Statement on Risk Management
and Internal Control
3.6 The compliance function, which includes the Audit and Risk Committee (“ARC”) and internal audit function, assists
the Board to oversee the management of risks and review the effectiveness of internal controls. The ARC reviews
reports of the Group Internal Audit Department (“GIA”) and also conducts annual assessment on the adequacy of
the GIA’s scope of work.
3.7 The ARC convenes regular meetings to deliberate on findings and recommendations for improvement by both
the internal and external auditors on the state of the system of internal control, review and recommend the risk
management policies, strategies, key risk profiles and risk mitigation actions for the Group and reports to the
Board. Minutes of the ARC meetings are tabled to the Board.
3.8 Review and award of major contracts which exceed the limits delegated to Group MD or senior management are
undertaken by the Board.
3.9 Clearly documented standard operating procedure manuals set out the policies and procedures for day to day
operations to be carried out. Periodic reviews are performed to ensure that documentation remains current,
relevant and aligned with evolving business and operational needs.
3.10 The competency of staff is enhanced through rigorous recruitment process and development programmes.
A performance appraisal system of staff is in place, with established targets and accountability and is reviewed
annually.
4.
INTERNAL AUDIT FUNCTION
The Group’s internal audit function is undertaken by GIA which reports directly to the ARC and administratively to
the Group MD. The GIA assists the ARC in the discharge of its duties and responsibilities. Its key role is to provide
independent and objective assurance designed to add value and assist the Group in accomplishing its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal
control system and governance processes.
The business processes and conduct of the operating units within the Group are continuously assessed by GIA in the
context of adequacy and effectiveness of the financial, operational controls and risk management. GIA reports to the ARC
and communicates to Management on audit observations noted in the course of their review and performs monitoring
on the status of actions taken by the operating units. It conducts independent reviews of the key activities within the
Group’s operating units based on a detailed annual audit plan developed using a risk-based methodology including
input from Senior Management and the ARC, which was approved by the ARC. The terms of reference of the GIA are
clearly spelt out in its Internal Audit Charter.
The GIA evaluates the following:
(a)
Adequacy, integrity, effectiveness of the Company and the Group’s internal controls in safeguarding shareholders’
investment and the Group’s assets. The internal controls cover financial, operational, information technology,
compliance controls and enterprise risk management;
(b)
Extent of compliance with established policies, procedures and statutory requirements; and
(c)
Adequacy of policies, procedures and guidelines on the Company and Group’s accounting, financial and operational
activities.
For the year under review, the GIA had undertaken the following:
(a)
Prepared the annual audit plan for approval by the ARC.
(b)
Performed risk-based audits based on the annual audit plan, including follow-up of matters from previous internal
audit reports.
(c)
Issued internal audit reports to the Management on risk management, control and governance issues identified
from the risk-based audits together with recommendations for improvements for these processes.
Annual Report 2020
kumpulan Fima Berhad
(197201000167)(11817-V)
107