Ni Hsin Berhad Annual Report 2018

Ni Hsin Resources Berhad (653353-W) Annual Report 2018 28 Statement on Risk Management and Internal Control INTRODUCTION The Board of Directors is pleased to present the following Statement on Risk Management and Internal Control of the Group for the financial year ended 31 December 2018 in accordance with the “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers”. RESPONSIBILITY The Board acknowledges the importance of maintaining a sound system of risk management and internal control to safeguard the shareholders’ investments and the Group’s assets. Accordingly, the Board affirms its responsibility for the Group’s system of risk management and internal control and its commitment to review its effectiveness, adequacy and integrity. The Group’s existing system of internal control includes financial, operational and compliance controls and risk management procedures. Due to the limitations that are inherent in any system of risk management and internal control, this system is designed to manage, rather than eliminate, the risk of failure to achieve business objectives. The Board also recognises that a sound system of risk management and internal control can only reduce but not eliminate the possibility of poor judgement in decision making, human error, control process being deliberately circumvented by employees, management overriding controls and the occurrence of unforeseeable circumstances. Accordingly, the system provides only reasonable but not absolute assurance against material misstatement of management and financial information and records or against financial losses or fraud. For the reporting period the Board has received assurance from the Managing Director of major subsidiaries and the Executive Director (who is in charge of Financial and Corporate Affairs) who are members of the Risk Management Working Committee (“RMWC”) that the Group’s risk management and internal control system is operating adequately and effectively, in all material aspects, based on the risk management and internal control system of the Group. Following the review of the risk management and internal control system in accordance with the guidelines for directors on risk management and internal control, the Statement on Risk Management and Internal Control: Guidance for Directors of Public Listed Companies, it was decided that the functions of the RMWC shall come under the purview of the Audit and Risk Management Committee (“ARMC”). The ongoing process for identifying, evaluating and managing the significant risks faced by the Group in its achievement of objectives and strategies is further elaborated in the following paragraphs. RISK MANAGEMENT The Board and Management are mindful of measures required to identify risks residing in any major proposed transactions, changes in nature of activities or venturing into new operating environment. The Group operates a risk management framework in which the Board assumes overall responsibility with established and clear functional responsibilities and accountabilities under two lines of defence for the management of risk. The first line of defence of risk management activities were carried out by the Group’s RMWC which comprises of Executive Directors and Corporate Head. The RMWC is currently chaired by Mr Khoo Chee Kong (Managing Director of major subsidiaries). As part of the Risk Management process, a Registry of Risk and a risk management policy was maintained during the period to identify principal business risks and updated for on-going changes in the risk profile. The risk management policy summarises risk management methodology, approach and processes, roles and responsibilities, and various risk management concept. The respective heads of departments are entrusted to identify risks and to ensure that adequate control systems are implemented to mitigate significant risks faced by the Group. Significant risk factors identified are reported to the Board for further elaboration and strategic decision making. Key management staff and Heads of Department are delegated with the responsibility to manage risks of their respective areas of responsibilities. They are also responsible for creating a risk-awareness culture within the organisation to ensure greater understanding of the importance of risk management and that its principles are embedded in key operational processes. In the periodic management meetings, key risks and mitigating controls are deliberated. Significant risks affecting the Group’s strategic and business plans are then escalated to the Board and discussed at their scheduled meetings. The second line of defence is the Group’s Internal Audit function, which is currently outsourced to an independent firm of professional internal auditors that reports directly to the ARMC. The ARMC provides independent assurance of the adequacy and reliability of the risk management processes and system of internal controls.