c o r p o r at e G O V E R N A N C E

72

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

3.5 The periodic and streamlining review of limits of authority and other standard operating procedures within the Group

provides a sound framework of authority and accountability within the organization and to facilitate quality, well informed

and timely corporate decision making at the appropriate level in the organisation’s hierarchy.

3.6 The compliance function, which includes the Audit Committee and internal audit function carried out by the GIA

established by KFima, assists the Board to oversee the management of risks and review the effectiveness of internal

controls. The Committee reviews reports of the GIA and also conducts annual assessment on the adequacy of the GIA’s

scope of work.

3.7 The Audit Committee convenes regular meetings to deliberate on findings and recommendations for improvement by

both the internal and external auditors on the state of the system of internal control. Minutes of the Audit Committee

meetings are tabled to the Board.

3.8 Review and award of major contracts by the project committees and teams, subject always to the delegated authority

limits set by the Board. A minimum of three quotations is called for and tenders are awarded based on criteria such as

quality, track record and speed of delivery.

3.9 The Risk Manangement Committee (“RMC”) convenes meeting annually to review and recommend the risk management

policies, strategies, key risk profiles and risk mitigation actions for the Group and reports to the Audit Committee.

3.10 Clearly documented standard operating procedure manuals set out the policies and procedures for day to day operations

to be carried out. Regular reviews are performed to ensure that documentation remains current, relevant and aligned

with evolving business and operational needs.

3.11 The competency of staff is enhanced through rigorous recruitment process and development programmes. A performance

appraisal system of staff is in place, with established targets and accountability and is reviewed annually.

4.

INTERNAL AUDIT FUNCTIONS

The Group’s internal audit function is undertaken by the GIA established by the penultimate holding company, KFima which

reports directly to the Audit Committee and administratively to the Group MD. The GIA assists the Audit Committee discharging

its duties and responsibilities. Its key role is to provide independent and objective assurance designed to add value and

assist the Group in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the

effectiveness of risk management, internal control system and governance processes.

The business processes and conduct of the operating units within the Group are continuously assessed by GIA in the context

of adequacy and effectiveness of the financial, operational controls and risk management. GIA reports to the Audit Committee

and communicates to management on audit observations noted in the course of their review and performs monitoring on

the status of actions taken by the operating units. It conducts independent reviews of the key activities within the Group’s

operating units based on a detailed annual audit plan developed using a risk-based methodology including input from Senior

Management and the Audit Committee, which was approved by the Audit Committee. The Terms of Reference of the GIA are

clearly spelt out in the Group Internal Audit Charter.

The GIA evaluates the following:

(a)

Adequacy, integrity, effectiveness of the Company and the Group’s internal controls in safeguarding shareholders’

investment and the Group’s assets. The internal controls cover financial, operational, information technology, compliance

controls and enterprise risk management.

(b)

Extent of compliance with established policies, procedures and statutory requirements.

(c)

Adequacy of policies, procedures and guidelines on the Company and Group’s accounting, financial and operational

activities.