STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL RISK MANAGEMENT The Group Risk Management Framework, which is embedded in the management system of the Group, clearly defines the authority and accountability in implementing the risk management process and internal control system. The Management assisted the Board in implementing the process of identifying, evaluating and managing significant risks applicable to their respective areas of business and in formulating suitable internal controls to mitigate and control these risks. The Group has adopted a Risk Management Guidelines which is based on ISO 31000, the international guideline for managing risk, to ensure that risk management process is consistent across the Group. Risk owners across the business divisions of the Group defined, highlighted, reported and managed various risks, including business and operational risks anticipated by them. All business divisions or major departments across the Group had conducted risk assessments to identify the risks relating to their areas of supervision, analyzed the likelihood of these risks occurring, the impact if they do occur, evaluated the risk level, as well as determined the existing controls and actions to be taken to manage these risks to an acceptable level. The risk profiles measures determined from this process were documented in risk registers with each business or operations area having its respective risk register. The overall process was facilitated by the Group Risk Management, which is dedicated to this role. The risk assessment report was tabled to the RMC every quarter. During the quarterly meeting, the significant risk of business units were presented to the RMC for their deliberation. The RMC reports to the AC on any significant changes in the business and external environment, which affect key risks. The Board has approved via the RMC, the Risk Management Framework, which highlighted the governance arrangements as well as assigned responsibilities to the relevant levels of management and operations. The implementation of the Framework is ultimately the responsibility of the top management and members of the Wah Seong Group Management. Evidence of implementation can be seen in the appropriate risk management practices integrated into the relevant business processes, which facilitated the decision making aimed at achieving the Group’s objectives. INTERNAL AUDIT FUNCTION The internal audit engagements are performed by the Group Internal Audit (“GIA”), where their primary responsibility is to provide independent and objective assurance in assisting the Group to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance. The Head of GIA reports functionally to the AC and administratively to the Managing Director/Group Chief Executive Officer and the Deputy Managing Director. The audit engagements were carried out based on the approved annual Internal Audit Plan. In FY 2022, the GIA had completed 5 risk-based audit engagements and presented the reports to the AC. They focused on review of various scope including project management, anti-bribery and business processes of the Group. High impact audit findings with regards to risk, control and governance with recommendation for further improvement were escalated to the attention and scrutiny of the senior management and subsequently tabled to the AC on a quarterly basis. Follow up review on audit engagements were also conducted to ensure proper and effective remedial actions have been taken by the line management to close control gaps highlighted by the GIA. All the internal audit activities and processes performed in FY 2022 were guided by the Internal Audit Charter and the GIA Standard Operating Procedure. The GIA is in conformance with the International Standards for the Professional Practice of Internal Auditing. OTHER KEY ELEMENT ON INTERNAL CONTROL SYSTEM Internal control processes, which are embedded for effective Group’s operations include:- • Clear organisational structure and financial authorisation limits are clearly defined; • Group policies, including Principles of Business Conduct and Whistle Blowing Policy and Standard Operating Procedures to ensure compliance with internal controls, relevant laws and regulations; • Annual business plans of all Business Units are reviewed and approved by the respective Divisional Executive Committee; • Group budgets are reviewed and approved by the Board; • Regular Executive Committee meetings at Business Units are held to review the operational and key performance indicators against the approved budget; • Utilisation of contract tendering and evaluation process for large projects; and • Weekly report on Group’s cash position is monitored by Group Treasury. Annual Report 2022 Wah Seong Corporation Berhad 85
RkJQdWJsaXNoZXIy NDgzMzc=