GHL System Berhad Annual Report 2018

a n n u a l r e p o r t 2 0 1 8 43 STAT EMENT ON R I SK MANAGEMENT AND I NT ERNA L CONTROL Introduction The Board recognises the importance of a sound framework of risk management and internal control for good corporate governance and to safeguard the Group’s assets and shareholders’ interests. Towards this end, the Board is committed to maintaining a sound risk management framework and internal control system for the Group and ensuring its continued effectiveness, adequacy and integrity through a process of periodic review. Guided by the Statement on Risk Management and Internal Control – Guidelines for Directors of Listed Issuer and Main Market Listing Requirements, the Board is pleased to present the Statement on Risk Management and Internal Control. RESPONSIBILITY OF THE BOARD The Board assumes the responsibility for effective and adequacy of the Group’s risk management and internal control system and has an established Term of Reference to assist in discharging of this responsibility. The Board has delegated the responsibility of undertaking this process of periodic review to the Audit and Risk Committee (“ARC”), whose responsibilities and duties are detailed in the ARC Report of this Annual Report. However, the Board as a whole remains ultimately responsible for the effectiveness, adequacy and integrity of the system of risk management and internal control. The Board’s risk management approach has continued to evolve in line with the Group’s expanding activities. During the financial year, the Group’s business has expanded from the acquisition of Paysys (M) Sdn Bhd, whom is principally involved in the credit card acquiring business, provision of terminals and payment solutions and is a key player in this sector in Malaysia. The Group also expanded its overseas markets to Cambodia by entering agreements to acquire Speed Pay PLC, whom is principally involved in the Cambodia e-payments space. The Board is aware that the expansion into new areas of business and operating in different countries would involve new and different risk considerations. Whenever these events occur, the Board will, in addition to its normal risk management process, pay particular attention to the impact of Group’s overall risk profile and sufficiency of existing internal controls in addressing the additional risks, if any. The Board has during FY 2018, continued to strengthen the Group’s governance and risk management framework to identify, assess, mitigate, report and monitor the significant risks in an effective manner. The Board recognises the integral role of key management in the risk management and internal control process. The Board had established the Risk Management Committee (“RMC”) comprising Senior Management of the Company to identify and assess the Group’s risks and thereafter to design, implement and monitor the appropriate risk management processes and internal controls to address and mitigate such risks. KEY INTERNAL CONTROL PROCESSES The Group’s internal control system comprises the following key processes:- 1. Authority and Responsibility a) Board Committees Board Committees are established and operate under clearly defined Terms of Reference, which are reviewed regularly, to objectively and independently focus on certain responsibilities delegated by the Board. b) Delegation of Authority In the financial year 2015, the Management has implemented a revised Delegation of Authority, which is in line with the growth of the business of the organisation. The revised Delegation of Authority clearly defines the authority and authorisation limits of the Management in all aspects of the Company’s key business decisions.