sustainability & governance

Annual Report 2017

67

INTRODUCTION

This statement is in line with Paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) on the Group’s compliance with

the Principles and Best Practices relating to internal control as stipulated in the Malaysian Code on Corporate Governance 2012.

The Board acknowledges its overall responsibility for maintaining a sound system of internal control to safeguard shareholders’

investments and the Group’s assets and for reviewing the adequacy and integrity of the system.

The Group’s system of risk management and internal control covers, inter alia, controls relating to financial control, risk management,

operational, management information systems and compliance with applicable laws, regulations, rules, directives and guidelines. The

process for identifying, evaluating and managing the significant risks faced by the Group is on-going, regularly reviewed by the Board

through its Audit Committee and has been in place for the whole year under review. In view of the limitations that are inherent in any

system of internal control, the Group’s internal control system is designed to manage rather than eliminate risks that may impact

the achievement of the Group’s business objectives, and can only provide reasonable but not absolute assurance against material

misstatement or loss.

ENTERPRISE RISK MANAGEMENT (“ERM”)

STATEMENT ON RISK MANAGEMENT

AND INTERNAL CONTROL

Board of Directors

Group Internal Audit

Audit Committees

Risk Management Committees

Risk Management Unit

Risk Management Function

Risk management is regarded by the Board as an important aspect of the Group’s diverse and growing operations with the objective

of maintaining a sound internal control system. To this end, the Group has established the appropriate risk management infrastructure

to ensure that the Group’s assets are well-protected and shareholders’ value enhanced.

The Audit Committee and the Board are supported by a Risk Management Committee (“RMC”), headed by the Senior Independent

Non-Executive Director. The RMC in discharging its duties is supported by a Risk Management Unit, comprising of senior management

and headed by the Managing Director. The RMC identifies and communicates to the Audit Committee and the Board the present and

potential critical risks the Group faces, their changes and the management action plans to manage these risks.

The RMC is entrusted with the responsibility of implementing and maintaining the enterprise risk management (“ERM”) framework to

achieve the following objectives:

• communicate the vision, role, direction and priorities to all employees and key stakeholders;

• identify, assess, treat, report and monitor significant risks in an effective manner;