INTERNAL CONTROL SYSTEM The Board has established an internal control system to provide an effective governance and oversight, which include the following key components:- • Organisational Structure An organisational structure with clear defined lines of responsibility and accountability has been established in line with the business and operating requirements to support a strong control environment. • Annual Business Plan and Budget All key operating divisions are involved in the preparation of the annual business plan and budget taking into consideration the established risk appetite. They will have to go through a challenge session with the Management before the proposal is deliberated by the Board for approval. The Board will regularly review the performance achievements and any revision to the business plan and budget will be re-tabled for the Board’s approval. • Authority Limits The Board has approved the Authority Limits document which outline the approving authority and the approving limits to the respective Management Committees as well as to the relevant Head of Division. • Oversight by the Board Audit & Examination Committee (BAEC) The BAEC is established to assist the Board in ensuring a reliable and transparent financial reporting process and internal control system are in place within the Group and provide an independent oversight on the effectiveness of the internal and external audit functions. Material control lapses are escalated to the BAEC for deliberation. The BAEC also deliberates any unresolved audit findings to ensure the Management undertakes the relevant remedial actions within the timeline. • Oversight by the Board Risk Committee (BRC) The BRC assists the Board in ensuring that a sound and robust risk management framework as expected by BNM is in place and effectively implemented. The BRC provides an independent oversight on the Management’s activities in managing credit risk, market risk, liquidity risk, operational risk (which includes legal risk, compliance risk, Shariah non-compliance risk, IT risk and business continuity risk), sustainability risk (including climaterelated risk) and other relevant risk and to ensure that the risk management process is in place and functioning for the Group. • Oversight by Other Board Committees There are other Board Committees established to assist the Board in discharging its overall governance responsibilities and oversight functions. These Board Committees are the Board Nomination & Remuneration Committee (BNRC), the Board Financing Review Committee (BFRC), the Board Strategic & Sustainability Committee (BSSC) and the Board IT Committee (BITC). The Board has mandated these Board Committees the authority to review all matters within the scope defined in their respective Terms of Reference and make the relevant recommendations to the Board. • Management Executive Committees The Management has set up various Management Executive Committees to assist and support the various Board Committees in overseeing the relevant areas of business operations and controls. This includes Management Committee, Management Risk & Control Committee, Asset & Liability Management Committee, Management Audit Committee, Management IT Committee, Business Continuity Management Committee and Financing Committees. • Policies and Guidelines Several policies and guidelines governing the Group’s business and operations have been put in place and are made available to employees via the intranet portal for reference and compliance. These policies and guidelines are regularly reviewed and updated by the respective business and support units to cater for any changes in laws and regulations as well as changes to the business and operating environments. • Performance Review The Board is regularly apprised on the key financial position of BIMB and its major subsidiaries at every Board meeting and where necessary, the Board may instruct the Management to take necessary actions to resolve any issues identified in a timely manner. • Regular Updates on Risk Management Report Risk Management frameworks, policies, guidelines, tools and methodologies are regularly reviewed and updated to ensure relevance to the current business environments and regulatory requirements. The risk management report of the Bank and its major subsidiaries are also regularly deliberated at the BRC, where any key risk issues will be highlighted for discussion. INTEGRATED ANNUAL REPORT 202 1 Key Messages Overview Value Creation MD&A Sustainability Leadership Accountability Financial Additional Information 203
RkJQdWJsaXNoZXIy NDgzMzc=