2019 UEM Edgenta Annual Report

126 127 UEM Edgenta Berhad UEM EDGENTA AT A GLANCE MESSAGE FROM OUR LEADERSHIP STRATEGIC FOCUS OPERATIONAL REVIEW SUSTAINABILITY EFFORTS CORPORATE GOVERNANCE INTRODUCTION FINANCIAL REVIEW ADDITIONAL INFORMATION Annual Report 2019 Statement on Risk Management and Internal Control Whistleblowing Policy UEM Edgenta is committed to the highest standards of professionalism, honesty, integrity, accountability and ethical behaviours in the conduct of its business and operations. A Whistleblowing Policy has been formulated to enable employees of UEM Edgenta and the members of the public a platform to report any improper conduct with the Company. The protected disclosure can be made via the structured reporting channel i.e. secured online portal or other avenue such as via email or in writing to the Chairman of the Board or Chairman of BGRC. A whistleblowing committee was established to ensure investigation is conducted when needed, reviews the investigation report and decides on the next course of action based on the nature of the violation. Integrity & Compliance Activities UEM Edgenta has undertaken the following key activities to show our commitment as being an ethical and professional organisation, anchored on ethics, integrity and accountability: • Integrity Day to launch refreshed Code of Conduct for Directors and Employees (including Corruption-Free Pledge witnessed by MACC officer); • Code of Conduct for Business Partners Forum with Corruption-Free Pledge by business partners; • Launch of Anti-Bribery and Anti-Corruption Guide; • Rollout of Conflict of Interest (“COI”) Procedures and COI e-Declaration portal; and • Corruption Risk Assessment and Corruption Risk Survey Organisational Structure The organisational structure of the Group is clear and detailed, defining the roles, responsibilities and reporting line of the various Committees of the Board; Management of the Corporate Office and subsidiaries; departments and individuals. The Board appoints the Managing Director/Chief Executive Officer of the Group, Chief Operating Officer, Chief Financial Officer, Chief People Officer, Heads of Companies of the subsidiaries within the Group, as well as critical roles positions. The organisational structure is reviewed regularly to assess its effectiveness and to ensure that it is in line with any change in business requirements. Operating Plans and Strategies The Group undertakes a comprehensive annual budgeting and forecasting exercise to ensure that the development of business plan for respective operating divisions are in line with the Group’s 5-year operating plan, short-term and long-term strategic plans. Each operating division is responsible for carrying out a comprehensive analysis and identify the strategic priorities as part of the formation process of the Group annual operating plan, 5-year operating plan and strategic plan. It also includes the establishment of Key Performance Indicators (“KPI”) which is deliberated and approved by the Board. The approved annual operating plan, 5-year operating plan and strategic plan are then cascaded to the senior management team members across the Group’s operating divisions for planning and execution. The Group monitors the business performance of respective operating divisions through its KPI and measures it against the approved annual operating plan, 5-year operating plan and strategic plan on a regular basis in the management reports. The management reports analyse and highlight variances against the plan after taking into consideration the macroeconomic sentiments and associated business risks. Similar reports and results are reviewed by the Board on a quarterly basis. The management is responsible for identifying and executing any mitigation action, where necessary. Employee’s Authority and Responsibility The respective Head of Divisions / Departments defines the authority and responsibility of each employee as specified in the Job Description. The establishment of performance monitoring serves as a tool to monitor performance against the set KPI and targets at various levels, covering key financials, customers, internal business processes and learning and growth indicators. Discretionary Authority Limits Clear delegation of authority is defined in the Discretionary Authority Limits (“DAL”), which sets the limit for strategic, operating and capital decisions and expenditures, as well as decision authority for each level of Management within the Group, and also the Board’s authority. The DAL is reviewed from time to time to ensure effectiveness of strategic and operational executions. Statement on Risk Management and Internal Control Procurement As a member of UEM Group Berhad, UEM Edgenta is guided by UEM Group’s Procurement Policy. We have established a Standard Operating Procedure (“SOP”) aligned to the Group Procurement Policy encompassing three key areas, namely, General Procurement, Project Tender & Outsourcing and Contract Management. The potential risks with regard to these three areas is mitigated through procedural governance and compliance as detailed in the SOP. The SOP is reviewed periodically and updated as and when required to ensure continuous improvement in internal controls and taking into consideration process improvement as well any new changes in the group procurement policy. We have included new additional provisions for Compliance with HSSE Management Requirements in the procurement terms and conditions to enhance safety awareness and accountability amongst our contractors. Insurance on Assets Sufficient insurance coverage and physical safeguards on the Group assets, including its human resources are in place to Business Continuity Management Emergency and Crisis Management Recovery and Restoration Management Emergency Response Procedures (“ERP”) Crisis Communications Plan (“CCP”) Crisis Management Plan (“CMP”) Disaster Recovery Plan (“DRP”) Business Continuity Plan (“BCP”) Procedures to manage potential and actual emergency situations with Environmental, Safety & Health (“ESH”) implication Procedures to manage communications when a crisis is imminent or has struck Procedures to manage a crisis mainly dealing with major emergencies to minimise any damage Procedures to recover and protect business IT infrastructure to support business operations Procedures to recover and restore business operations to normality Safety and health of people maintained Communication occurs effectively Crisis managed timely and effectively IT applications / data protected People relocate and resume operations effectively Process Document Nature of Document Objective of Document Diagram 1 – BCM Plans Relationship with Other Documents A live crisis simulation exercise was carried out, which includes emergency evacuation drill, call tree exercise, mobilisation to recovery site and recovery of critical business functions. These exercises cover the areas of emergency response plan, crisis communication plan, IT disaster recovery plan, crisis management plan and business continuity plan as referenced to the table above. The BCM programme will continue with the aim to deliver resilience and BCM awareness across the Group. ensure adequate coverage against any mishap that could result in material loss. Coverage typically includes damage to or theft of assets; liability coverage for the legal responsibility to others for accidents, bodily injury or property damage; and medical coverage for the cost of treating injuries and illness, rehabilitation and death. Insurance coverage is reviewed regularly to ensure sufficient coverage in view of changing business environment or assets. Business Continuity Management (“BCM”) According to the International Standard & Best Practice, BCM is a holistic management of disruption. For all intents and purposes, each plan within an organisation is interlinked and makes a whole. Diagram below illustrates how these plans relate to each other: