My EG Services Berhad Annual Report 2019

ANNUAL REPORT 2019 89 RISK MANAGEMENT AND INTERNAL CONTROL STATEMENT INTRODUCTION The Board is pleased to present its Risk Management and Internal Control Statement for FP 2019 which has been prepared pursuant to paragraph 15.26(b) of the MMLR and as guided by Statement on Risk Management & Internal Control: Guidelines for Directors of Public Listed Issuers (“ the Guidelines ”). This statement outlines the nature and state of the internal controls of the Group. BOARD’S RESPONSIBILITY The Board acknowledges its overall responsibility for maintaining a sound system of risk management and internal controls, and for reviewing its adequacy and effectiveness to ensure shareholders’ interest and the Group’s assets are safeguarded. Given the inherent limitations in the risk management and internal control system, such a system put into effect by the Management is designed to manage rather than eliminate risks that may impede the Group’s achievement of the corporate objectives. Therefore, such a system can only provide reasonable and not absolute assurance against any material misstatement or loss, contingencies, fraud or irregularities. RISK MANAGEMENT FRAMEWORK The Board recognises that risk management should be an integral part of the business operation. On a day-to-day basis, respective Heads of Departments are responsible for managing and mitigating risks related to their functions or departments. Weekly management meetings are held to ensure that the risks faced by the Group are monitored and properly addressed. It is at these meetings that key risks and corresponding controls implemented are communicated amongst the senior management team. The Board, through the ARMC, provides oversight of the entire risk management framework of the Group. The formation of the Risk Management Working Group (“ RMWG ”) is to assist the ARMC in fulfilling its oversight responsibilities with respect to the Group’s risk management processes including assessment of key strategic and operational risk. The RMWG comprising of key management staff and an Independent Non-Executive Director is to carry out the risk management activities and identify any significant risks that are brought to the attention of the ARMC and subsequently to the Board at their scheduled meetings. Where necessary, special meetings will be convened to discuss specific matters that require immediate attention. During the financial period under review, the RMWG had met five (5) times to update, review, highlight the key risk areas affecting the Group and recommended risk management strategies to manage and mitigate the identified risks. The activities of the RMWG undertaken were reported to the ARMC at the quarterly ARMC meetings. The Group Risk Management Policy established in October 2013 was reviewed by the Board at their scheduled meeting held on 27 February 2020 where it was assessed to be adequate and no further amendments were required by the Board. The abovementioned risk management practices of the Group are the on-going process of identifying, evaluating and managing significant risks that may affect the Group’s achievement of its corporate objectives for the period under review and up to the date of approval of this Risk Management and Internal Control Statement by the Board. INTERNAL AUDIT FUNCTION The Group has appointed an outsourced internal audit service provider, namely Vaersa together with our in-house internal audit team to carry out the internal audit function, which provides the Board with a reasonable assurance of adequacy of the scope, functions and resources of the internal audit function. The internal audit function assists the Board and ARMC in providing independent assessment of the effectiveness and adequacy of the Group’s system of internal controls. GOVERNANCE