The GIA evaluates the following:

(a) Adequacy, integrity, effectiveness of the Company and the Group’s internal controls in safeguarding

shareholders’ investment and the Group’s assets. The internal controls cover financial, operational,

information technology, compliance controls and enterprise risk management;

(b) Extent of compliance with established policies, procedures and statutory requirements; and

(c) Adequacy of policies, procedures and guidelines on the Company and Group’s accounting, financial and

operational activities.

For the year under review, the GIA had undertaken the following work:

(a) Prepared the annual audit plan for approval by the Audit and Risk Committee.

(b) Performed risk-based audits based on the annual audit plan, including follow-up of matters from previous

internal audit reports.

(c) Issued internal audit reports to the Management on risk management, control and governance issues

identified from the risk-based audits together with recommendations for improvements for these

processes.

(d) Reported on a quarterly basis to the Audit and Risk Committee on significant risk management, control

and governance issues from the internal audit reports issued, the results of investigations and special

reviews undertaken and the results of follow-up of matters reported.

(e) Reported on a quarterly basis to the Audit and Risk Committee the achievement of the audit plan and

status of resources of the GIA function.

(f) Conducted regular follow-up and monitoring on the implementation of recommendations made by the

GIA function to ensure that appropriate corrective actions are taken on a timely basis or within agreed

timelines.

(g) Reviewed the procedures relating to related party transactions entered into by the Group to ensure that

the related party transactions have been conducted on the Group’s normal commercial terms and are not

to the detriment of the Group’s minority shareholders.

(h) Revised the Internal Audit Standard Operating Procedures.

(i) Reviewed compliance on MS2530-3:2013 Malaysian Sustainability Palm Oil Certification Standard of Part

3: General Principles for Oil Palm Plantations and Organised Smallholders requirements for all estates

operated by the Group.

(j) Preparation of Audit and Risk Committee Report and Statement on Risk Management and Internal Control

for the Company’s 2019 Annual Report.

During the FYE2019, eighteen (18) internal audit reports were issued on various operating units of the Group

covering reviews on control environment, risk management, revenue assurance, procurement, finance, human

resource, occupational safety and health and regulatory compliances and operations.

The total costs incurred for maintaining the GIA function for FYE2019 is RM505,205 (FYE2018: RM417,000),

comprising personnel costs, establishment expenses, admin and general expenses.

5.

ENTERPRISE RISK MANAGEMENT (“ERM”)

Risk management is regarded by the Board as an important aspect of the Group’s diverse and growing

operations with the objective of maintaining a sound internal control system. To this end, the Group has

established the appropriate risk management infrastructure to ensure that the Group’s assets are well-protected

and shareholders’ value enhanced.

The Audit and Risk Committee and the Board is supported by a Risk Management Committee (“RMC”). The RMC

identifies and communicates to the Audit and Risk Committee and the Board the present and potential critical

risks the Group faces, their changes and the Management action plans to manage these risks. The RMC convenes

meeting on a yearly basis to review the key risk profiles and submit a summary reporting to the Audit and Risk

Committee.

Kumpulan Fima Berhad

(11817-V)

Annual Report 2019

86