PRG Holdings Berhad Annual Report 2020

Annual Report 2020 Statement On Risk Management and Internal Control cont’d 49 KEY ELEMENTS OF RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM (continued) Risk Management Framework (continued) The Group’s risk management framework has the following key attributes: (continued) • Key elements of risk management framework: i. Identify new risks and determine whether existing risks remain relevant to the Group’s objectives; The RMT conducts quarterly review of business risks to identify new risks as well as to determine whether previously known risks remain relevant. However, if an abrupt situation which has serious bearings on the Group’s business operating environment arises, RMT will respond immediately to invoke the risk reviewing process. ii. Evaluate the risks and develop risk mitigating action plans; and The identified risks, which may fall into the category of strategic risk, operational risk, credit risk, finance/account risk or IT risk, will be evaluated by RMT and thereafter effective controls and risk mitigating action plans will be developed and implemented to address and mitigate the risks identified. iii. Monitor the progress of action plans and review the business risks from time to time. RMT will closely monitor the outcome of the implementation of the controls and action plans carried out by the various levels of management and will re-evaluate the risks and formulates new mitigating strategy if the desired results are not achieved. • Risk Reporting Risk management review is conducted every quarter. Significant risks identified by RMT are reported to ARMC and the Board during quarterly meetings. The internal auditors provide an independent assessment of the adequacy and reliability of the operational risk management processes and report its findings to the ARMC. Internal Audit Function The Group has an in-house internal audit department for the Manufacturing Division that carries out regular reviews of the Division’s operations and system of internal control by examining and evaluating business processes to determine the adequacy and efficiency of financial and operating controls, and highlighting significant risks and non-compliance impacting the Group. Where applicable, the internal audit department provides recommendations to improve the effectiveness of risk management, controls and governance processes. The internal audit functions for the Corporate, Property Development & Construction and Agriculture Divisions was outsourced to an independent consulting firm who performs the audit in accordance with the Internal Auditors’ International Standards for the Professional Practice of Internal Auditing for Internal Control Review to assess the adequacy and integrity of the Group’s risk management. The Internal Auditor reports directly to the ARMC on improvement measures pertaining to internal control, including subsequent follow-up to determine the extent of their recommendations that have been implemented by the Management. Periodic audit reports and status on follow up actions are submitted to the ARMC, who reviews the findings with Management at its quarterly meetings. The Management is responsible for ensuring that corrective actions to control weaknesses are implemented within a defined time frame. The status of implementation is monitored through follow-up audits which are also reported to the ARMC. The ARMC reviews the internal audit function, the scope of the annual internal audit plan, as well as the findings within its scope of responsibilities. The ARMC meets at least four (4) times a year with the Board to discuss significant issues found during the internal audit process and makes the necessary recommendations to the Board.