WASCO BERHAD 166 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL INTERNAL AUDIT FUNCTION The internal audit engagements are performed by the Group Internal Audit (“GIA”), where their primary responsibility is to provide independent and objective assurance in assisting the Group to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance. The Head of GIA reports functionally to the AC and administratively to the Managing Director/Group Chief Executive Officer. The audit engagements were carried out based on the approved annual Internal Audit Plan. In FY 2024, the GIA had completed 5 risk-based audit reviews which were presented to the AC. The audit scope included project management and performance review, Environmental, Social and Governance (“ESG”), business strategies, human rights, and foreign subcontract workers management at entities level. High impact audit findings pertaining to risk, control, compliance and governance with recommendation for further improvements were escalated to the attention and scrutiny of the senior management and subsequently tabled to the AC quarterly. Follow-up reviews of audit engagements were also conducted every quarter to ensure proper and effective remedial actions have been taken by the management to close control gaps highlighted by the GIA. All the internal audit activities and processes performed in FY 2024 were guided by the Internal Audit Charter and the GIA Standard Operating Procedure. The GIA is in conformance with the International Standards for the Professional Practice of Internal Auditing. OTHER KEY ELEMENT ON INTERNAL CONTROL SYSTEM Internal control processes, which are embedded for effective Group’s operations include:- • A clearly defined organisational structure and financial authorisation limits; • Group policies, including Principles of Business Conduct and Whistleblowing Policy and Standard Operating Procedures to ensure compliance with internal controls, relevant laws, and regulations; • Annual business plans of all Business Units are reviewed and approved by the Group Senior Management Team; • Group budgets are reviewed and approved by the Board; • Regular operational meetings at Business Units are held to review the operational and key performance indicators against the approved budget; • Utilisation of contract tendering and evaluation process for large projects; and • Weekly report on Group’s cash position is monitored by Group Treasury. Periodic site visits to operating units are undertaken by Group Senior Management Team and/or the members of the Board whenever deemed appropriate. The Group’s system of risk management and internal control applies principally to Wasco Berhad and its subsidiaries. Associate companies and joint ventures are excluded because the Group does not have full management control and/or majority Board representation. This statement is duly approved by the Board at the Board of Directors’ meeting held on 28 February 2025. REVIEW OF THIS STATEMENT As required by Paragraph 15.23, Chapter 15 of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad, the external auditors have reviewed this Statement on Risk Management and Internal Control. Their limited assurance review was performed in accordance with Audit and Assurance Practice Guides (“AAPG”) 3 issued by the Malaysian Institute of Accountants. AAPG 3 does not require the external auditors to form an opinion on the adequacy and effectiveness of the risk management and internal control systems of the Group.
RkJQdWJsaXNoZXIy NDgzMzc=