Wah Seong Corporation Berhad Annual Report 2021 82 KEY ELEMENTS AND PROCESSES ON RISK MANAGEMENT AND INTERNAL CONTROLS The key elements and processes that have been established in reviewing the adequacy and effectiveness of the risk management and internal control system include the following:- Risk Management The Group Risk Management Framework, which is embedded in the management system of the Group, clearly defines the authority and accountability in implementing the risk management process and internal control system. The Management assisted the Board in implementing the process of identifying, evaluating and managing significant risks applicable to their respective areas of business and in formulating suitable internal controls to mitigate and control these risks. The Group has adopted a Risk Management Guidelines which is based on ISO 31000, the international guideline for managing risk, to ensure that risk management process is consistent across the Group. Risk owners across the business divisions of the Group defined, highlighted, reported and managed various risks, including business and operational risks anticipated by them. All business divisions or major departments across the Group had conducted risk assessments to identify the risks relating to their areas of supervision, analyzed the likelihood of these risks occurring, the impact if they do occur, evaluated the risk level, as well as determined the existing controls and actions to be taken to manage these risks to an acceptable level. The risk profiles measures determined from this process were documented in risk registers with each business or operations area having its respective risk register. The overall process was facilitated by the Group Risk Management, which is dedicated to this role. The risk assessment report was tabled to the RMC every quarter. During the quarterly meeting, the significant risk of business units were presented to the RMC for their deliberation. The RMC reports to the AC on any significant changes in the business and external environment, which affect key risks. The Board has approved via the RMC, the Risk Management Framework, which highlighted the governance arrangements as well as assigned responsibilities to the relevant levels of management and operations. The implementation of the Framework is ultimately the responsibility of the top management and members of the Wah Seong Group Management. Evidence of implementation can be seen in the appropriate risk management practices integrated into the relevant business processes, which facilitated the decision making aimed at achieving the Group’s objectives. Internal Audit Function The internal audit function is performed by the Group Internal Audit (“GIA”), where their primary responsibility is to provide independent and objective assurance in assisting the Group to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance. The Head of GIA has functional reporting to the AC and administratively reports to the Managing Director/Group Chief Executive Officer and the Deputy Managing Director. The audit engagements were carried out based on the Annual Audit Plan. In FY 2021, the GIA had completed 4 riskbased audit engagements and presented the reports to the AC. They focused on review of various scope including project management, information technology and business processes of the Group. High impact audit findings with regards to risk, control and governance with recommendation for further improvement were escalated to the attention and scrutiny of the senior management and subsequently tabled to the AC on a quarterly basis. Follow up review on audit engagements were also conducted to ensure proper and effective remedial actions have been taken by the line management to close control gaps highlighted by the GIA. All the internal audit activities and processes performed in FY 2021 were guided by the Internal Audit Charter and the GIA Standard Operating Procedure. OTHER KEY ELEMENT ON INTERNAL CONTROL SYSTEM Internal control processes, which are embedded for effective Group’s operations include:- • Clear organisational structure and financial authorisation limits are clearly defined; • Group policies, including Principles of Business Conduct and Whistle Blowing Policy and Standard Operating Procedures to ensure compliance with internal controls, relevant laws and regulations; • Annual business plans of all Business Units are reviewed and approved by the respective Divisional Executive Committee; • Group budgets are reviewed and approved by the Board; STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=