STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL During FY2023, the Group operates within an enterprise risk management framework. An Executive Committee (“EC”) that comprises Executive Directors of the Company and appointed key management personnel has been established to assume the following functions:- a) To supports the Board in fulfilling its responsibility for identifying significant risks and ensuring the implementation of appropriate systems to manage the overall risk exposure of the Group; and b) To review and recommend the Group’s risk management policies and strategies for the ARMC’s consideration and recommendation for the Board’s approval. The main functions and duties of the EC include, but are not limited to:- (i) Provides oversight and direction to the Group risk management process which includes:- • Evaluating and identifying new risks; • Reviewing and updating the Risk Register and ensuring that significant risks are being responded to appropriately; and • Monitoring the Group’s risk exposures and ensuring the implementation of management action plans to mitigate significant risks identified; (ii) Evaluates the effectiveness of the risk management processes and support system to identify, assess, monitor and manage the Group’s key risks; (iii) Meets with senior management on a semi-annual basis to discuss and deliberate on the significant risks affecting the Group within the context of the business objectives and strategy; (iv) Establish Group risk management guidelines and policies and ensure implementation of the objectives outlined therein and compliance thereto; (v) Recommends for the Board’s approval, the Group risk management policies, strategies and risk tolerance levels, and any proposed changes thereto; and (vi) Reviews significant investment proposals. A risk management report is tabled for review and acceptance by the ARMC and Board annually or at shorter intervals where necessary. The report identifies principal risks affecting or are likely to affect the Group, and the appropriate systems and/or actions to manage the risks. The key risks and some of the control measures taken to mitigate the risks for FY2023 are set out below:- Risk area Control measures taken to mitigate the risks Operational risks • As in any business, the Group is subject to operational risks which are inherent in the industry which the Group is operating such as delay in progress of construction leading to Liquidated Ascertained Damages, cost overrun, etc. • Organisation structure outlining the lines of responsibilities and authorities for planning, executing, controlling and monitoring the business operations. • Periodic operational review meetings attended by the Executive Directors, heads of departments and key management staff to consider financial and operational risks and issues of the Group as well as any management proposal. • Monitoring of actual performance against annual budget by the Board. • Placement of loyal and experienced employees to lead branches’ operations. • Engagement of specialist to provide consultancy services for technically complicated works. • Formalised Whistleblowing Policy, code of conduct and written policies and procedures on major processes to ensure compliance with internal control systems and relevant laws and regulations. • Appointment of staff based on the required level of qualification, experience and competency. Kimlun Corporation Berhad 064
RkJQdWJsaXNoZXIy NDgzMzc=