MSM Malaysia Holdings Berhad Annual Report 2019

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Risk Management Activities for 2019 Risk Register Management The Group high processes and tools to regularly identify, assess, monitor and control the risks. The Risk Register is a product of this system. • Quarterly Reporting of Enterprise Risk Reporting of key enterprise risks were conducted every quarter to BGRMC. All Subsidiaries and Divisions within the MSM Group proactively updated the Risk Registers through the Enterprise Risk Management System (ERMS) and reported to BGRMC through CGRM. • Continuous Risk Management Awareness and ERMS Risk Register Review The Group made significant efforts to improve and enhance its risk management and internal control systems in 2019 through the following initiatives: • Robust awareness sessions for all business units across the Group • Focused risk assessment sessions to ascertain key risk and mitigation plans • Review of risk parameters to quantify potential risks Below are the ERMS User Training conducted in 2019. Company Date MSM Prai Berhad 09 July 2019 MSM Malaysia Holdings Berhad 19 September 2019 MSM Refinery Sugar (Johor) Sdn Bhd 25 September 2019 Business Continuity Management (BCM) The Board is aware of the importance of an effective Business Continuity Management (BCM) program particularly in identifying potential threats to the organisation and the impact such threats may have on business operations. Additionally, it provides a framework for building organisational resilience that safeguards the interests of its stakeholders, reputation, brand and value creating activities. There were several BCM Simulation Testing conducted in 2019 with MSM subsidiaries. Company Date MSM Prai Berhad (Sg Buloh Warehouse) 21 March 2019 MSM Prai Berhad 29 August 2019 MSM Perlis Sdn Bhd 24 October 2019 MSM Refinery Sugar (Johor) Sdn Bhd 28 November 2019 MSM Group shall continue to ensure its BCM program is effectively embedded and implemented in all business functions focusing on high probability scenarios which include a BCM testing on ICT related systems to ensure resumption of business operation in case of system disruption. INTERNAL CONTROL Internal Control Elements Competency Policies & Procedures Authority & Responsibility • Organisation Structure • Authority Limits • Job Description Ethics & Integrity • Code of Business Conduct and Ethics for Employees • Code of Business Practice (COBP) • Integrity Initiatives • Whistleblowing Policy • External Gift, Entertainment and Hospitality Policy Monitoring • Financial & Operational Review • Annual Business Plan & Budget MSM Malaysia Holdings Berhad | Annual Report 2019 100