PRG Holdings Berhad Annual Report 2019

ANNUAL REPORT 2019 55 KEY ELEMENTS OF RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM (continued) Internal Audit Function (continued) In the financial year under review, the following functions’ processes and/or identified key risk areas of the Group’s operations were reviewed by the Internal Auditors: Corporate, Property Development & Construction and Healthcare Divisions: • Compliance Audit on compliance to MCCG documents, including Charters and Terms of Reference • Compliance Audit on compliance with organisation policies, contracts, laws and regulations • Risk-based Audit on the identified key risk areas of the Property Development Division including: (i) Limited financial resources for new land bank & projects (ii) Changes in government policies and regulatory (iii) Reputation and branding/market recognition (iv) Project management risk (v) Authority approvals (vi) Operation cash flow & liquidity risk (vii) IT system not well protected (viii) Insufficient manpower and lack of resources (ix) Joint venture partner risk (x) Enforcement of Standard Operating Procedures/non-compliance with corporate governance or statutory requirements • Risk-based Audit on the identified key risk areas of the Construction Division including: (i) Economy uncertainty, competitive market and slowdown in residential property market (ii) Cash flow and liquidity risk (iii) Changes in government policies and regulatory requirements (iv) Project management risk for Picasso and Batu Gajah projects (v) Asset management risk – lost & stolen machineries/equipment The findings arising from the above reviews have been reported to the Management for their response and subsequently for the ARMC deliberation. Where weaknesses were identified, recommended procedures have been implemented or are being addressed to strengthen controls. Other Key Elements of Internal Control Other key elements that provide effective internal control include: • The Group has established an organisation structure with clearly defined lines of responsibility, accountability, authority and reporting. • The business plan and annual budget are prepared and presented to the Board for review and approval. • Standard Operating Procedures which includes policies and procedures within the Group are continuously reviewed and updated. • Performance reports are provided quarterly to the Directors and discussed at Board meetings. The Board receives from the management reports covering quarterly financial performance and other corporate matters. • Monthly management accounts and reports are prepared to facilitate effective monitoring and decision making. • On-going trainings and educational programs are identified and scheduled for all staff to acquire the necessary knowledge and competency to meet their performance and job expectations. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL cont’d