2019 UEM Edgenta Annual Report

128 129 UEM Edgenta Berhad UEM EDGENTA AT A GLANCE MESSAGE FROM OUR LEADERSHIP STRATEGIC FOCUS OPERATIONAL REVIEW SUSTAINABILITY EFFORTS CORPORATE GOVERNANCE INTRODUCTION FINANCIAL REVIEW ADDITIONAL INFORMATION Annual Report 2019 Statement on Risk Management and Internal Control Human Resources Management The internal control of UEM Edgenta is realised and supported by a formal organisational structure. This official structure is made of defined lines of authority, responsibility and accountability. These lines of authority, responsibility and accountability are continuously and transparently updated and improved to demonstrate good governance. Talent acquisition policies and guidelines are established within UEM Edgenta and its subsidiaries to ensure that the right candidates with the right competencies are selected to fill available positions at the right time. Potential candidates are subjected to a structured recruitment process which involves multiple behavioural interviews and psychometric assessments. To ensure that we are able to develop a capable, agile and competitive workforce, employees are provided with structured internal training, mobility opportunities and external development programmes. Technical skills training is also prioritised through the development of a technical competency framework and subsequent development interventions. These interventions are tied back to Individual Development Plan of our employees. As a member of UEM Group, UEM Edgenta is also guided by UEM Group’s Performance Management Policy. The existing performance management system has been refined and updated via Align Collaborate Execute (“ACE”) System to monitor and manage employees’ performance. People managers are continuously coached and trained to ensure a robust performance management. Management Information System (“MIS”) In the era of Industrial Revolution 4.0, the Group is increasingly investing in tools and solutions that allow processes, people and technology to be integrated into a single integrated network for data collection, data analysis, the evaluation of organisation development, and performance improvement. The Group has also embarked on cloud computing through partnership with Microsoft, using Microsoft Azure cloud platform to host, deploy and manage systems and applications. With cloud computing, the Group does not have to deploy extensive hardware, configure and manage networks and infrastructure in IoT deployments. As a result, this has helped to speed up development process while cutting down on development cost. The investment in cloud computing also offers the Group the ability to better oversee and manage a variety of its core business operations. Processes and policies surrounding cloud computing is in place to ensure the integrity and safety of data of both the Company and users. Disaster Recovery Planning Disaster Recovery Planning for the Group is a subset of BCM. Data, systems and applications that are stored in the cloud ensures it is backed up and protected in a secure and safe location. Being able to access company’s data again quickly allows us to conduct business as usual, minimising any downtime and loss of productivity. Internal Audit The Group has established its own Internal Audit Department (“IAD”) and the internal audit functions of the Group were undertaken by the IAD auditors. The reviews are based on the Annual Audit Plan approved by the ARC. The results of such reviews are reported regularly to the ARC. The ARC holds regular meetings to deliberate on findings and recommendations for improvements by both the internal and external auditors on the state of the internal control system, and report back to the Board. The Group has also established a Management Audit Committee (“MAC”) to ensure effective actions are taken to address internal control weaknesses and proper closures of all audit issues highlighted by the IAD. The MAC is chaired by the MD/CEO and holds its meeting regularly. Internal control weaknesses identified during the financial period under review have been or are being addressed by the management. None of the weaknesses have resulted in any material loss that would require disclosure in the Group’s financial statements. Statement on Risk Management and Internal Control Our Sustainability Commitment We recognise that as an Asset Management and Infrastructure Solutions Company, our role transcends beyond the ordinary. We are determined to preserve the economic value and benefits of critical infrastructure and other assets under our care, making it sustainable for our future generations. In undertaking our sustainability commitment, UEM Edgenta and its subsidiaries are guided by its Sustainability and Corporate Responsibility Policies. Both the mentioned policies are accessible in the Company’s website at uemedgenta.com . The Group also adopts Bursa Malaysia’s Sustainability Reporting Guide & Toolkits and the Global Reporting Initiatives (“GRI”) Standards to report its Economic, Environmental and Social (“EES”) performance on material matters of our businesses and value chain in the annual report which is accessible in the Company’s website at uemedgenta.com . ASSURANCE FROM MANAGEMENT The Board has received assurance from the Managing Director/Chief Executive Officer and Chief Financial Officer that a review on the adequacy and effectiveness of the risk management framework and internal control system has been undertaken and the Group’s risk management and internal control system are operating adequately and effectively, in all material aspects, based on the risk management and internal control system of the Group. REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS The External Auditor have performed limited assurance procedures on this Statement on Risk Management and Internal Control in accordance with Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information and Audit and Assurance Practice Guide 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants (“MIA”) for inclusion in the Annual Report of the Group for the year ended 31 December 2019, and reported to the Board that nothing has come to their attention that causes them to believe that the statement is not prepared, in all material respects, in accordance with the disclosure required by paragraphs 41 and 42 of the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers, nor is the Statement factually inaccurate. This Statement on Risk Management and Internal Control was approved by the Board on 23 March 2020. CONCLUSION The Board is of the view that the risk management and internal control system are in place for the year under review, and up to the date of approval of the Statement on Risk Management and Internal Control, are sound and sufficient to safeguard shareholders’ interests and the Group’s assets.