DESTINI Annual Report 2020

The Audit Committee and the Board has reviewed the inhouse internal audit function and is satisfied with the level of independence and the competence of its staff. In order to improve the effectiveness of the internal audit function, the Board has empowered the internal auditors to exercise more influence in determination of their scope of work and the implementation of their audit strategy which includes the following: a) Clearly defined terms of reference, authorities and responsibilities of the various committees, which include Audit Committee, Nomination and Remuneration Committee; b) Regular and comprehensive information provided to management and the Board, covering financial performance and key business indicators; c) A detailed budgeting process where operating units prepare budgets for the coming year which are approved both at the operating unit level and by the Board; d) Quarterly monitoring of results by the management and appropriate action taken, when necessary; and e) R egular visits to reporting units by the management team and, where deem appropriate, the Board. Board Responsibility The Board is responsible to maintain a sound system of internal controls and for reviewing its adequacy and integrity. It includes not only financial controls but operational and compliance controls. Due to the limitations inherent in an internal control system, management has affected an internal control system designed to manage rather than eliminate the risk that may impede the achievement of the Group’s business objectives. Management Responsibility The management is responsible for implementing the Group’s strategies and day-to-day businesses. The organization structure sets out clear segregation of roles and responsibilities, lines of accountability and levels of authority to ensure effective and independent stewardship. The management assists the Board in implementing the policies approved by the Board, implementing risk control procedures and developing, operating and monitoring internal controls to mitigate and control identified risks. Internal Audit Responsibility The Group Internal Audit Department (“GIAD”) function was set up by the Board to provide independent assurance of the adequacy of risk management, internal control and governance systems. GIAD activities are guided by an Internal Audit Charter which is approved by the Audit Committee (“AC”). The Group’s internal audit function undertakes regular reviews of the Group’s operations and its system of internal control. The audit plan is developed based on the risk profiles of the Group business. Internal audit findings are discussed at management level and actions are agreed in response to the internal audit recommendations. The progress of implementation of the agreed actions is being monitored by GIAD through follow up reviews. GIAD’s scope of coverage encompasses all business and support units, including subsidiaries that do not have their own audit units. The selection of the units to be audited from the audit universe is based on an annual audit plan that is approved by the AC. The annual audit plan is developed based on assessment of risks, exposures and strategies of the company. Units that are assessed to be high risk are subject to an annual audit, while those that are assessed to be medium or low risk are subject to a cycle audit. GIAD also undertakes investigations into alleged fraud by staff, customers or third parties and recommends appropriate improvements to prevent recurrence and actions against persons responsible. The Audit Report is the final product of an audit assignment, which provides the scope of audit work performed, a general evaluation of the system of internal controls together with detailed audit observations, response of management, and comments and recommendations by GIAD for improvement. The AC reviews and evaluates any exceptions or noncompliance raised by GIAD and monitors that appropriate and prompt remedial actions are taken by the management. The GIAD is committed to provide an independent, objective assurance and advisory services that will add value and improve the company’s operations. It does this by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the risk management, control and governance processes, in line with the conceptual framework and guidance promulgated by the Institute of Internal Auditors (“IIA”) International Standards for the Professional Practice of Internal Auditing and relevant regulatory guidelines. 73 ANNUAL REPORT 2020 DESTINI BERHAD