Frontken Corporation Berhad 200401012517 (651020-T) • ANNUAL REPORT 2023 62 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL (CONT’D) RISK MANAGEMENT FRAMEWORK – EXTENT OF COVERAGE (CONT’D) The individual risks are scored for their likelihood of occurrence and the impact thereof based on a ‘5 by 5’ risk matrix, deploying parameters established for each key business unit or company in the Group. The risk parameters comprise relevant financial and non-financial metrics for risks to be evaluated or quantified, as the case may be, in terms of the likelihood of their occurrence and the impact thereof. The use of such metrics essentially articulates the Board’s risk appetite, i.e. the extent of risk the Group is prepared to take or seek in achieving its business objectives. Details of specific risks are documented in individual risk registers, covering the risk description, root causes, risk consequences, internal controls implemented by Management to address the root causes, Management’s assessment of the effectiveness of internal controls and the residual risk rating, i.e. the balance of risk after considering the effects of internal controls deployed to manage the exposure. The action plans that Management has taken and/or is taking to mitigate the risks to acceptable levels are reported by the RMUs to the Audit Committee and the outcome is documented in the Audit Committee meeting minutes, including any comments that the Audit Committee may have and such meeting minutes were also presented to the Board. The Audit Committee is tasked to brief the Board on the outcome of the risk update and mitigating measures deployed, including any significant issues therefrom. For each of the business risks identified, a risk owner is entrusted to ensure appropriate actions are taken to mitigate the risk to an acceptable level within specified timeline. The Risk Coordinator of the Group, when reviewing the risk update carried out by business units, enquires into the status of action plans undertaken by the Management of the business units concerned before reporting to the Audit Committee. During the financial year under review, additional risks identified by the business units together with the actions taken or being taken by Management to mitigate or reduce these additional risks were reported by the Risk Coordinator to the Audit Committee and only those that warranted the attention of the Board were recommended by the Audit Committee to the Board for its deliberation and approval. Whereas matters or decisions made within the purview of the Audit Committee were only escalated to the Board for its information and notation. INTERNAL CONTROL SYSTEM – THE KEY FEATURES Besides those internal controls implemented by Management to mitigate the risks as mentioned above, the Group’s internal control system also covers the following salient elements: • an organisation structure with clearly defined lines of responsibilities and appropriate levels of delegation and authority, including financial limits of authority in approving transactions and activities as well as mandate to operate bank accounts. This structure also sets out clear reporting lines and segregation of duties for key processes like strategic management, operations, sales and collections, procurement and payment, human resource management, capital expenditure, research and development, financial reporting, corporate affairs and investments; • a process of hierarchical reporting which provides a documented and auditable trail of accountability, with appropriate sign-off by personnel entrusted with the responsibilities; • an annual budgetary exercise that requires all business units and companies in the Group to formulate financial budgets which are then consolidated into a Group budget, presented to the Board for comments and ultimate approval. Quarterly reviews of the Group’s performance against budget are carried out at Board meetings where explanations on significant variances or unusual fluctuations are furnished by Management. Management meetings at the operational level are conducted to review financial performance against business plans and monitor the respective business unit’s performance against budget; • significant changes in business development are reported by Management to the Board at scheduled meetings. This oversight review enables the Board to evaluate and monitor the Group’s business performance vis-à-vis its strategic objectives;
RkJQdWJsaXNoZXIy NDgzMzc=