My EG Services Berhad Annual Report 2020

MY E.G. SERVICES BERHAD Regisration No. 200001003034 (505639-K) 118 RISK MANAGEMENT AND INTERNAL CONTROL STATEMENT INTRODUCTION The Board is pleased to present its Risk Management and Internal Control Statement for FY2020 which has been QSFQBSFE QVSTVBOU UP QBSBHSBQI C PG UIF ..-3 BOE BT HVJEFE CZ 4UBUFNFOU PO 3JTL .BOBHFNFOU *OUFSOBM $POUSPM (VJEFMJOFT GPS %JSFDUPST PG 1VCMJD -JTUFE *TTVFST i the Guidelines ”). This statement outlines the nature and state of the internal controls of the Group. BOARD’S RESPONSIBILITY The Board acknowledges its overall responsibility for maintaining a sound system of risk management and internal control, and for reviewing its adequacy and effectiveness to ensure shareholders’ interest and the Group’s assets are safeguarded. Given the inherent limitations in the risk management and internal control system, such a system put into effect by the Management is designed to manage rather than eliminate risks that may impede the Group’s achievement of the corporate objectives. Therefore, such a system can only provide reasonable and not absolute assurance against any material misstatement or loss, contingencies, fraud or irregularities. RISK MANAGEMENT FRAMEWORK 5IF #PBSE SFDPHOJTFT UIBU SJTL NBOBHFNFOU TIPVME CF BO JOUFHSBM QBSU PG UIF CVTJOFTT PQFSBUJPO 0O B EBZ UP EBZ basis, respective Heads of Departments are responsible for managing and mitigating risks related to their functions or departments. Weekly management meetings are held to ensure that the risks faced by the Group are monitored and properly addressed. It is at these meetings that key risks and corresponding controls implemented are communicated amongst the senior management team. On 27 February 2020, the Board had approved that the RMC decoupled from the Audit and Risk Management $PNNJUUFF UP CF JO MJOF XJUI UIF SFDPNNFOEBUJPO VOEFS 4UFQ VQ 1SBDUJDF VOEFS 1SJODJQMF # PG UIF .$$( UP FOIBODF our corporate governance practice. The RMC has constituted the Risk Management Working Group (“ RMWG ”) and the formation of RMWG is to assist the RMC in fulfilling its oversight responsibilities with respect to the Group’s risk management processes including assessment of key strategic and operational risk. The RMWG comprising of key NBOBHFNFOU TUBGG BOE PVS JO IPVTF JOUFSOBM BVEJU UFBN JT UP DBSSZ PVU UIF SJTL NBOBHFNFOU BDUJWJUJFT BT XFMM BT BVEJU work and identify any significant risks that are brought to the attention of the RMC and subsequently to the Board at their scheduled meetings. The Board, through the RMC, provides oversight of the entire risk management framework of the Group. Where necessary, special meetings will be convened to discuss specific matters that require immediate attention. During the financial year under review, the RMWG had met three (3) times with the RMC to update, review, highlight the key risk areas affecting the Group and recommended risk management strategies to manage and mitigate the identified risks. The Group Risk Management Policy established in October 2013 was reviewed by the Board at their scheduled meeting held on 3 March 2021 where it was assessed to be adequate and no further amendments were required by the Board. 5IF BCPWFNFOUJPOFE SJTL NBOBHFNFOU QSBDUJDFT PG UIF (SPVQ BSF UIF PO HPJOH QSPDFTT PG JEFOUJGZJOH FWBMVBUJOH BOE managing significant risks that may affect the Group’s achievement of its corporate objectives for the year under review and up to the date of approval of this Risk Management and Internal Control Statement by the Board. INTERNAL AUDIT FUNCTION 5IF (SPVQ IBT BQQPJOUFE BO PVUTPVSDFE JOUFSOBM BVEJU TFSWJDF QSPWJEFS OBNFMZ 7BFSTB UPHFUIFS XJUI PVS JO IPVTF JOUFSOBM audit team to carry out the internal audit function, which provides the Board with a reasonable assurance of adequacy of the scope, functions and resources of the internal audit function. The internal audit function assists the Board and AC in providing independent assessment of the effectiveness and adequacy of the Group’s system of internal controls. The assessment of the adequacy and effectiveness of the internal controls established by the management in mitigating risks is carried out through interviews and discussions with key management staff, review of the relevant established policies and procedures, and authority limits and observing and testing of the internal controls on a sample basis. The results of the internal audit reviews including action plans to be taken by the management to address the identified weaknesses and recommendation of enhancement opportunities are then reported to the AC, which in turn reports these matters to the Board.