MISC Annual Report 2019

principles set out in the ABC Manual which provides further guidelines in dealing with improper solicitation, bribery and other corrupt activities as well as issues that may arise in the course of doing business. A Compliance function was established with the responsibility to oversee the implementation of the MISC Compliance and Ethics Programme and the Anti-Bribery Management System (ABMS). This function has direct access to the Board and Management for matters relating to Compliance and Ethics initiatives, ABMS including issues related to bribery and corruption. MISC Berhad was successfully certified with the ISO 37001:2016 ABMS on 28 January 2019 by SIRIM. The certification, which sets out the requisite requirements to prevent, identify and respond to bribery, further fortifies the internal control processes and systems of the Company in respect of anti-bribery and corruption management. In this respect, MISC has put in place the ABMS Manual. The remainder of the MISC Group will also embark on obtaining the ISO 37001:2016 ABMS certification with MHB already being certified on 27 June 2019. Dealing with third parties is part of MISC’s business operations and in ensuring that all business dealings are conducted in accordance to the MISC CoBE policies and guidelines, due diligence exercises are carried out on all third parties as outlined in MISC’s Third Party Compliance Due Diligence Operational Guidelines. MISC Group has also adopted the Human Rights Commitment and Modern Slavery Policy on 24 May 2019 to ensure adherence to the CoBE, which outlines the standards and behaviours that the Group upholds, with emphasis on due respect for human rights and compliance applicable to global laws and rules. In ensuring that this Commitment and Policy is followed through across MISC and its subsidiaries, a cross- functional Human Rights Working Group has been established to consider the way forward to ensure all potential modern slavery risks have been adequately mitigated. The Group continues to monitor any potential conflicts of interest through annual declarations of the employees, and the receipts and/or giving of any gifts via the employees’ Conflict of Interest Register and employees’ Gift Register. The Group also continues to monitor and ensure effectiveness of the Compliance and Ethics Programme. 12. MISC established its Corporate Disclosure Policy (CDP) and Corporate Disclosure Guidelines (CDG) in 2016. The CDP guides the Board, Management and employees when communicating and making disclosure of information to external parties such as Bursa Securities, investment community, media, government authorities and other relevant stakeholders. It also sets out the parameters to enable timely, adequate and accurate disclosure of such information. The CDG, which is an internal document, provides more definitive guidelines for communication and disclosure of information in the above areas. 13. The MISC Economic Sanctions and Export Control Policy and Guidelines underpin the Group’s commitment to comply with relevant economic sanctions and export control regulations in the jurisdictions it operates in, through identifying, mitigating and managing such risks. Trainings on Economic Sanctions have been organised for the Board and employees to create awareness on the Policy and current positions relating to the economic sanctions and export control as well as the violation penalties. 14. MISC has established a Corporate Privacy Policy and Master Guidelines which demonstrates the commitment to handle and manage personal data in accordance with the general principles of personal data protection and applicable laws in various jurisdictions. In aligning to the Corporate Privacy Policy, MISC has revised the Personal Data Protection Act Notice to the Personal Data Information Notice. 15. The Group keeps a register on conflict of interest or potential conflict of interest situation for company directors in the Group which is reviewed on an annual basis. 16. This year saw the review of the MISC Security Risk Management Policy which was subsequently replaced by the new MISC Security Policy dated 24 May 2019. The new policy includes the establishment of a Security Management System which incorporates the new cybersecurity requirements implemented in MISC. MISC replaced its Drug and Alcohol Policy with the new Substance Misuse Policy dated 1 November 2019 which reiterates the Group’s commitment for a substance free workplace not only for the HSSE critical positions but to all employees, contractors and subcontractors. This policy has been aligned to MISC’s CoBE as well as providing an avenue for employees with substance misuse problems to seek assistance from the organisation. Assurance Functions Group Health, Safety, Security & Environment (Group HSSE) The HSE Management System which incorporates the HSE Mandatory Framework is developed based on PETRONAS HSE Management System and serves as reference in planning and mitigating the risks of Health and Safety of employees, visitors, contractors and sustainability of the environment. Group HSSE ensures that the Group’s Security Risk exposures are reviewed according to national and international regulatory requirements and best practices; accordingly plan and implement mitigating measures to ensure the security of employees, visitors, contractors and assets. HSSE assurance is carried out on the respective business units, vessels and floating facilities by Group HSSE with the objective to verify, evaluate and review the HSSE operational activities to ensure their operational integrity and reliability are maintained at all times, consistent with international regulations, HSSE controls and internal policies. MISC Group’s vessels are subjected to stringent audits, vetting and inspections to meet various regulatory and commercial requirements. These include vetting by oil majors, audits by the Malaysian Marine Department and ship classification societies to maintain international safety and security management certification under the relevant codes. In addition, MISC is also subjected to periodic management reviews by its customers’ risk management units. The MISC HSSE Council, chaired by the President/Group Chief Executive Officer (CEO) with the Management Committees and Managing Director/CEO of all subsidiaries as members, reviews the Group HSSE performance on a monthly basis and HSSE policies and strategies periodically, to ensure that they are in line with business objectives. The BARC oversees the HSSE risk and control effectiveness through review of the assurance findings on a quarterly basis. Group Internal Audit MISC’s GIA supports the BARC by providing independent feedback on the adequacy of risk management, governance as well as the efficiency and effectiveness of the internal control systems. The GIA processes and activities are guided by the approved Internal Audit Charter and aligned with internal audit industry standards i.e. The International Professional Practices Framework. Further information on the internal audit functions are set out in Statement of Internal Audit on pages 216 to 217 of this Annual Report. Other Matters With regards to the associated companies and joint ventures, the Board does not regularly review the internal control systems as the Board has no direct control over their operations. Nevertheless, MISC’s interests in the associated companies and jointly controlled entities are served via representations on the boards as well as review of management accounts and inquiries thereof. Affirmation by The Board The Board has received assurance from the President/Group CEO and Vice President, Finance that the internal control and risk management systems of the Company and its subsidiaries for the year under review up to the date of approval of the statement are, in all material aspects, operating adequately and effectively. There were no material losses incurred during the financial year under review as a result of weaknesses of internal control. Review by External Auditor The external auditor, Ernst & Young PLT, has reviewed this Statement on Risk Management and Internal Control for inclusion in the Annual Report for the financial year ended 31 December 2019, in compliance with paragraph 15.23 of the Listing Requirements in accordance with guidelines issued by the Malaysian Institute of Accountants, and reported to the Board that nothing has come to their attention to cause them to believe that the statement intended to be included in the annual report is not prepared, in all material respects, in accordance with disclosures required by Paragraph 41 and 42 of the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuer, or that the statement is factually inaccurate. Conclusion For the financial year under review, based on enquiry, information and assurance provided, the Board is satisfied that the internal control and risk management systems were generally satisfactory. Measures would continuously be taken to ensure ongoing adequacy and effectiveness of the internal control and risk management systems, and to safeguard the Group’s assets and shareholders’ investment. This statement is made in accordance with the resolution of the Board of Directors dated 26 February 2020. Statement on Risk Management & Internal Control 229 228 OUR GOVERNANCE MISC BERHAD PEOPLE. PASSION. POSSIBILITIES ANNUAL REPORT 2019