Frontken Berhad Annual Report 2017

30 Frontken Corporation Berhad (651020-T) ANNUAL REPORT 2017 PURPOSE OF STATEMENT Paragraph 15.26 (b) of the Listing Requirements of Bursa Malaysia Securities Berhad (“Bursa Securities”) stipulates that a listed issuer must ensure that its board of directors makes a statement (“Statement on Risk Management and Internal Control” or “Statement”) about the state of risk management and internal control of the listed issuer as a group. The Statement shall include sufficient and meaningful information needed by shareholders and other stakeholders to make an informed assessment of the main features and adequacy of the listed issuer’s risk management and internal control system as a group. Accordingly, the Board of Directors (“Board”) furnishes this Statement, which outlines the nature and scope of the system of risk management and internal control in the Group (comprising the Company and its subsidiaries) for the financial year ended 31 December 2017 and up to the date of approval of this Statement for inclusion in the Company’s Annual Report. For purposes of disclosure, this Statement has considered the “Statement on Risk Management and Internal Control - Guidelines for Directors of Listed Issuers”, a publication of Bursa Securities which provides guidance to boards in preparing the Statement, in particular the contents to be included. RESPONSIBILITY OF THE BOARD The Board acknowledges its overall responsibility for the Group’s system of risk management and internal control to safeguard shareholders’ investment and the Group’s assets as well as reviewing the adequacy and integrity of the system in meeting the Group’s business and corporate objectives. The Board is mindful of the need to establish clear roles and responsibilities in discharging its fiduciary and leadership functions in line with the Principles, Practices and Guidance of the Malaysian Code on Corporate Governance (“MCCG”). As such, the Board is aware of its principal responsibilities, as outlined in the following Practices and Guidance of the MCCG, pertaining to risk management and internal control: • Practice 1.1 and Guidance 1.1 – The Board should: - ensure there is a sound framework for internal controls and risk management; - understand the principal risks of the Company’s business and recognise that business decisions involve the taking of appropriate risks; - set the risk appetite within which the Board expects Management to operate and ensure that there is an appropriate risk management framework to identify, analyse, evaluate, manage and monitor significant financial and non- financial risks; • Practice 9.1 - The Board should establish an effective risk management and internal control framework; and • Practice 9.2 - The Board should disclose the features of its risk management and internal control framework, and the adequacy and effectiveness of this framework. The MCCG also provides that the Board should, in its disclosure, include a discussion on how key risk areas such as finance, operations, regulatory compliance, reputation, cyber security and sustainability were evaluated and the controls in place to mitigate or manage those risks. In view of the limitations inherent in any system of risk management and internal control (“System”), the System is designed to manage, rather than eliminate, the risk of failure to achieve the Group’s business and corporate objectives. The System can, therefore, only provide reasonable, but not absolute, assurance against any material misstatement, financial loss or fraudulent activity. In embracing Practice 9.1 of the MCCG, the Board has formalised an Enterprise Risk Management framework (“ERM framework” or “framework”) that sets out pertinent policies and guidelines to streamline the Group’s risk management initiatives and activities in a structured and holistic manner to safeguard shareholders’ investment and the Group’s assets. This framework is largely fashioned after the ISO31000:2009 Risk Management Principles and Guidelines which set out the key principles, framework and process on risk management. Based on this framework, the Board has established an on-going process to identify, evaluate, control, report and monitor significant business risks faced by the Group. The Board, through its Audit Committee, reviews the results of this process, including mitigating measures implemented by Management to address the key risks as identified. This process has been in place for the financial year under review and up to the date of approval of this Statement for inclusion in the Annual Report of the Company. Statement On Risk Management And Internal Control