ENRA Group Berhad Annual Report 2019

51 ENRA GROUP BERHAD ∞ Annual Report 2019 page Risk Oversight (2 nd Line of Defence) BOARD OF DIRECTORS AUDIT & RISK MANAGEMENT COMMITTEE Internal Audit (3 rd Line of Defense) EXECUTIVE RISK MANAGEMENT COMMITTEE DAY-TO-DAY RISK MANAGEMENT (1 st Line of Defense) RMU RMU RMU RMU RISK MANAGEMENT STRUCTURE RISK MANAGEMENT RESPONSIBILITIES The Risk Management process is a collective responsibility which works by engaging every level of the organization as risk owners of their immediate sphere of risks (as shown in STAKEHOLDERS BOARD MANAGEMENT EMPLOYEES ● Risk management - Policy - Philosophy ● Establish structured risk management system ● Ensure accountability ● Risk aware culture ● Risk profile ● Issues to emerge ● Current risk profile ● Action plans the Risk Management Responsibilities diagram), the Group aims to approach risk management from a top down, bottom up approach (holistically). This is managed through an oversight structure involving the Board, ARMC, Internal Audit, Executive Risk Management Committee and RMUs. INTERNAL AUDIT FUNCTION At present, there is an in-house Internal Audit function. The Internal Audit function operates within the framework of the International Professional Practices Framework by the Institute of Internal Auditors as stated in its Internal Audit Charter, which is approved by the ARMC. The Internal Audit function provides the ARMC with independent opinions of processes, risk exposure and systems of internal control using the Committee of Sponsoring Organization of the Treadway Commission Internal Control – Integrated Framework as a guide. The Internal Audit function assesses the Group’s Internal Control system according to the following five interrelated control elements: • Control Environment • Risk Assessment • Control Activity • Information & Communication • Monitoring The Internal Audit team which is headed by Mr. Melvinder Singh Harminder Singh, Vice President Group Internal Audit, who is a Chartered Member of the Institute of Internal Auditors Malaysia with more than 20 years of experience in internal auditing with the assistance of a team, independently reviews the key business processes, and reports to the ARMC on a quarterly basis. The ARMC reviews and evaluates the key audit issues raised by the Internal Audit function and ensures that appropriate and prompt remedial action is taken by the Management. During the financial year ended 31 March 2019, the Internal Audit function prepared and presented an annual audit review schedule to the ARMC. This annual schedule outlines the key business processes of the Group’s head office departments, property development subsidiaries as well as oil & gas services activities, engineering, construction and fabrication. The ARMC had reviewed and approved the schedule providing the Internal Audit team with the mandate in assessing the adequacy and effectiveness of the Group’s internal control system. Statement on Risk Management and Internal Control