MISC Annual Report 2018

• The PETRONAS Group Risk Management conducted 8 self- assessment reviews on MISC Group’s compliance to the PETRONAS Resiliency Model (“PRM”), Plant and Facilities, and Project. The purpose of the self-assessment is to ensure MISC and its subsidiaries comply to requirements established in its frameworks, guidelines and guiding principles. In addition to the yearly self-assessment, PETRONAS also conducted a Combined Assurance Fieldwork to further improve the assurance process. The Combined Assurance Fieldwork conducted in 2018 covered PETRONAS Project Management System, PRM and CFP. • An Anti-Bribery and Corruption (“ABC”) risk assessment was conducted to preliminarily identify, assess and evaluate bribery exposures within MISC, and identify the areas of operations within MISC that are more exposed to bribery and corruption risk has been presented to the Management. Mitigation plans have thereupon been developed and implemented in FY2018. One of the recommendations arising from the ABC risk assessment that was conducted in 2017, was for MISC Group to be ISO37001: Anti-Bribery Management System certified. The process for certification commenced in 2018 and MISC has been successfully certified in February 2019. • A comprehensive end to end cyber security risk assessment based on National Institute of Standard and Technology was conducted to evaluate MISC Group’s readiness to respond to cyber security threat, including having an emergency response plan to address the same. The assessment includes the review of controls and procedures related to the security of MISC’s confidential data and information, examination of the organisation’s culture and people and a review of technical capabilities from a security governance perspective including aspects on physical security. Following the findings which was presented to the Management Committee, recommendations for improvements shall be implemented for MISC to reach a minimum maturity level based on industry standards. In addition, MISC has also completed a self-assessment exercise under Cyber Security Assurance Program initiated by PETRONAS which carried the same objective. All findings and areas of improvements identified above are incorporated into the Group’s on-going improvement process and updated at appropriate review opportunities primarily during the Group’s Annual Planning Forum, yearly risk register review and engagements with the BARC during the quarterly BARC meetings. OTHER KEY INTERNAL CONTROL PROCESSES To further enhance the internal control system, the Group’s other internal control processes are as follows: - 1. The Board reviews quarterly reports from Management on key operating performance, legal, environmental and regulatory matters. Financial performance is deliberated monthly by the MC and tabled to the BARC and the Board on a quarterly basis. 2. The Group performs a comprehensive annual planning and budgeting exercise which involves the development of business strategies for the next five years to achieve the Group’s vision. The long term strategies are supported by initiatives to be pursued in the upcoming year, and for effective implementation, the initiatives are tied to specific measurable indicators which will be evaluated against the relevant business/service units and subsidiaries’ deliverables. The Group’s strategic direction is then reviewed annually taking into account current progress level and other indicators such as latest developments in the industry, changes in market conditions and significant business risks. In addition to that, the Group’s business plan is translated into budgetary numbers for the next five years and financial performance and variance against budget is analyzed and reported monthly to the MC and quarterly to the BARC and the Board. 3. The Limits of Authority (“LOA”) manual provides a framework of authority and accountability within the organisation and facilitates sound and timely corporate decision making at the appropriate level in the organisation’s hierarchy. 4. To enhance the quality of the Group’s financial reports, the Group continues the execution of the Petronas Financial Control Framework (“FCF”). FCF is a structured process of ensuring the adequacy and effectiveness of internal controls operating at various levels within the Group at all times. FCF covers internal controls related to financial reporting based on the identified processes and risks. It is a consistent approach in which the internal controls over financial reporting are documented and evaluated for their effectiveness in design and operations. FCF requires documentation of process workflows, process narratives, control descriptions, testing on control effectiveness as well as remediation of control gaps. FCF testing requirement is performed semiannually for relevant processes. On a semi-annual basis, the process owner at various management levels and operating entities is required to complete the FCF testing and present the result to the Management. The Management will submit a Letter of Assurance to Petronas which provides confirmation on the effectiveness of specified internal controls over financial reporting of the entities and be accountable for the reliability of financial statements. If ineffective controls exist, the process owner will have to put in place appropriate remediation plans and the control owner will monitor the execution plans to ensure the controls are mitigated by the next FCF’s process. 5. The Group continues to practice the PETRONAS Debt Compliance Management (“DCM”) initiative, the objective of which is, to provide assurance that debt covenants of its external borrowings are being observed and complied with on quarterly basis. 6. There is a clear process for the evaluation of investments or divestments and the process includes risk assessment, financial appraisal, due diligence and execution. The investment appraisals are reviewed by the Management before being recommended to the approving authority. 7. MISC’s Procurement Manual (“MPM”) provides the overall procurement principles, scope, functions, governance, operational procurement processes, procedures and exceptions to be adopted in relation to procurement activities within MISC. Tender Committees and Quotation Committees are established to ensure procurement activities are conducted in an effective, transparent and fair manner whereas Vendor Performance Review Committee is established to review, deliberate and endorse on overall vendor performance matters including application for suspension, blacklisting, uplifting and reinstatement. 8. Information and Communications Technology (“ICT”) is extensively employed in MISC to automate work processes and to collect key business information. MISC’s information and communication system, which acts as an enabler to improve business processes, work productivity and decision making, are implemented throughout the Group. The Information and Communications Technology Steering Committee (“ITSC”) provides strategic directions and guidance to ICT initiatives. Progress of ICT initiatives is monitored and reported at the ITSC meetings to ensure smooth implementation of ICT initiatives. System reviews are initiated and conducted to ensure that adequate controls are in place in order to confirm to the Group’s business objectives, policies and procedures. The Group adheres to the industry cybersecurity standards. The Group has invested on processes, tools, skills, services and applications to mitigate the Group’s risk in cyber security threats. Reviews are conducted regularly to ensure that the Company’s businesses and processes are safeguarded from cybersecurity threats. 9. The professionalism and competency of employees are enhanced through structured development programs and potential entrants or candidates are subject to a stringent recruitment process. A Performance Management System (“PMS”) was established with performance indicators to measure employees’ performance and performance reviews are conducted twice annually. Action plans to address employees’ developmental requirements are prepared and implemented in a timely manner. This is to ensure that employees are able to deliver the expected performance so that the Group can meet its plans and targets. A structured Succession Planning framework was developed and implemented to identify and develop a leadership pipeline in the Group. The Succession Planning framework takes into account the potential successor’s performance track record, leadership capability and display of the MISC cultural beliefs.  The Succession Planning framework also provides development plans to be mapped appropriately for each potential successor in order for them to be ready to assume critical positions as the opportunity arises. A special talent review session by the Management Development Committee (“MDC”) is conducted twice annually to assess and gauge the identified talent pool’s suitability as well as their readiness level for the proposed Critical Position. On top of the Succession Planning framework which is more focused towards the Critical Positions, a Functional Competency and Leadership Competency framework applicable to all employees in the Company was launched during the year. The objective of the Functional Competency and Leadership Competency framework is to have a competent and capable workforce through a structured and holistic developmental process, which ultimately feeds into the talent pipeline for the Succession Planning. Through the framework, all employees are required to go through functional and leadership competency assessment annually where they are assessed against the competency required for their role and at their job level respectively. Based on the competency gap identified from the assessment, employees are empowered to identify and propose suitable intervention plans to address their competency gap through a 1-to-1 discussion with their supervisors. The Functional Competency and Leadership Competency framework, together with the Succession Planning framework, signifies the Group’s commitment towards developing future leaders of MISC. STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL HIGHLIGHTS OF THE YEAR OUR BUSINESS OUR LEADERSHIP OUR PERFORMANCE OUR COMMITMENT TO SUSTAINABILITY OUR GOVERNANCE FINANCIAL STATEMENTS OTHER INFORMATION 50 TH ANNUAL GENERAL MEETING 199 MISC BERHAD ANNUAL REPORT 2018 198

RkJQdWJsaXNoZXIy NDgzMzc=