INTERNAL CONTROL SYSTEMS (CONT’D) 1st Level of Defence: Business Line Management - The Senior Management, who are also Head of Departments and members of the ERMC forms the 1st line of defence, primarily responsible for managing processes. - They are also responsible for controlling risks by using business control and compliance frameworks, implementing internal control processes, and adequate control 2nd Level of Defence: Risk Management - Responsible for setting ERM Frameworks - Independent reporting to management and BARC - Advisor to 1st line 3rd Level of Defence: Internal Audit - Assurance about design and effectiveness - Reporting to Management and BARC - Advisory role to improve process Key Features of Internal Control The key elements and/or features of the internal control system established for maintaining strong corporate governance are as follows: (a) Organisation Structure and Reporting Lines The organisation structure and delegation of responsibilities are communicated across all levels, from the Board to the project/ risk owners in the organisation which set out, amongst others, authorisation levels, segregation of duties and other risk and control procedures. The Board and Board Committees are supported operationally by the Management Committee headed by the CEO. The Management Committee meeting (MCM) convenes on a fortnightly basis to discuss on strategic business plans, ongoing operational matters and the REIT’s financial performance hence has oversight of the REIT’s operations and maintenance of effective control. In addition, ad-hoc meetings to discuss the progress of high-risk corporate projects and exercises. In the absence of the CEO, the Management Committee meetings are chaired by the Chief Operating Officer as an Acting Chairman. (b) Internal Audit To ensure an independent and objective assurance of the adequacy and effectiveness of the internal control system, the Manager outsources the internal audit function of the REIT to an independent professional consulting firm, Messrs. PKF Risk Management Sdn Bhd (“PKF”). PKF adopts the International Professional Practices Framework (“IPPF”) in carrying out internal audit assignments by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls, and governance processes. The team from PKF is led by Dr. Wong Ka Fee, the Director of Risk and Governance Advisory. He possessed doctoral degree in Behavioural Finance and Master of Science in Management Consultancy. Dr. Wong Ka Fee has over 15 years of experience in a wide range of governance advisory, risk and internal audit work. The Internal Audit Team (IAT) at PKF consists of 8 permanent internal audit personnel staff who are qualified in the areas of internal audit and assurance. All the internal PKF audit personnel involved are free from any relationships or conflicts of interest, which could impair their objectivity and independence. Statement on Risk Management and Internal Control 144 AL-SALĀM REIT ANNUAL REPORT 2024
RkJQdWJsaXNoZXIy NDgzMzc=