Statement on Risk Management and Internal Control Governance 15. Managed the placements and renewals for the Group Insurance Programme, which includes the Directors and Officers Policy. The coverage for Cyber Liability has been extended to cover the entire Group; 16. Monitored cost of insurance claims and claims settlement through quarterly claims meetings with insurance service providers; and 17. Carried out ad-hoc assignments requested by Senior Management. For 2023, the consolidated risk report includes those of Fortis Healthcare Limited and PLife REIT risk profiles. The consolidated risk report and updates are analysed and reported to the Board RMC on a quarterly basis. The compliance culture is driven with a strong tone from the top, supported by the tone emanating from the middle, to embed the expected values and principles of conduct that shape the behaviors and attitudes of employees at all levels of business and activities across the Group. Group Internal Audit The Group has an independent internal audit function which provides an independent, objective assurance and consulting function designed to add value and improve the organisation’s operations. The internal audit function is under the responsibility of GIA department led by the Group Head, Internal Audit. GIA is independent and reports directly to the AC. GIA has direct control over internal audit activities in Malaysia, Singapore, China and India (excluding Fortis Healthcare Limited Group which is a publicly listed company in India). GIA maintains oversight of Acibadem’s internal audit activities through close partnership with the internal audit function of Acibadem. Apart from Gleneagles Hong Kong, the Group’s internal audit function is managed in-house and supported by co-sourcing with independent external subject matter experts, where necessary. Fortis Healthcare Limited Group runs its internal audit function in-house which is also supported by outsourced independent internal audit firms. GIA has visibility and ability to influence those internal audit activities at all levels throughout the Group including those operating companies’ internal audit functions which are outsourced to independent internal audit firms. GIA shares insights, good practices and improvement opportunities, in addition to audit observations. Common audit themes are leveraged across countries to benchmark and improve the organisational business processes. GIA function helps the organisation to accomplish its goals by bringing an objective and disciplined approach consistent with the International Standards for the Professional Practice of Internal Auditing (Standards) and the Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control – Integrated Framework and to evaluate and improve the effectiveness of risk management, internal control and governance processes. GIA performs audits on all major business units and areas based on the risk assessment performed during the preparation of Annual Internal Audit Plan which is reviewed and approved by the AC annually. Audit recommendations are developed based on the root cause analysis outcome. Further, GIA performs ad-hoc reviews and investigations requested by the AC and/or Senior Management and follow up on the implementation of agreed management actions on a quarterly basis to ensure all the key risks are addressed. GIA continues to run a guest auditor program by inviting subject matter experts from different functions and business units. GIA participates in the Lean Six Sigma Certification Program to help focus on process improvement, understanding of root cause and greater analysis skills. GIA carried out the following major activities for the year ended 31 December 2023 to broaden key business risks coverage: 1. Review of the effectiveness of Enterprise Risk Management (ERM) practices and processes. 2. Crisis management review at IHH Group. 3. Review of in-country tender structure, governance and controls of the tender process. IHH Healthcare Berhad 116
RkJQdWJsaXNoZXIy NDgzMzc=