c o r p o r at e G O V E R N A N C E
72
STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
3.5 The periodic and streamlining review of limits of authority and other standard operating procedures within the Group
provides a sound framework of authority and accountability within the organization and to facilitate quality, well informed
and timely corporate decision making at the appropriate level in the organisation’s hierarchy.
3.6 The compliance function, which includes the Audit Committee and internal audit function carried out by the GIA
established by KFima, assists the Board to oversee the management of risks and review the effectiveness of internal
controls. The Committee reviews reports of the GIA and also conducts annual assessment on the adequacy of the GIA’s
scope of work.
3.7 The Audit Committee convenes regular meetings to deliberate on findings and recommendations for improvement by
both the internal and external auditors on the state of the system of internal control. Minutes of the Audit Committee
meetings are tabled to the Board.
3.8 Review and award of major contracts by the project committees and teams, subject always to the delegated authority
limits set by the Board. A minimum of three quotations is called for and tenders are awarded based on criteria such as
quality, track record and speed of delivery.
3.9 The Risk Manangement Committee (“RMC”) convenes meeting annually to review and recommend the risk management
policies, strategies, key risk profiles and risk mitigation actions for the Group and reports to the Audit Committee.
3.10 Clearly documented standard operating procedure manuals set out the policies and procedures for day to day operations
to be carried out. Regular reviews are performed to ensure that documentation remains current, relevant and aligned
with evolving business and operational needs.
3.11 The competency of staff is enhanced through rigorous recruitment process and development programmes. A performance
appraisal system of staff is in place, with established targets and accountability and is reviewed annually.
4.
INTERNAL AUDIT FUNCTIONS
The Group’s internal audit function is undertaken by the GIA established by the penultimate holding company, KFima which
reports directly to the Audit Committee and administratively to the Group MD. The GIA assists the Audit Committee discharging
its duties and responsibilities. Its key role is to provide independent and objective assurance designed to add value and
assist the Group in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, internal control system and governance processes.
The business processes and conduct of the operating units within the Group are continuously assessed by GIA in the context
of adequacy and effectiveness of the financial, operational controls and risk management. GIA reports to the Audit Committee
and communicates to management on audit observations noted in the course of their review and performs monitoring on
the status of actions taken by the operating units. It conducts independent reviews of the key activities within the Group’s
operating units based on a detailed annual audit plan developed using a risk-based methodology including input from Senior
Management and the Audit Committee, which was approved by the Audit Committee. The Terms of Reference of the GIA are
clearly spelt out in the Group Internal Audit Charter.
The GIA evaluates the following:
(a)
Adequacy, integrity, effectiveness of the Company and the Group’s internal controls in safeguarding shareholders’
investment and the Group’s assets. The internal controls cover financial, operational, information technology, compliance
controls and enterprise risk management.
(b)
Extent of compliance with established policies, procedures and statutory requirements.
(c)
Adequacy of policies, procedures and guidelines on the Company and Group’s accounting, financial and operational
activities.