Sasbadi Annual Report 2018

ANNUAL REPORT 2018 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL 53 INTRODUCTION The Board of Directors (“the Board”) of Sasbadi Holdings Berhad (“Sasbadi Holdings” or “the Company”) is pleased to present the following Statement on Risk Management and Internal Control of Sasbadi Holdings and our subsidiaries (“the Group”) for the financial year ended (“FYE”) 31 August 2018. This Statement has been prepared in accordance with the Statement on Risk Management & Internal Control: Guidelines for Directors of Listed Issuers issued by the Taskforce on Internal Control with the support and endorsement of Bursa Malaysia Securities Berhad. BOARD RESPONSIBILITY The Board recognises the importance of having effective governance, embedding risk management and internal control processes in order for the Group to achieve its objectives and sustain growth and success in its business operations. In this regard, the Board acknowledges its overall responsibility for maintaining a sound risk management and internal control system and for reviewing their adequacy and effectiveness in order to safeguard stakeholders’ investments and the Group’s assets. While maintaining overall responsibility, the Board has delegated its functions pertaining to risk management and internal controls to the Audit Committee. In addition, the Board and the Audit Committee are assisted by the Management in the implementation of the policies and procedures established by the Board on risk management and internal controls. The Board, however, recognises that, due to the limitations inherent in any internal control system, the system is designed to manage, and not to eliminate, the risk of failure to achieve the Group’s business objectives, and it can only provide reasonable but not absolute assurance against material misstatement of financial information and records, or against financial losses or fraud. RISK MANAGEMENT The Group has put in place a risk management framework (“RM Framework”) to assist the Group in managing the various risks faced in its daily business operations. Under the RM Framework, a Risk Management Team (“RMT”), headed by the Group Chief Financial Officer and comprising the Heads of various functions and departments within the Group, has been established to actively manage the risks faced by the Group. The RMT reports to the Executive Management Team (“EMT”) comprising the Executive Directors, and the Audit Committee, both in turn report to the Board. The RMT adopts a strategic approach towards risk management which involves risk identification, evaluation, treatment, monitoring and review. The RMT has been assessing, monitoring and managing the risks on a monthly basis via the use of a checklist of risks. In addition, the risks identified together with the steps taken/to be taken to mitigate the risks are deliberated during the periodic management meetings attended by the EMT and the RMT. INTERNAL CONTROL SYSTEM The key elements of the Group’s internal control system include, among others, the following: ➣ Defined organisation structure with proper segregation of duties, responsibilities and authorities among the Directors, management and employees; ➣ Board Committees (i.e. Audit Committee, Nomination Committee and Remuneration Committee) which undertake their duties and responsibilities according to their delegated functions as set out in their respective Terms of Reference; ➣ Formalised Code of Conduct and Whistleblowing Policy. For the financial year under review, there were no concerns raised of any wrongdoing or improper conduct involving the Group or its Directors or employees; ➣ Documentation of key business processes and authority matrix to ensure decisions are made by the relevant individuals/groups within the authority limits established; ➣ Periodic Board, Board Committee and management meetings to discuss, among others, financial, operational, risk and compliance matters; ➣ Annual budgeting process whereby the annual budget prepared by management is tabled for the Audit Committee’s review before being approved by the Board; ➣ Outsourced internal audit function which reports to the Audit Committee; ➣ Employment procedures and process to facilitate the recruitment and evaluation of employees; and ➣ Insurance coverage on the Group’s assets, where necessary.