STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL COMPLIANCE FRAMEWORK Bribery Risk Assessment integrated into ERM Framework The Bribery Risk Assessment was initiated in 2020 as part of Yinson’s effort to fulfil the requirements of ISO 37001 AntiBribery Management System (“ABMS”). This Bribery Risk Assessment complements the existing Risk Management discussions with the functions, which is to identify bribery and corruption risks that may occur in the function’s normal operations. In 2021, the Risk Management team revamped the ERM Framework. A key objective was to integrate the Bribery Risk Assessment approach into the overarching ERM Framework. This is to ensure that the Bribery Risk Assessment is consistent with the standards and requirements of the Risk Management approach within Yinson, for a comprehensive assessment of all identified risks within the functions in Yinson. From the Bribery Risk Assessment review, the following potential Bribery Risks were seen as relevant for the functions under review: • Bribes to secure business. • Collusion with third parties. • Dealing with government officials. • Giving or receiving gifts, hospitality and entertainment. • Risks of controls being by-passed. • Conflict of interest. • Personal data being sold. Nonetheless, Yinson has implemented the necessary controls in the ABMS to mitigate such Bribery Risks. INTERNAL AUDIT & CONTROLS The Group maintains an independent Internal Audit Department (“IA department”) which updates the Board, through the AC, on the adequacy and effectiveness of the Group’s system of internal control and management information system. Ernst & Young Consulting Sdn Bhd (“EY”) is being co-sourced with the internal audit engagements to attain business insights and gain access to competencies to support the control assessment needs of the Group’s expanding operations. The IA function adopts a risk-based approach when executing the internal audit plan, focusing on the Group’s business units and functions. The IA function reports the outcome of its appraisal directly to the AC via internal audit reports. The IA function also conducts follow-up reviews on the status of Management’s action plans. BOARD’S COMMENTARY For the financial year under review and up to the date of approval of this statement for inclusion in the Annual Report, the Board considers the system of risk management and internal controls described in this Statement to be satisfactory and has not resulted in any material loss, contingency or uncertainty, and risks are reasonably managed within the context of the Group’s business environment. The Board is not aware and has not been made aware of any material weaknesses or lapses in the internal control system of the Group occurring within the financial year under review and up to the date of approval of this statement for inclusion in the Annual Report. The Board has received assurance from the Group Chief Executive Officer and Group Chief Financial Officer that the Group’s risk management and internal control system is operating adequately and effectively, in all material aspects, based on the risk management and internal control systems of the Group. The Board and MC also hereby confirm that having reviewed the Audited Financial Statements for the financial year ended 31 January 2022, no adverse auditor opinion or material restatements was observed for the financial year ended 31 January 2021. The Board and MC will continue to take measures to strengthen the Group’s risk management and internal control system. REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS As required by Paragraph 15.23 of the Listing Requirements, the external auditors have reviewed this Statement pursuant to the scope set out in the Audit and Assurance Practice Guide (“AAPG”) 3: Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants (“MIA”). AAPG 3 does not require the external auditors to consider whether this Statement covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the risk management and internal control systems of the Group including the assessment and opinion by the Board of Directors and management thereon. The external auditor is also not required to consider whether the processes described to deal with material internal control aspects of any significant problems disclosed in the Annual Report will, in fact, remedy the problems. This Statement on Risk Management and Internal Control was made in accordance with a resolution of the Board on 28 April 2022. 204 YINSON HOLDINGS BERHAD GOVERNANCE
RkJQdWJsaXNoZXIy NDgzMzc=