Kimlun Corporation Berhad Annual Report 2020

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL t 1FSJPEJD PQFSBUJPOBM SFWJFX NFFUJOHT BSF IFME BOE BUUFOEFE CZ UIF Executive Directors, heads of department and key management staff to consider financial and operational issues of the Group as well as any management proposal; t "DUJWF JOWPMWFNFOU PG EJSFDUPST JO UIF PQFSBUJPO BOE NBOBHFNFOU of newly set up branch and subsidiary companies; t $FOUSBMJTFE DPOUSPM PG GJOBODJBM SFTPVSDFT CZ IFBE PGGJDF PG respective subsidiary companies; t 'PSNBMJTFE XIJTUMFCMPXJOH QPMJDZ BOE DPEF PG DPOEVDU BSF established to ensure high standards of conduct and ethics in the business operations; t 4FU PVU QPMJDJFT BOE QSPDFEVSFT GPS BOUJ CSJCFSZ BOE DPSSVQUJPO BOE develop internal guidelines to ensure that the Group’s business is conducted in an ethical manner with integrity and honesty; t *40 2VBMJUZ .BOBHFNFOU 4ZTUFN IBT CFFO JNQMFNFOUFE for certain subsidiaries of the Company. Annual surveillance audits are conducted by a certification body to provide assurance of compliance with ISO 9001:2015; t "EFRVBUF JOTVSBODF DPWFSBHF BOE QIZTJDBM TBGFHVBSEJOH PG NBKPS assets are in place to guard against any mishap that may result in material losses to the Group; t 5IF JOUFSOBM BVEJU GVODUJPO QSPWJEFT SFBTPOBCMF BTTVSBODF PO UIF effectiveness of the system of internal control within the Group. Internal audits are conducted to review the effectiveness of the control procedures and are directed towards areas with significant risks as identified by the AC and Management, and the risk management process is being audited to provide assurance on the management of risks; and t 3FWJFX PG JOUFSOBM BVEJU SFQPSUT BOE GPMMPX VQ PO BVEJU GJOEJOHT CZ the AC. The internal audit reports are deliberated by the AC and are subsequently presented to the Board on a quarterly basis where the AC sought clarifications from the Executive Directors on internal control matters and provided its views and recommendations on areas where improvements could be made. INTERNAL AUDIT FUNCTION The Group has outsourced its internal audit function to Tricor Axcelasia Sdn. Bhd. (the succeeding company of NGL Tricor Governance Sdn Bhd), a professional service firm. The firm and its assigned personnel are free from any relationships or conflicts of interest, which could impair their objectivity and independence. The internal audit function has been mandated to continually assess and monitor the Group’s system of internal control. The total cost paid or payable by the Group to the professional service firm amounted to RM50,000 for FY 2020. The internal audit function adopts a risk-based approach and prepares its audit strategy and plans based on the risk profiles of individual business units of the Group. These plans are updated periodically and approved by the AC. The internal audit function employs the widely used internal control guidance, the Internal Control - Integrated Framework issued by the Committee of Sponsoring Organisations (“COSO”) of the Treadway Commission in assessing and monitoring the effectiveness of the Group’s internal control. The monitoring, review and reporting arrangements undertaken by the Internal Auditor gives reasonable assurance that the internal controls embedded within the major business processes of the Group are appropriate to the Group’s operations to adequately manage the key risks of the Group. The key elements of the Group’s internal audit function are described below: 1. Prepare a detailed Audit Plan based on a risk-based methodology with the scope and frequency of the internal audit activities for the AC’s approval. 2. Carry out audit activities on business units of the Group to ascertain the adequacy and integrity of their system of internal controls, governance, risk management capability and adequacy of the management team. The assessment on recurrent related party transaction procedures is carried out annually. 3. Report to the Management upon completion of each audit on any significant control lapses and/or deficiencies noted from the reviews and the root-cause analysis results (where applicable), for their verification and corrective action plan. 4. Report to the AC on all significant non-compliance, internal control weaknesses, root-cause analysis results (where applicable), and agreed actions taken by Management to resolve the audit issues identified. 5. The internal audit results are communicated with ratings on the overall adequacy and effectiveness of management’s risk management and internal control effectiveness in relation to the approved internal audit focus (coverage) areas. This rating reflects the internal audit conclusion or opinion. There are also implementation priority ratings for each internal audit findings. This rating communicates the level of urgency that an improvement shall be implemented. 6. Follow-up on internal audit issues identified to ascertain whether agreed corrective action plan has been carried out by the Management and provide updates to the AC. WEAKNESSES IN INTERNAL CONTROLS WHICH RESULTED IN MATERIAL LOSSES There were no major weaknesses in internal controls which resulted in material losses during the financial year under review until the date of approval of this Statement. REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS The external auditors have reviewed this Statement on Risk Management and Internal Control and reported to the Board that nothing has come to their attention that causes them to believe the Statement is inconsistent with their understanding of the process adopted by the Board in reviewing the adequacy and integrity of the Group’s internal control system. This statement is made in accordance with the resolution of the Board of Directors dated 29 April 2021. Kimlun Corporation Berhad Registration No. 200901023978 (867077-X) 055