72
ANNUAL REPORT 2016
Statement on Risk Management & Internal Control
RISK MANAGEMENT AND INTERNAL CONTROL PROCESSES
The key elements of the Group’s risk management system and internal control processes are described below:
• There are proper documentations to define the responsibilities and functions of the Board and each of its committees.
• Internal policies and procedures are in place, which are updated as and when necessary.
• There is an organisation structure with clearly defined lines of responsibility, limits of authority and accountability aligned to business and
operations requirements which support the maintenance of a strong control environment.
• There is a clearly defined delegation of responsibilities to the Management of operating units who ensure that appropriate risk management
and control procedures are in place. The Group identifies the key risks by line of business and key functional activities.
• There is a clearly defined framework for investment appraisal covering the acquisition or disposal of any business, application of capital
expenditure and approval on borrowing, with post implementation reviews be conducted and reported.
• The actual performances would be reviewed against the budgeted results on a quarterly basis allowing timely response and corrective action
to be taken to mitigate risks.
• Comprehensive management accounts and reports are prepared monthly for effective monitoring and decision-making.
• Regular scheduled management meetings are held and attended by all Executive Directors and senior management to discuss and report
on operational performance, business strategies, key operating statistics, legal and regulatory matters of each business unit where plans and
targets are established for business planning and budgeting process.
• Review of the quarterly and annual financial reports by the Audit & Risk Management Committee (ARC) and the Board.
• The Critical Success Factors (CSF) Committee is established as part of the stewardship team to conduct study on various business processes and
functions to identify key elements that are vital to achieve company’s mission and goals.
• Given the strategic and expansion plan of the Group, the risk profiles, risk appetite and tolerance level would be adjusted where necessary to
add value to the risk management and control system and for mitigative actions.
THE REVIEW MECHANISM
The Board adopts a two-tier review mechanism to evaluate the adequacy and integrity of the risk management system and internal control
processes of the Group. The first aspect of the review is undertaken by the Management while the second aspect constitutes the independent
review by the ARC with the assistance of the Internal Auditors. Risk profiles and tolerance levels, significant audit findings, audit issues highlighted
in the preceding internal audit reports together with the follow up actions are being considered at length by all parties concerned.
The Board solicits feedback on the effectiveness of the risk management system and internal control processes from the ARC and seeks continuous
improvement in its RMICF to close gaps and/or mitigate deficiencies.
