STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Cont’d INTERNAL AUDIT FUNCTION AND RISK MANAGEMENT FRAMEWORK cont’d Risk Management Committee cont’d The RMC holds quarterly meetings to review the key risks and, at the same time, ensure that mitigation plans are in place to manage such risks. The adequacy and effectiveness of the controls and the robustness of the mitigation actions are also addressed. The Group recognises the importance of the identification and assessment of ESG and climate risks and has included them as part of the Enterprise Risk Management process. This is to strengthen the resilience of the Group in achieving its long-term business objectives amidst the challenges associated with climate change. The inclusion of climate risks are also in line with the recommendations of the Task Force on Climate Related Financial Disclosure (TCFD). Arising therefrom, the governance structure of the Group was enhanced during the year, with the Sustainability Committee reporting to the RMC on sustainability risks as a coordinated approach for the Company’s long-term sustainability plan. The Company has a Risk Management Policy which guides the overall best practice of identifying, evaluating, managing, reporting and monitoring the evolving risks faced by the Group and specific measures to mitigate these risks. The emphasis is to effectively reduce the impact of risks, respond to immediate risk events and recover from any material business disruption to ensure continuity and sustainability of key business activities and achievement of business objectives. Risk Management Department The Risk Management Department (“RMD”) assists the Board and RMC in discharging their risk management responsibilities. RMD is structured to provide adequate support to the Head Office and Business Units with regard to risk management implementation and monitoring. The RMD is mainly responsible for the following: 1. Outlining the strategic framework to guide the priorities and direction of the Group’s risk management activities; 2. Developing the appropriate risk management guidelines; 3. Monitoring risk exposure and tolerance limits across the Group; 4. Providing the necessary guidance and support for the risk management activities of the Group; and 5. Assessing the effectiveness of the preventive and mitigating controls implemented. The RMD is continuously enhancing the Risk Reports with the guidance of the RMC members. With the introduction of the Risk Heatmap and Key Risk Indicators in 2022, they help the Management and Board members to focus on some of the key risks faced by the Group. Audit Committee For the current year, both the outsourced internal auditors and in-house internal auditors assisted the Audit Committee to fulfill its responsibilities by conducting internal audits in accordance with audit plans reviewed and approved by the Audit Committee. A risk-based approach is adopted via the development of internal audit policies, establishment of annual audit plans, audit work processes and audit work reporting. The Audit Committee reviewed the adequacy of the scope, functions, competency and resources of the internal audit function to ascertain its effectiveness in discharging duties assigned. The details on the Internal Audit function are further explained on pages 69 to 71 of this Annual Report. During the year, the outsourced internal auditors conducted two (2) audits covering two (2) business functions and the in-house internal auditors conducted twenty-four (24) audits covering twenty-seven (27) business functions. The internal auditors also conducted follow up reviews on the implementation status of action plans previously agreed by management. The results of the internal audits and recommendations for improvement co-developed with management were tabled at the Audit Committee meetings for discussion and assessment. Key and significant issues were reported to the Board by the Chairman of the Audit Committee for further deliberation. PRESS METAL ALUMINIUM HOLDINGS BERHAD 73
RkJQdWJsaXNoZXIy NDgzMzc=