KEY ELEMENTS OF RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM (continued) Risk Management Framework (continued) The Group’s risk management framework has the following key attributes: (continued) • Key elements of risk management framework: (continued) ii. Evaluate the risks and develop risk mitigating action plans; and The identified risks, which may fall into the category of strategic risk, operational risk, credit risk, finance/account risk or IT risk, will be evaluated by RMT and thereafter effective controls and risk mitigating action plans will be developed and implemented to address and mitigate the risks identified. iii. Monitor the progress of action plans and review the business risks from time to time. RMT will closely monitor the outcome of the implementation of the controls and action plans carried out by the various levels of management and will re-evaluate the risks and formulates new mitigating strategy if the desired results are not achieved. • Risk Reporting Risk management review is conducted every quarter. Significant risks of key areas identified by RMT are reported to ARMC and the Board during quarterly meetings. The internal auditors provide an independent assessment of the adequacy and reliability of the operational risk management processes and report its findings to the ARMC. Internal Audit Function The Group has an in-house internal audit department for the Manufacturing Division that carries out regular reviews of the Division’s operations and system of internal control by examining and evaluating business processes to determine the adequacy and efficiency of financial and operating controls, and highlighting significant risks and non-compliance impacting the Group. Where applicable, the internal audit department updates and provides recommendations to improve the effectiveness of risk management, controls and governance processes. The internal audit functions for the Corporate, Property Development & Construction and Agriculture Divisions is outsourced to an independent consulting firm who performs the audit in accordance with the Internal Auditors’ International Standards for the Professional Practice of Internal Auditing for Internal Control Review to assess the adequacy and integrity of the Group’s risk management. The Internal Auditors report directly to the ARMC on improvement measures pertaining to internal control lapses, including subsequent follow-up to determine the extent of their recommendations that have been implemented by the Management. Periodic audit reports and status on follow up actions are submitted to the ARMC, who reviews the findings with Management at its quarterly meetings. The Management is responsible for ensuring that necessary corrective actions to address control weaknesses are implemented within a defined time frame. The status of implementation is monitored through follow-up audit reviews which are also reported to the ARMC. The ARMC reviews the internal audit function, the scope of the annual internal audit plan, established on a risk-based approach, as well as the findings within its scope of responsibilities. The ARMC reports and updates to the Board on significant issues reviewed and noted during the internal audit process for the attention of the Board. During the financial year under review, the following functions’ processes and/or identified key risk areas of the Group’s major operations were reviewed by the Internal Auditors: Manufacturing Division (Malaysia & Vietnam): • Production & quality control including compliance with:- - Environmental regulations - Occupational safety & health regulations • Human resource • Purchasing & accounts payables Statement On Risk Management and Internal Control 53 P R G H O L D I N G S B E R H A D A N N U A L R E P O R T 2 0 2 1 (cont’d)
RkJQdWJsaXNoZXIy NDgzMzc=