Wah Seong Corporation Berhad Annual Report 2018

KEY ELEMENTS AND PROCESSES ON RISK MANAGEMENT AND INTERNAL CONTROLS The key elements and processes that have been established in reviewing the adequacy and effectiveness of the risk management and internal control system include the following:- Risk Management The risk management framework, which is embedded in the management system of the Group, clearly defines the authority and accountability in implementing the risk management process and internal control system. The Management assists the Board in implementing the process of identifying, evaluating and managing significant risks applicable to their respective areas of business and in formulating suitable internal controls to mitigate and control these risks. The Group has adopted a Risk Management Guideline, which is based on ISO 31000, the international guideline for managing risk, to ensure that risk management process is consistent across the Group. Risk owners across the business divisions of the Group define, highlight, report on and manage a variety of risks, including business and operational risks anticipated by them. All business divisions or major departments across the group conducted risk assessments to identify the risks relating to their areas of supervision, analyzed the likelihood of these risks occurring, the impact if they do occur, evaluated the risk level, as well as determined the existing control and actions to be taken to manage these risks to an acceptable level. The risk profiles measures determined from this process are documented in risk registers with each business or operations area having its respective risk register. The overall process is facilitated by the Group Risk Management which is dedicated to this role. The risk register is tabled to the Risk Management Committee every quarter. During the quarterly meeting, the significant risk of business units will be presented to the RMC for their deliberation. The Risk Management Committee reports to the Audit Committee on any significant changes in the business and external environment, which affect key risks. Internal Audit Function The Internal Audit Function reports directly to the Audit Committee (“AC”). All key internal audit staff are from accounting backgrounds and members of the Institute of Internal Auditors, Malaysia. To ensure that the internal audits are effectively performed, it recruits and employs suitably qualified staff with the requisite skills and experience. Such staffs are also given relevant training and development opportunities to update their technical knowledge and auditing skills. Key staff members of the IA Department also receive relevant technical training and attend seminars organised by the Institute of Internal Auditors and other professional bodies. The responsibility of the Internal Audit Function is to evaluate the adequacy and effectiveness of risk management, control, governance processes, report on inadequacies and make recommendations for improvements. Follow-up reviews are undertaken on audit observations to ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action. The results and conclusions noted from these engagements are tabled at the Audit Committee Meetings for deliberation. The annual internal audit plan is reviewed and approved by the AC. The Internal Audit Function is in conformance with the Definition of Internal Auditing, the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing, which are issued by The Institute of Internal Auditors. OTHER KEY ELEMENT ON INTERNAL CONTROL SYSTEM Internal control processes which are embedded for effective Group’s operations includes:- • Clear organisational structure and financial authorisation limits are clearly defined; • Group policies, including Principles of Business Conduct and Whistle Blowing Policy and Standard Operating Procedures to ensure compliance with internal controls, relevant laws and regulations; • Annual business plans of all Business Units are reviewed and approved by the respective Divisional Executive Committee; • Group budgets are reviewed and approved by the Board; • Regular Executive Committee meetings at Business Units are held to review the operational and key performance indicators against the approved budget; • Utilisation of contract tendering and evaluation process for large projects; and • Weekly report on Group’s cash position is monitored by Group Treasury. Statement on Risk Management and Internal Control WAH SEONG CORPORATION BERHAD 66