page
53
FIMA CORPORATION BERHAD
(21185-P) |
Annual Report
2016
•
heightened risk awareness culture in the business processes through risk owners’ accountability and sign-off
for action plans and continuous monitoring;
•
compilation of the business units’ risk profiles in relation to the Group risk parameters, the top risks from each
business segment and reported to the Audit Committee for review, deliberation and approval;
•
fostered a culture of continuous improvement in risk management through risk review meetings; and provided
a system to manage the central accumulation of risk profiles data with risk significance rating for the profiles
as a tool for prioritizing risk action plans.
TheGroup has in place the necessary risk infrastructure encompassing the risk assessment process, organizational
oversight and reporting functions to instill the appropriate discipline and control. Risk assessment, monitoring and
review of the various risks faced by the Group are a continuous process within the key operating units with the
RMC playing a pivotal oversight function. The RMC convenes on an annual basis to review the key risk profiles
and submit a summary reporting to the Audit Committee. Amidst delivering growth for its stakeholders, the Group
will continue its focus on sound risk assessment practices and internal control to ensure that the Group is well
equipped to manage the various challenges arising from the dynamic business and competitive environment.
INTERNAL CONTROL
The internal audit function is undertaken by the Group Internal Audit Department (“GIA”) of the penultimate holding
company, Kumpulan Fima Berhad. The principal role of GIA is to independently review whether a framework of
controls and an effective risk management framework are in place to manage risks and management responses
to these risks are acceptable.
GIA engages in regular communication with the management team and various departments within the
organization in relation to its internal audit activities and efforts for continuous improvement in operations and
systems. Scheduled internal audits are carried out by GIA based on the audit plan presented to and approved by
the Audit Committee.
GIA reports directly to the Audit Committee periodically and is independent of the activities it audits. Follow-up
reviews and deliberation of internal audit reports are carried out to ensure that appropriate actions are taken to
address internal control weaknesses are highlighted.
During the year, GIA has evaluated the adequacy, integrity and effectiveness of the Group’s internal controls in
safeguarding shareholders’ investment and the Group’s assets. The internal controls cover financial, operational
and compliance and enterprise risk management. The cost incurred by GIA in respect of internal audit function
during the financial year was RM150,000.
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
(contd.)
Divisions & SBU
(Senior Management
& Mid-Management)
BOARD
(Executive
Management)
VISION
Strategic
Objectives & Goals
Operational
Goals & Targets
ORGANISATION
HIERARCHY
BUSINESS
OBJECTIVES
HIERARCHY
ALIGNED
FRAME OF REFERENCE
EXTERNAL RISKS
INTERNAL RISKS
Operation/Functions
(Executive & Staff)