STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL On a semi-annual basis, each key process owner at various management levels is required to complete and submit a Letter of Assurance which provides confirmation of compliance to key controls for the areas of the business for which they are accountable. If ineffective controls exist, the key process owner will have to put in place appropriate remediation plans whilst the control owner will monitor the execution of the plans to ensure the controls are effective before the next FCF’s testing. 5. The Group continues to practice the PETRONAS Debt Compliance Management (“DCM”) initiative, the objective of which is, to provide assurance that debt covenants of its external borrowings are being observed and complied with. 6. There is a clear process for investment appraisal of equity investment or divestment and capital expenditure including, but not limited to, the generation of ideas, risk assessment, financial appraisal, due diligence procedures, authorisation, implementation and control of the project. 7. MISC’s Procurement Manual (“MPM”) provides the overall procurement principles, scope, functions, governance, operational procurement processes, procedures and exceptions to be adopted in relation to procurement activities within MISC. Tender Committees and Quotation Committees are established to ensure procurement activities are conducted in an effective, transparent and fair manner whereas Vendor Performance Review Committee is established to review, deliberate and endorse on overall vendor performance matters including application for suspension, blacklisting, uplifting and reinstatement. 8. Information and Communications Technology (“ICT”) is extensively employed in MISC to automate work processes and to collect key business information. MISC’s information and communication system, which acts as an enabler to improve business processes, work productivity and decision making, are implemented throughout the Group. The Information and Communications Technology Steering Committee (“ITSC”) provides strategic directions and guidance to ICT initiatives. Progress of ICT initiatives is monitored and reported at the ITSC meetings to ensure smooth implementation of ICT initiatives. System reviews are initiated and conducted to ensure that adequate controls are in place in order to conform to the Company’s business objectives, policies and procedures. 9. The professionalism and competency of employees are enhanced through structured development programs and potential entrants or candidates are subject to a stringent recruitment process. A Performance Management System (“PMS”) is established with performance indicators to measure employees’ performance and performance reviews are conducted twice annually. Action plans to address employees developmental requirements are prepared and implemented in a timely manner. This is to ensure that employees are able to deliver the expected performance so that the Group can meet its plans and targets. 10. The Company observes its own Code of Conduct and Business Ethics (“CoBE”) and the coverage is extended to not only MISC employees and directors within the MISC Group but also to third parties performing works or services for or on behalf of MISC group of companies. To support the general policy statements in the CoBE, MISC also observes the principles set out in the AntiCorruption and Bribery Manual which provides further guidelines on dealing with improper solicitation, bribery and other corrupt activities as well as issues that may arise in the course of doing business. The Whistleblowing Policy provides an avenue for all employees of MISC and members of the public to report any improper conduct within MISC in breach of the CoBE. The whistleblowing system includes a dedicated Hotline for employees to make reports in a confidential manner, and oversight of the processes by a Whistleblowing Committee. Where necessary, material whistleblowing reports are also escalated to the Board. REDISCOVER I REBUILD I SUSTAIN 116
RkJQdWJsaXNoZXIy NDgzMzc=