8 4

Corporate GovernanCe

(c)

Issued internal audit reports to the management on risk

management and internal control issues identified from

the risk-based audits together with recommendations

for improvements for these processes.

(d)

Reported on a quarterly basis to the Audit Committee

on the significant risk management and internal control

issues from the Internal Audit Reports issued and the

results of follow-up of matters reported.

(e)

Reported on a quarterly basis to the Audit Committee

the achievement of the audit plan and status of

resources of the GIA function.

(f)

Conducted regular follow-up and monitoring on the

implementation of recommendations made by the GIA

function to ensure that appropriate corrective actions

are taken on a timely basis or within agreed timelines.

(g)

Reviewed the procedures relating to related party

transactions entered into by the Group to ensure that

the related party transactions have been conducted on

the Group’s normal commercial terms and are not to

the detriment of the Group’s minority shareholders.

(h)

Preparation of Audit Committee Report and Statement

on Risk Management and Internal Control for the

Company’s 2018 Annual Report.

As a means to objectively evaluate GIA service quality and

to ensure continuous conformance to the Professional

Practices Framework (“IPPF”) Standards issued by the

IIAM, a QAR has been conducted by a qualified external

independent reviewer from IIAM in March 2018. The results

of the review are collected, analysed and presented to the

Audit Committee together with the follow-up actions/actions

that have been taken by the GIA.

During the FYE2018, thirteen (13) Internal Audit Reports

were issued on various operating units of the Group

covering reviews on control environment, risk management,

revenue assurance, procurement, finance, human resource,

occupational safety and health and regulatory compliances

and operations.

The total costs incurred for maintaining GIA function for

the FYE2018 is RM417,000 (2017: RM377,000), comprising

personnel costs, establishment expenses, administration

and general expenses.

5.

ENTERPRISE RISK MANAGEMENT (“ERM”)

Risk management is regarded by the Board as an important

aspect of the Group’s diverse and growing operations with

the objective of maintaining a sound internal control system.

To this end, the Group has established the appropriate risk

management infrastructure to ensure that the Group’s assets

are well-protected and shareholders’ value enhanced.

The Audit Committee and the Board is supported by the

RMC. The RMC identifies and communicates to the Audit

Committee and the Board the present and potential critical

risks the Group faces, their changes and the management

action plans to manage these risks. The RMC convenes

meeting annually to review the key risk profiles and submit a

summary reporting to the Audit Committee.

The RMC is entrusted with the responsibility of implementing

and maintaining the ERM framework to achieve the following

objectives:

(a)

Communicate the vision, role, direction and priorities to

all employees and key stakeholders;

(b)

Identify, assess, treat, report and monitor significant

risks in an effective manner;

(c)

Enable systematic risk review and reporting on key

risks, existing control measures and any proposed

action plans; and

(d)

Create a risk-aware culture and building the necessary

knowledge for risk management at every level of

Management.

Board of directors

Audit committee

Risk management

Committee

Risk management unit

Risk management

function

Group Internal Audit

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL