge of the Group's internal audit function during the financial year. The report is submitted to the Audit Committee, which reviews the findings with Management at the Audit Committee Meeting. In assessing the adequacy and effectiveness of the system of internal controls of the Group, the Audit Committee reports to the Board its activities, significant results, findings and the necessary recommendations or changes. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL (CONT’D)