90 SECTION 04 : CORPORATE GOVERNANCE RISK MANAGEMENT STRUCTURE (CONT"D) INTERNAL AUDIT FUNCTION At present, there is an in-house Internal Audit function. The Internal Audit function operates within the framework of the International Professional Practices Framework by the Institute of Internal Auditors as stated in its Internal Audit Charter, which is approved by the ARMSC. The Internal Audit function provides the ARMSC with independent opinions of processes, risk exposure and systems of internal control using the “Committee of Sponsoring Organisation of the Treadway Commission’s Internal Control – Integrated Framework” as a guide. The Internal Audit function assesses the Group’s Internal Control system according to the following five interrelated control elements: • Control Environment • Risk Assessment • Control Activity • Information & Communication • Monitoring The Internal Audit team is headed by Mr. Melvinder Singh Harminder Singh, Group Head of Compliance & Governance, who is a Chartered Member of the Institute of Internal Auditors Malaysia with more than 20 years of experience in internal auditing. Mr. Melvinder and his team independently reviews the key business processes, and reports to the ARMSC on a quarterly basis. The ARMSC reviews and evaluates the key audit issues raised by the Internal Audit function and ensures that appropriate and prompt remedial action is taken by the Management. During the financial year ended 31 March 2025, the Internal Audit function prepared and presented an annual audit review schedule to the ARMSC. This annual schedule outlines the key business processes of the Group’s governance process, ESG efforts and policy, property development subsidiaries as well as Oil & Gas services and Maintenance Repair and Overhaul Services. The ARMSC had reviewed and approved the schedule providing the Internal Audit team with the mandate in assessing the adequacy and effectiveness of the Group’s internal control system. The Internal Audit team completed a holistic Corporate Governance Review of EGB with reference to the Malaysian Code of Corporate Governance 2021, ESG updates and reporting in line with the Main Market listing requirements as a guideline. In addition, four routine audits were conducted covering the Maintenance, Repair and Overhaul (“MRO”) division, Property Development division and Information Technology (“IT”) function, along with assessments on the code of business conduct in accordance with the ARMSC’s approved annual review schedule. The area of coverage is aligned with the Group’s Risk Management assessment covering Finance, Human Resource, Operations, Procurement, Inventory, General IT, Sales, Marketing, Fraud Assessment and Project Management. Risk Management Structure Risk Management Responsibilities BOARD OF DIRECTORS STAKEHOLDERS BOARD MANAGEMENT EMPLOYEES AUDIT, RISK MANAGEMENT AND SUSTAINABILITY COMMITTEE EXECUTIVE RISK MANAGEMENT COMMITTEE RMU RMU RMU Risk Oversight (2nd Line of Defence) Internal Audit (3rd Line of Defense) DAY-TO-DAY RISK MANAGEMENT (1st Line of Defense) • Risk pro le • Issues to emerge • Current risk pro le • Action plans RMU • Risk management - policy - Philosopy • Establish structured risk management system • Ensure accountability • Risk aware culture Statement On Risk Management And Internal Control (Cont’d)
RkJQdWJsaXNoZXIy