page
52
FIMA CORPORATION BERHAD
(21185-P) |
Annual Report
2016
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
INTRODUCTION
This statement is in line with Paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) on the
Group’s compliance with the Principles and Best Practices relating to internal control as stipulated in the Malaysian
Code on Corporate Governance 2012.
The Board acknowledges its overall responsibility for maintaining a sound system of internal control to safeguard
shareholders’ investments and the Group’s assets and for reviewing the adequacy and integrity of the system.
The Group’s system of risk management and internal control covers, inter alia, controls relating to financial
control, risk management, operational, management information systems and compliance with applicable laws,
regulations, rules, directives and guidelines. The process for identifying, evaluating and managing the significant
risks faced by the Group is on-going, regularly reviewed by the Board through its Audit Committee and has been
in place for the whole year under review. In view of the limitations that are inherent in any system of internal
control, the Group’s internal control system is designed to manage rather than eliminate risks that may impact the
achievement of the Group’s business objectives, and can only provide reasonable but not absolute assurance
against material misstatement or loss.
RISK MANAGEMENT
Risk management is regarded by the Board as an important aspect of the Group’s diverse and growing operations
with the objective of maintaining a sound internal control system. To this end, the Group has established the
appropriate risk management infrastructure to ensure that the Group’s assets are well-protected and shareholders’
value enhanced.
The Audit Committee and the Board are supported by a Risk Management Committee (“RMC”), headed by
the Senior Independent Non-Executive Director. The RMC in discharging its duties is supported by a Risk
Management Unit, comprising of senior management and headed by the Managing Director. The RMC identifies
and communicates to the Audit Committee and the Board the present and potential critical risks the Group faces,
their changes and the management action plans to manage these risks.
The RMC is entrusted with the responsibility of implementing and maintaining the enterprise risk management
(ERM) framework to achieve the following objectives:
•
communicate the vision, role, direction and priorities to all employees and key stakeholders;
•
identify, assess, treat, report and monitor significant risks in an effective manner;
•
enable systematic risk review and reporting on key risks, existing control measures and any proposed action
plans; and
•
create a risk-aware culture and building the necessary knowledge for risk management at every level of
Management.
In line with the achievement of the above objectives, the RMC has undertaken the following:
•
formalization of risk management policy and procedures and adopted a structured and systematic risk
assessment, monitoring and reporting framework;
•
appointment of a dedicated risk officer to coordinate the ERM activities within the Group, to supervise the
ERM policy implementation and documentation at Group level and to act as the central contact and guide for
ERM issues within the Group;