STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL INTRODUCTION In accordance with Paragraph 15.26(b) of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad, the Board of Directors of public listed companies are required to include in their annual report a statement about the state of risk management and internal control of the listed issuer as a group. The Malaysian Code on Corporate Governance requires listed companies to maintain a sound system of internal control to safeguard shareholders’ investments and the group’s assets. Set out below is the Board’s Statement on Risk Management and Internal Control, which has been prepared in accordance with the “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers” (the “Guidelines”). BOARD RESPONSIBILITY The Board is committed to maintaining both a sound system of risk management and internal control and the proper management of risks throughout the operations of the Group. The Board acknowledges that it is ultimately responsible for the Group’s system of internal control including the establishment of an appropriate control environment and framework, which encompass financial, operational and compliance controls, and risk management. The Board is responsible for identifying, evaluating and managing the significant risks of the Group, as well as reviewing the adequacy and effectiveness of the risk management and internal control system on an ongoing basis. This process has been in place for the financial year under review and up to the date of approval of this statement for inclusion in the annual report. The Board believes the risk management and internal control system in place are adequate and effective to manage the risk of the Group. In view of the limitations inherent in any process, the Group has established a system of internal control and risk management designed to mitigate the risks that may impede the Group from achieving its objectives. As risks cannot be eliminated completely, the system can only provide reasonable, but not absolute assurance against material misstatements, losses or occurrences of unforeseeable circumstances. INTERNAL AUDIT FUNCTION AND RISK MANAGEMENT FRAMEWORK The Board delegates the responsibility of monitoring the system of risk management and internal controls to the Risk Management Committee and Audit Committee. Notwithstanding the delegated responsibilities, the Board retains its overall responsibility in the establishment and oversight of the Group’s risk management framework and internal controls systems. The Board recognises that the internal controls systems are designed to manage and minimise rather than eliminate and avoid occurrences of material misstatements or unforeseen circumstances, fraud or losses. This statement does not deal with the associates and joint operation of the Group. Assessments on the adequacy, efficiency and effectiveness of the internal control of the associates and joint operation are performed under the purview of their respective established governing procedures. Risk Management Committee The Risk Management Committee (“RMC”) was established to assist the Board in providing oversight, direction and counsel on the overall risk management process, establishing and reviewing the risk management framework, process and responsibilities as well as assessing whether they provide reasonable assurance that risks are managed within tolerable limits. The specific duties of the RMC are as follows: 1. Review the adequacy of the scope, function, authority and resources of the Risk Management Department; 2. Provide oversight, direction and counsel to the risk management process to ensure that appropriate risk management policies, framework and processes are implemented; 3. Review the Group’s risk profile and ensure that potential significant risks, including Environmental, Social and Governance (“ESG”) risks that are outside tolerable ranges are addressed with appropriate and effective preventive and mitigation actions; 4. Monitor and evaluate the risk profile and risk appetite of the Group; 5. Review and monitor the integration of ESG risks into the Group’s risk management framework; and 6. Conduct periodic review of the Group’s Risk Management Policy and Framework. ANNUAL REPORT 2022 72
RkJQdWJsaXNoZXIy NDgzMzc=