56 GHL SYSTEMS BERHAD 199401007361 (293040-D) ANNUAL REPORT 2021 KEY INTERNAL CONTROL PROCESSES (Cont’d) 3. Policies and Procedures The Group has defined and documented internal policies and standard operating procedures to ensure inter alia sound that internal controls are implemented and compliance with applicable laws and regulations are exercised. The policies and procedures are also being reviewed on a regular basis to ensure its relevance and effectiveness; in which Internal Audit function carried out reviews on the Group’s policies and procedures according to the approved annual audit plans. Compliance with these procedures is an essential element of the internal control framework. 4. Internal Audit Function As part of the Group’s efforts to establish a sound framework for risk management and internal controls, an in- house audit function is established as a key component of its internal controls processes. The Group Internal Audit (“GIA”) reports independently to the ARC and is guided by a formalised Internal Audit Charter and the Institute of Internal Auditor’s International Professional Practice Framework. Acting as the third layer of defense in internal controls, the GIA performs audits within the Group in accordance with an annual internal audit plan which is formulated through a comprehensive risk-based methodology and approved by the ARC. The audits are designed to test the appropriateness of control design and implementation as well as compliance with the existing policies and procedures. The results of all internal audit reviews, together with the findings and recommendations, are presented to Management for discussion and formulation of the necessary corrective action plans prior to finalisation of the internal audit reports. Status of implementation of the agreed upon audit recommendations is tracked until completion and updates are highlighted by the Head of Group Internal Audit to the ARC. Appropriate relevant parties are invited to be present during such presentations. The GIA is headed by Mr. Liow Tien Chin, a member of Certified Practicing Accountant (CPA) Australia and Chartered Member of The Institute of Internal Auditors Malaysia, with more than 15 years of experience in the profession. The GIA head is supported by a team of professionals whom possess the relevant qualifications and experience and have adequate resources to fulfil the internal audit plan for the next financial year. The Head of GIA, Mr. Liow, had in March 2022 confirmed the Internal Auditors’ independence to the ARC, where he had signed the annual declaration that he and his team were and had been free from any relationship or conflicts of interest which could impair their objectivity and independence. Based on the confirmation by the Head of GIA, the ARC is satisfied that the internal audit personnel are free from any relationships or conflicts of interest, which could impair their objectivity and independence and that the audit programme for the financial year under review was carried out by the Internal Auditors as planned. 5. Information Technology Controls and Security a. Disaster Recovery Backup Plan The Board is cognizant of the importance of business continuity management in strengthening the Group’s resilience in response to the evolving business environment and enhancement of shareholders’ values. A Disaster Recovery (“DR”) policy and procedure has been established groupwide in order to ensure continuity of the business operations in the event of an IT-disabling disaster. DR drills are conducted by the technology division together with external service providers at least once a year with continued focus on enhance the DR capability to cover all key aspects of the businesses. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL CONT’D
RkJQdWJsaXNoZXIy NDgzMzc=