UEM EDGENTA BERHAD ANNUAL REPORT 2021 1 2 3 4 5 6 7 GOVERNANCE 159 158 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL With cloud computing, the Group would be less concerned about managing and configuring the physical hardware, networks and infrastructure, liberating our resources to focus on elevating its digital quotient to digitise and transform the core business operations. Investment in cloud related technologies also helps accelerate application development cycle and simplify tech operations. Disaster Recovery Planning Disaster Recovery Planning for the Group is a subset of BCM. Data, systems and applications that are stored in the cloud platform ensure that they are backed up and protected in a secure and safe location. Being able to access the company’s data again quickly allows us to conduct business as usual, minimising any downtime and loss of productivity. JOINT VENTURES AND ASSOCIATES The disclosures in this statement do not include the risk management and internal control practices of the Group’s joint venture and associate companies, as the Board does not have any direct control over their operations. The Group’s interests in these entities are safeguarded through the representation on the Boards of the respective companies where management accounts and periodical reports are received and reviewed, as well as deliberation on proposals related to these companies. Such representation also provides the Board with information for decision-making on the continuity of the Group’s investments based on the performance of the Group’s joint venture and associate companies. INTERNAL AUDIT The Group has established its own Internal Audit Department (“IAD”) to carry out internal audit function of the Group. IAD reports functionally to the Audit Committee (“AC”) and administratively to the Managing Director/Chief Executive Officer. The IAD regularly reviews the Group’s systems of internal controls and evaluates the adequacy and effectiveness of the controls, risk Human Resources Management UEM Edgenta’s internal controls are realised and supported by a formal organisational structure. This official structure is made of defined lines of authority, responsibility and accountability. These lines of authority, responsibility and accountability are continuously and transparently updated and improved to demonstrate good governance. Talent acquisition policies and guidelines are established within UEM Edgenta and its subsidiaries to ensure that the right candidates with the required and appropriate competencies are selected to fill available positions at the right time. Potential candidates are subjected to a structured recruitment process which involves multiple behavioural interviews and assessments. For critical positions, the hiring process also involves pre-employment background screening which includes checks on education records, credit records, criminal records and directorship to minimise the risk of exposure of the Company. To ensure that we are able to develop a capable, agile and competitive workforce, employees are provided with structured internal training, mobility opportunities and external development programmes. Technical skills training is also prioritised through the development of a technical competency framework and subsequent development interventions. These interventions are tied back to Individual Development Plan of our employees. Management Information System (“MIS”) The Group is continuously investing in tools and solutions that allow processes, people and technology to be apportioned into the public cloud with better accessibility across the organisation for data collection, data analysis, evaluation of organisation development, and operational performance improvement. The Group has embraced cloud computing via partnerships with Microsoft and Alibaba to use both Azure and Alibaba cloud platforms to host, deploy and manage systems and applications. Additionally, the Group has converted its own data centre into hybrid cloud that primarily hosts development and test environments, enabling seamless deployment between different clouds. management and governance processes implemented by the management. The reviews conducted are based on the risk-based Annual Audit Plan approved by the AC. The results of audit reviews, including status of management action plans to address gaps identified in the governance processes, risk management processes and controls during the engagements are reported regularly to the AC for deliberation. The Group has also established a Management Audit Committee (“MAC”) to ensure effective actions are taken to address internal control weaknesses and proper closures of all audit issues and areas for improvement highlighted by the IAD. The MAC is chaired by the Managing Director/Chief Executive Officer and holds its meeting regularly. Internal control weaknesses and areas for improvement regarding risk management and governance identified during the financial period under review have been or are being addressed by the management. None of the weaknesses identified have resulted in any material loss that would require disclosure in the Group’s financial statements. ASSURANCE FROM MANAGEMENT The Board has received assurance from the Managing Director/Chief Executive Officer and Chief Financial Officer that a review on the adequacy and effectiveness of the risk management framework and internal control system has been undertaken and the Group’s risk management and internal control system are operating adequately and effectively, in all material aspects, based on the risk management and internal control system of the Group. REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS The External Auditor has performed limited assurance procedures on this Statement on Risk Management and Internal Control in accordance with the Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information and Audit and Assurance Practice Guide 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants (“MIA”) for inclusion in the Annual Report of the Group for the year ended 31 December 2021, and reported to the Board that nothing has come to their attention that causes them to believe that the statement is not prepared, in all material respects, in accordance with the disclosure required by paragraphs 41 and 42 of the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers, nor is the Statement factually inaccurate. This Statement on Risk Management and Internal Control was approved by the Board on 28 March 2022. CONCLUSION The Board is of the view that the risk management and internal control system are in place for the year under review, and up to the date of approval of the Statement on Risk Management and Internal Control, are sound and sufficient to safeguard shareholders’ interests and the Group’s assets. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=