FRONTKEN CORPORATION BERHAD 200401012517 (651020-T) ANNUAL REPORT 2025 60 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL (CONT’D) RISK MANAGEMENT FRAMEWORK – EXTENT OF COVERAGE (CONT’D) The individual risks are scored for their likelihood of occurrence and the impact thereof based on a ‘5 by 5’ risk matrix, deploying parameters established for each key business unit or company in the Group. The risk parameters comprise relevant financial and non-financial metrics for risks to be evaluated or quantified, as the case may be, in terms of the likelihood of their occurrence and the impact thereof. The use of such metrics essentially articulates the Board’s risk appetite, i.e., the extent of risk the Group is prepared to take or seek in achieving its business objectives. The Group also maintains a forward-looking approach to emerging risks, identifying potential threats such as cybersecurity, digital disruption (including AI), and geopolitical uncertainty that may impact future operations. Details of specific risks are documented in individual risk registers, covering the risk description, root causes, risk consequences, internal controls implemented by Management to address the root causes, Management’s assessment of the effectiveness of internal controls and the residual risk rating. The action plans that Management has taken and/or is taking to mitigate the risks to acceptable levels are reported by the RMUs to the Audit Committee and the outcome is documented in the Audit Committee meeting minutes. INTERNAL CONTROL SYSTEM – THE KEY FEATURES The Group’s internal control system aligns with the principles of the COSO Internal Control – Integrated Framework, covering the control environment, risk assessment, control activities, information and communication, and monitoring activities. Besides those internal controls implemented by Management to mitigate the risks as mentioned above, the Group’s internal control system also covers the following salient elements: • an organisation structure with clearly defined lines of responsibilities and appropriate levels of delegation and authority, including financial limits of authority; • a process of hierarchical reporting which provides a documented and auditable trail of accountability; • an annual budgetary exercise requiring all business units to formulate financial budgets consolidated into a Group budget, with quarterly reviews of performance against budget; • significant changes in business development reported by Management to the Board at scheduled meetings; • the Audit Committee, entrusted by the Board to oversee the Company’s financial reporting process; • internal policies and procedures on key business processes formalised in writing; • structured whistle-blower policies and procedures; and • special audits commissioned by the Audit Committee or Senior Management where issues arise affecting the reliability of financial information, where applicable. INTERNAL AUDIT FUNCTION – ITS COMPOSITION AND SCOPE OF COVERAGE The Group adopts the Three Lines Model to ensure effective risk management and control, with the Internal Audit Function serving as the third line of defence providing independent assurance. The Group has two (2) groups of internal auditors, i.e. one covering the operations of the Group (save for Taiwan operations), and the other covering solely the Taiwan operations. The internal audit function of the Group (save for Taiwan operations) is outsourced to an independent professional firm, namely Sterling Business Alignment Consulting Sdn Bhd (“Sterling”). The internal audit function for the Taiwan operations is an in-house function, i.e. the internal audit personnel are employees of the subsidiary in Taiwan, namely Ares Green Technology Corporation (“AGTC”). Both the outsourced Internal Auditors and the internal audit function of the Group report to the Audit Committee.
RkJQdWJsaXNoZXIy NDgzMzc=