Frontken Corporation Berhad 200401012517 (651020-T) • ANNUAL REPORT 2023 61 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL PURPOSE OF STATEMENT Paragraph 15.26(b) of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad (“Bursa Securities”) states that a listed issuer must ensure that its Board of Directors issues a statement (“Statement on Risk Management and Internal Control” or “Statement”) about the state of risk management and internal control of the listed issuer as a group. The Statement must include adequate and meaningful information to enable shareholders and other stakeholders to make an informed assessment of the main features and adequacy of the listed issuer’s risk management and internal control system as a group. Accordingly, the Board of Directors (“Board”) of Frontken Corporation Berhad (“Company”) furnishes this Statement, which outlines the nature and scope of the system of risk management and internal control of the Group (comprising the Company and its subsidiaries) for the financial year ended 31 December 2023 and up to the date of approval of this Statement for inclusion in the Company’s Annual Report. For purpose of disclosure, this Statement has considered and, where pertinent, including the mandatory contents outlined in the “Statement on Risk Management and Internal Control - Guidelines for Directors of Listed Issuers”, a publication of Bursa Securities, which sets out guidance to listed issuers in drafting the Statement. BOARD’S RESPONSIBILITY ON RISK MANAGEMENT AND INTERNAL CONTROL The Board affirms its overall responsibility for the Group’s system of risk management and internal control to safeguard shareholders’ investment and the Group’s assets as well as review the adequacy, integrity and operating effectiveness of this system in meeting the Group’s corporate objectives. The Board is mindful of the need to establish clear roles and responsibilities in discharging its fiduciary and leadership functions in line with the Principles, Practices and Guidance of the Malaysian Code on Corporate Governance (“MCCG”). In view of the inherent limitations in any system of risk management and internal control (“System”), the System is designed to manage, rather than eliminate, the risk of not adhering to the Group’s policies and achieving goals and objectives within the risk tolerance established by the Board and Management. The System can, therefore, only provide reasonable, but not absolute, assurance against any material misstatement, financial loss or fraud. The Board has formalised an Enterprise Risk Management framework (“ERM Framework”) that encompasses relevant policies and guidelines to streamline the Group’s risk management imperatives in a structured and comprehensive manner to safeguard shareholders’ investment and the Group’s assets. This ERM Framework accords largely with the ISO31000:2018 Risk Management – Guidelines, which set out the key principles, framework and process of risk management. With this ERM Framework, the Board has established an on-going process to identify, evaluate, control, report and monitor significant business risks faced by the Group on an ongoing basis. The Board, through its Audit Committee, reviews the outcome of this risk management process, including actions taken and mitigating measures implemented by Management to address the key risks as identified. This process has been in place for the financial year under review and up to the date of approval of this Statement for inclusion in the Annual Report of the Company. RISK MANAGEMENT FRAMEWORK – EXTENT OF COVERAGE Risk management is embodied in the Group’s key business processes through the ERM Framework, which sets out, among others, an easy-to-understand step-by-step approach to identify and evaluate risks faced by business units and, by extension, the Group. To harmonise risk management initiatives and activities, the Board has formalised in writing relevant risk management policies and guidelines for adherence by business units across the Group. The ERM Framework comprises a structured assessment process, culminating in the compilation of specific risk profiles of key business units and companies in the Group by Risk Management Units (“RMUs”), including the semi-annual update of risk profiles to consider the vagaries of evolving business environment as well as emerging risks.
RkJQdWJsaXNoZXIy NDgzMzc=