FRONTKEN CORPORATION BERHAD 200401012517 (651020-T) ANNUAL REPORT 2024 42 RISK MANAGEMENT FRAMEWORK – EXTENT OF COVERAGE (CONT’D) Details of specific risks are documented in individual risk registers, covering the risk description, root causes, risk consequences, internal controls implemented by Management to address the root causes, Management’s assessment of the effectiveness of internal controls and the residual risk rating, i.e. the balance of risk after considering the effects of internal controls deployed to manage the exposure. The action plans that Management has taken and/or is taking to mitigate the risks to acceptable levels are reported by the RMUs to the Audit Committee and the outcome is documented in the Audit Committee meeting minutes, including any comments that the Audit Committee may have and such meeting minutes were also presented to the Board. The Audit Committee is tasked to brief the Board on the outcome of the risk update and mitigating measures deployed, including any significant issues therefrom. For each of the business risks identified, a risk owner is entrusted to ensure appropriate actions are taken to mitigate the risk to an acceptable level within specified timeline. The Risk Coordinator of the Group, when reviewing the risk update carried out by business units, enquires into the status of action plans undertaken by the Management of the business units concerned before reporting to the Audit Committee. During the financial year under review, additional risks identified by the business units together with the actions taken or being taken by Management to mitigate or reduce these additional risks were reported by the Risk Coordinator to the Audit Committee and only those that warranted the attention of the Board were recommended by the Audit Committee to the Board for its deliberation and approval. Whereas matters or decisions made within the purview of the Audit Committee were only escalated to the Board for its information and notation. INTERNAL CONTROL SYSTEM – THE KEY FEATURES Besides those internal controls implemented by Management to mitigate the risks as mentioned above, the Group’s internal control system also covers the following salient elements: • an organisation structure with clearly defined lines of responsibilities and appropriate levels of delegation and authority, including financial limits of authority in approving transactions and activities as well as mandate to operate bank accounts. This structure also sets out clear reporting lines and segregation of duties for key processes like strategic management, operations, sales and collections, procurement and payment, human resource management, capital expenditure, research and development, financial reporting, corporate affairs and investments; • a process of hierarchical reporting which provides a documented and auditable trail of accountability, with appropriate sign-off by personnel entrusted with the responsibilities; • an annual budgetary exercise that requires all business units and companies in the Group to formulate financial budgets which are then consolidated into a Group budget, presented to the Board for comments and ultimate approval. Quarterly reviews of the Group’s performance against budget are carried out at Board meetings where explanations on significant variances or unusual fluctuations are furnished by Management. Management meetings at the operational level are conducted to review financial performance against business plans and monitor the respective business unit’s performance against budget; • significant changes in business development are reported by Management to the Board at scheduled meetings. This oversight review enables the Board to evaluate and monitor the Group’s business performance vis-à-vis its strategic objectives; • the Audit Committee, which is entrusted by the Board to oversee, among others, the Company’s financial reporting process, in particular the quarterly and annual announcements of the Group’s financial performance, meets at least quarterly to review the announcements, seeks clarification and explanations from Management before recommending the announcements to the Board for approval; • internal policies and procedures on key business processes are formalised in writing for application by personnel across the Group. These policies and procedures provide the necessary guidance to personnel on complying with internal control requirements and applicable laws and regulations; • structured whistle-blower policies and procedures are formalised in writing to enable employees of the Group to raise genuine concerns about suspected improprieties on matters of financial reporting, non-compliance with laws and regulations, malpractices or unethical business conduct within the Group at the earliest opportunity and in an appropriate way without fear of reprisal. Mr Ng Chee Whye, the Independent Non-Executive Director, with his contact details uploaded to the website of the Company is the person to contact on such concerns; and • where issues arise that affect the reliability and integrity of financial information of any business unit, special audits would be commissioned by the Audit Committee or Senior Management, as the case may be to assist the Board in fulfilling its oversight responsibilities. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL (CONT’D)
RkJQdWJsaXNoZXIy NDgzMzc=