8 3

Kumpulan Fima Berhad (11817-V) •

Annual Report 2018

3.5 The periodic and streamlining review of limits of

authority and other standard operating procedures

within the Group provides a sound framework of

authority and accountability within the organisation

and to facilitate quality, well informed and timely

corporate decision making at the appropriate level in

the organisation’s hierarchy.

3.6 The compliance function, which includes the Audit

Committee and internal audit function carried out by

the Group Internal Audit Department (“GIA”), assists the

Board to oversee the management of risks and review

the effectiveness of internal controls. The Committee

reviews reports of the GIA and also conducts annual

assessment on the adequacy of the GIA’s scope of

work.

3.7 The Audit Committee convenes regular meetings

to deliberate on findings and recommendations for

improvement by both the internal and external auditors

on the state of the system of internal control. Minutes of

the Audit Committee meetings are tabled to the Board.

3.8 Review and award of major contracts by the project

committees and teams, subject always to the delegated

authority limits set by the Board. A minimum of three (3)

quotations is called for and tenders are awarded based

on criteria such as quality, track record and speed of

delivery.

3.9 The Risk Management Committee (“RMC”) convenes

meeting annually to review and recommend the risk

management policies, strategies, key risk profiles and

risk mitigation actions for the Group and reports to the

Audit Committee.

3.10 Clearly documented standard operating procedure

manuals set out the policies and procedures for day

to day operations to be carried out. Regular reviews

are performed to ensure that documentation remains

current, relevant and aligned with evolving business

and operational needs.

3.11 The competency of staff is enhanced through rigorous

recruitment process and development programmes. A

performance appraisal system of staff is in place, with

established targets and accountability and is reviewed

annually.

4.

INTERNAL AUDIT FUNCTION

The Group’s internal audit function is undertaken by the

GIA, which reports directly to the Audit Committee and

administratively to the Group MD. The GIA assists the Audit

Committee in discharging its duties and responsibilities. Its

key role is to provide independent and objective assurance

designed to add value and assist the Group in accomplishing

its objectives by bringing a systematic, disciplined approach

to evaluate and improve the effectiveness of risk management,

internal control system and governance processes.

The business processes and conduct of the operating units

within the Group are continuously assessed by GIA in the

context of adequacy and effectiveness of the financial,

operational controls and risk management. GIA reports to

the Audit Committee and communicates to management

on audit observations noted in the course of their review

and performs monitoring on the status of actions taken by

the operating units. It conducts independent reviews of the

key activities within the Group’s operating units based on

a detailed annual audit plan developed using a risk-based

methodology including input from Senior Management and

the Audit Committee, which was approved by the Audit

Committee. The Terms of Reference of the GIA are clearly

spelt out in its Internal Audit Charter.

The GIA evaluates the following:

(a)

Adequacy, integrity, effectiveness of the Company

and the Group’s internal controls in safeguarding

shareholders’ investment and the Group’s assets.

The internal controls cover financial, operational,

information technology, compliance controls and

enterprise risk management;

(b)

Extent of compliance with established policies,

procedures and statutory requirements; and

(c)

Adequacy of policies, procedures and guidelines on

the Company and Group’s accounting, financial and

operational activities.

For the year under review, the GIA had undertaken the

following work:

(a)

Prepared the annual audit plan for approval by the Audit

Committee.

(b)

Performed risk-based audits based on the approved

annual audit plan, including follow-up of matters from

previous internal audit reports.

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL