SCC Holdings Berhad Annual Report 2018

SCC Holdings Berhad | Annual Report 2018 22. RISK MANAGEMENT (cont’d) Risk identification and assessment Risks identified are assessed to determine their impact on the relevant business strategies / objectives and their likelihood of occurrence. The outcome of the risk assessment process at respective functional or business unit levels will then be consolidated at the Group level in a risk scorecard which enables divisions/departments/subsidiaries within the Group to report risks and risk status using a common platform. A Risk Profile and Action Plan, which registered the nature and extent of risks the division/department/subsidiaries and the Group is willing to accept or retain to achieve its goals and objectives, are reviewed by the RMC from time to time. KEY ELEMENTS OF THE INTERNAL CONTROL SYSTEM Internal controls are embedded in the Group’s operations as follows: Organisational Structure The Group has in place an organisational structure with clearly defined lines of responsibilities and functionalities which promotes appropriate levels of accountability for risk management, control procedures and effectiveness of operations. All new employees are required to undergo an orientation programme and the job function is clearly written for transparency and better accountability. Board and Management Meetings Strategic planning and detailed target setting for each area of business are established during the year end. Business unit conducted their monthly departmental meeting discussing departmental progress and planning for future including any departmental risk management matters. The management will meet on a bi-monthly basis to monitor the Company’s actual results against targeted and previous year’s results, whereby significant variances are being investigated and management action is taken, where necessary as well as to obtain feedbacks on daily operational issues. The Board meets on a quarterly basis to review agendas which amongst others include periodically internal audit reports. Performance Management Framework Management reports are generated on monthly and quarterly basis to allow the Board and the Group’s management to monitor the performance of its respective business units. The Group’s management information system is designed to provide the management with better reporting and review encompasses financial and non-financial matters for compliance and daily operational use. Limits of Authority The level of authorities and lines of responsibilities from business divisions up to the Board level are well-defined to ensure accountabilities and responsibilities for risk management and control activities. Operational policies and procedures The Group’s policies and procedures form an integral part of the internal control system to safeguard the Group’s assets against material losses and to ensure that the daily operations are running smoothly. Regular reviews are performed to maximise operation efficiency. Operation control procedures have been established in accordance to ISO 9001 standard. This is to ensure that the business processes flow is being executed as per best practices recommended by the standard. We have updated to the new ISO9001:2015 standard which have a section that covers risk management during the year. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL (cont’d)