Datasonic Group Berhad 74 RESPONSIBILITIES The Board and Management uphold their ongoing commitment to embed and improve the risk management and internal control system into the culture, processes and structure of the Group. Datasonic continues its efforts to integrate the risk management processes and internal controls into the management processes and business activities of the Group. The efforts continue to evolve on a progressive basis for the financial year ended 31 March 2022 and up to the date of approval of this Statement for inclusion into the 2022 Annual Report. Board Responsibility The Board recognises the importance of sound risk management and internal control system to ensure the reliability and integrity of financial and operational information, effectiveness and efficiency of operations, safeguarding of assets and compliance with laws, regulations, policies, procedures and contracts. Hence, the Board with the assurance from the Executive Directors and Management affirms its overall responsibilities for the Group’s risk management and internal control system. The oversight of these critical areas is carried out by the Audit Committee (“AC”) and Risk Management Committee (“RMC”), which are empowered by their respective terms of reference to provide oversight and perform regular reviews on the risk management and internal control system to meet the Group’s objectives and for continuous improvement thereof. The Board acknowledges the limitations that are inherent in any risk management and internal control system. As such the systems designed are meant to manage and minimise the extent and severity of the risks, rather than completely eliminate the risks of failure to achieve the Group’s objectives and strategies. Consequently, the Board recognises that a sound internal control system provides reasonable but not absolute assurance that the Group will not be hindered in achieving its business objectives in the ordinary course of business. Executive Directors and Management Responsibility The Executive Directors and Management are accountable to the Board and responsible for implementing the processes of identifying, evaluating, monitoring and reporting of risks and the effectiveness of internal control system, taking appropriate and timely corrective actions as required. Regular reports on risks identified and actions taken to mitigate and/or minimise such risks and gaps in the internal control system, if any, are presented to the AC and RMC and ultimately to the Board. The Executive Directors and Management have assured the Board that the Group’s risk management and internal control system are operating adequately and effectively in all material aspects, based on the risk management framework and internal control system adopted by the Group. Risks are managed by ensuring adequate controls and mitigation plans are in place and ensuring improvements are made as and when the needs arise. RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM Generally, Datasonic risk management and internal control system are guided by the ISO 31000 Risk Management - Principles and Guidelines and the Committee of Sponsoring Organisations of the Treadway Commission (“COSO”) Framework respectively. The key features of the Group’s risk management and internal control system are the three lines of defence with established functional responsibilities and accountabilities for the management of risks and internal controls of Datasonic as depicted below:- FIRST LINE OF DEFENCE • Own, manage and control risks by the implementation of internal controls in the business operations and activities. • Provided by the Executive Directors, Management and Heads of Department. SECOND LINE OF DEFENCE • Coordinate and facilitate risk management activities routinely among the various business units and/or support and administration functions, including monitoring progress of risk mitigation plans. • Provided by Risk Management function. THIRD LINE OF DEFENCE • Perform regular reviews of the Group’s operations and system of internal controls and risk management. Provide independent assurance on the adequacy and effectiveness of the controls processes implemented by business process owners and the Management. • Provided by the Internal Audit Department. Statement on Risk Management and Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=