73
ANNUAL REPORT 2016
Statement on Risk Management & Internal Control
Management
Management are tasked to implement the policies and procedures on risk management and internal control sanctioned by the Board. Major day-to-day
risk management and internal control issues shall be communicated to the Risk Working Committee for evaluations and actions
Risk Management Working Committee (RMC)
RMC comprises 5 Executive Directors of Bonia with the other members who should have in-depth knowledge of the operation and/or financial aspects
of risk management and internal control being selected from the Management to resolve the major day-to-day risk management and internal control
issues duly reported by the Management. RMC also undertakes the first-tier review on the efficiency and effectiveness of the Group’s risk management
and internal control processes on a regular basis with issues that require the attention of the Board be communicated to the ARC for further deliberations
Internal Auditors
The Internal Auditors is an independent function that reports directly to the Audit & Risk Management Committee, and thereafter to the Board. It performs
internal audit on various activities within the Group based on the Internal Audit Plan approved by the ARC by adopting risk-based methodology,
recommends the best practices to enhance the quality of the risk management, internal control and governance systems of the Group, and provide
reasonable assurance to the ARC on the efficiency and effectiveness of such systems
Audit & Risk Management Committee (ARC)
The ARC is composed of Independent Directors of Bonia. It conducts second-tier risk management assessments, review internal control processes and
evaluate the adequacy and integrity of the risk management, internal control and governance systems of the Group independently on a regular basis,
and reports to the Board of Bonia for further evaluations and actions
Board of Directors
The Board sets business objectives for the Group, establishes risk profiles, determines and adjust risk appetite and tolerance levels, ensures appropriate
policies and procedures are in place to manage those significant risks within the Group, performs regular checks on the health of the Group’s risk
management, internal control and governance systems, and seeks continuous improvement to close gaps and/or mitigate deficiencies
REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS
Pursuant to Paragraph 15.23 of the MMLR, the External Auditors have reviewed this Statement on Risk Management & Internal Control. As set out
in their terms of engagement, the procedures were performed in accordance with Recommended Practice 5 (Revised): Guidance for Auditors on
Engagements To Report On The Statement on Risk Management and Internal Control Included In the Annual Report (RPG 5), issued by Malaysian
Institute of Accountants. RPG 5 does not require the External Auditors to consider whether the Statement on Risk Management & Internal Control
covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the risk management system and internal control
processes of the Group. RPG 5 also does not require the External Auditors to consider whether the processes described to deal with material
internal control aspects of any significant problems disclosed in the Annual Report FY2016 would, in fact, remedy the problems. Based on their
procedures performed, the External Auditors have reported to the Board that nothing has come to their attention that causes them to believe that
this Statement on Risk Management & Internal Control is not prepared, in all material respects, in accordance with the disclosures required by
Paragraphs 41 and 42 of the SRMIC Guidelines, nor is it factually inaccurate.
CONCLUSION
The Board is of the view that the Group’s system of risk management and internal controls is generally satisfactory and has not resulted in
any material loss, contingency or uncertainty. The Board and Management will continue to take necessary measures to strengthen the control
environment and monitor the health of the risk management and internal control processes of the Group.
Board of Directors
Audit & Risk
Management Committee
Internal Auditors
Risk Management
Working Committee
Management
First-tier review
Second-tier review
