ENRA Group Berhad Annual Report 2018

40 E N R A G R O U P B E R H A D ( 2 3 6 8 0 0 - T ) RISK MANAGEMENT RESPONSIBILITIES The Risk Management process is a collective responsibility which works by engaging every level of the organization as risk owners of their immediate sphere of risks (as shown in the above illustration), the Group aims to approach risk management from a top down, bottom up approach (holistically). This is managed through an oversight structure involving the Board, ARMC, Internal Audit, Executive Management and RMUs. INTERNAL AUDIT FUNCTION At present, there is an in-house Internal Audit function. The Internal Audit function operates within the framework of the International Professional Practices Framework by the Institute of Internal Auditors as stated in its Internal Audit Charter, which is approved by the ARMC. The Internal Audit function provides the ARMC with independent opinions of processes, risk exposure and systems of internal control using the Committee of Sponsoring Organization of the Treadway Commission Internal Control – Integrated Framework as a guide. The Internal Audit function assess the Group’s Internal Control system according to the following five interrelated control elements: • Control Environment • Risk assessment • Control Activity • Information & Communication • Monitoring The Internal Audit team which is headed by Mr. Melvinder Singh, Vice President Group Internal Audit, who is a Chartered Member of the Institute of Internal Auditors Malaysia with more than 20 years of experience in internal auditing with the assistance of a team, independently reviews the key business processes, and reports to the ARMC on a quarterly basis. The ARMC reviews and evaluates the key audit issues raised by the Internal Audit function and ensures that appropriate and prompt remedial action is taken by the Management. During the financial year, the Internal Audit function prepared and presented an annual audit review schedule to the ARMC. This annual schedule outlines the key business processes of the Group’s head office departments, property development subsidiaries as well as oil & gas services activities. The ARMC had reviewed and approved the schedule providing the Internal Audit team with the mandate in assessing the adequacy and effectiveness of the Group’s internal control system. In line with the approved annual review schedule, the Internal Audit team completed five audit reviews, two follow- up audits and two process reviews. The area of coverage is aligned with the Group’s Risk Management assessment covering Finance, Human Resource, Operations, Procurement, Inventory, General IT, Sales, Marketing and Project Management. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL cont’d