ENRA Group Berhad Annual Report 2020

ENRA Group Berhad - Annual Report 2020 51 RISK MANAGEMENT STRUCTURE The Risk Management process is a collective responsibility which works by engaging every level of the organisation as risk owners of their immediate sphere of risks (as shown in the Risk Management Responsibilities diagram below). The Group aims to approach risk management from a top down and bottom up approach (holistically). This is managed through an oversight structure involving the Board, ARMC, Internal Audit, ERMC and RMUs. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL INTERNAL AUDIT FUNCTION At present, there is an in-house internal audit function. The internal audit function operates within the framework of the International Professional Practices Framework by the Institute of Internal Auditors as stated in its Internal Audit Charter, which is approved by the ARMC. The internal audit function provides the ARMC with independent opinions of processes, risk exposure and systems of internal control using the “Committee of Sponsoring Organization of the Treadway Commission Internal Control – Integrated Framework” as a guide. The internal audit function assesses the Group’s Internal Control system according to the following five interrelated control elements: • Control Environment • Risk Assessment • Control Activity • Information & Communication • Monitoring The internal audit team is headed by Mr. Melvinder Singh Harminder Singh, Vice President Group Internal Audit and Compliance, who is a Chartered Member of the Institute of Internal Auditors Malaysia with more than 20 years of experience in internal auditing. Mr. Melvinder and his team independently reviews the key business processes, and reports to the ARMC on a quarterly basis. The ARMC reviews and evaluates the key audit issues raised by the internal audit function and ensures that appropriate and prompt remedial action is taken by the Management. During the financial year ended 31 March 2020, the internal audit function prepared and presented an annual audit review schedule to the ARMC. This annual schedule outlines the key business processes of the Group’s head office departments, property development subsidiaries as well as oil & gas services, engineering, construction and fabrication activities. The ARMC had reviewed and approved the schedule providing the internal audit team with the mandate in assessing the adequacy and effectiveness of the Group’s internal control system. RISK MANAGEMENT STRUCTURE DAY-TO-DAY RISK MANAGEMENT (1 st Line of Defence) EXECUTIVE RISK MANAGEMENT COMMITTEE RMU RMU RMU RMU Internal Audit (3 rd Line of Defence) Risk Oversight (2 nd Line of Defence) BOARD OF DIRECTORS AUDIT & RISK MANAGEMENT COMMITTEE RISK MANAGEMENT RESPONSIBILITIES STAKEHOLDERS • Risk management - Policy - Philosophy • Establish structured risk management system • Ensure accountability • Risk aware culture • Risk profile • Issues to emerge • Current risk profile • Action plans BOARD MANAGEMENT EMPLOYEES