INTERNAL CONTROL SYSTEMS (CONT’D) Key Features of Internal Control (Cont’d) The key elements and/or features of the internal control system established for maintaining strong corporate governance are as follows (Cont’d): (h) Outsourcing Functions to Third-Party Service Providers The Manager entered into a few outsourcing arrangements that involved entrusting specific tasks, functions, or processes to external partners or third-party service providers. The objectives of these arrangements are to leverage the benefit from the partner’s expertise, infrastructure, and economies of scale to improve cost efficiency to enable the organisation to focus more on core operations. To mitigate the risks that these arrangements have on the company’s performance, the Manager has set up the following controls: Fit & Proper - Developed an outsourcing policy in 2024 to govern and guide various departments of the Manager while outsourcing any functions at the department level. The policy is intended for establishing a prudent practice on management of risks arising out of outsourcing with a view to preventing adverse systemic impact and to protect the interest of the Manager and the REITs. - Ensure that the service providers are professionally qualified in carrying out the services - Carry out due diligence exercises which include background checks on the service providers, which may include background checks on the person or entity, a document verification process, or conducting interviews with the person to be appointed to undertake the key role in providing the services. - Undertake an ESG compliance assessment on the potential service providers to ensure that there are no environmental risks in the service providers’ activities - Require the service provider to sign a vendor Integrity Pledge to ensure compliance to policies relating to AntiBribery & Anti-Corruption, No-Gift, No Entertainment and Whistleblowing Policy. This is a part and parcel to combat bribery and corruption in an organization. - Ensure that the service providers comply with other governance requirements such as undertaking data privacy protection as part of the contract terms. This aligns with the REIT’s pledge to enforce its Personal Data Protection (PDP) Policy in providing assurance to its data owners – tenants, directors, and employees that their personal data will be safeguarded and protected by the REIT. In addition, the company also requires service providers to take cognizant of the Anti-Money Laundering and Anti-Terrorism Financing Policy and all applicable laws to commensurate with the nature of the Company’s businesses and activities. Statement on Risk Management and Internal Control 148 AL-SALĀM REIT ANNUAL REPORT 2024
RkJQdWJsaXNoZXIy NDgzMzc=