4. Treasury function review at IHH Group covering the key treasury processes including risk management, monitoring and reporting. 5. Review of the governance and process in which sustainability data is collated, reviewed and verified for the purpose of internal management reporting and subsequent disclosures within IHH Group’s Sustainability Report. 6. Review of payroll process at country level. 7. Performed an internal quality review to ensure our processes are fully aligned to Institute of Internal Auditors (IIA) Standards and Code of Ethics. 8. Coordinated IHH clinical risk and control workshop for Group MAQ in collaboration with subject matter experts. 9. Performed ad-hoc reviews including review of new/renewal of Related Party Transactions that were going for AC and Board approval. 10. Conducted information technology (IT) audits, IT risk and control assessments, cybersecurity and control reviews across the entities of the Group. 11. Greater use of data analytics during audits to provide enhanced audit coverage and better assurance. 12. Financial and operational audit on key balance sheet reconciliation effectiveness, accounts receivable and credit control, discounts, cancellations and refunds, revenue charge and billing, cash collections, purchase and accounts payable, doctors’ fees and agreements, medical equipment management, system user access and inventory management within the Group. Other Risk and Control Processes The overall governance structure, and formally defined policies and procedures play a major part in establishing the control and risk environment of the Group. Although the Group is a networked organisation, a documented and auditable trail of accountability has been established within the business units of the Group. Each business unit of the Group is tasked with undertaking these corporate governance and risk management practices, as well as implementing the same: 1. A governance and management structure is established within each hospital for functional accountability with operational/functional heads reporting financial, legal, operational (clinical and non-clinical) risks, compliance with statutory and regulatory requirements and reputational risks to the Hospital Chief Executive Officer (CEO)/Director; 2. Hospital CEOs/Directors, Business Heads, Business Unit Heads and Corporate Heads report on business operations issues to the Senior Management on a monthly basis. Matters such as nursing issues, clinical incidents with lapses, adverse outcomes, potential legal issues and media exposure, are reported and addressed at the hospitals’ Ǫuality Assurance meetings and attended by the Hospitals’ CEOs, supported by the relevant Country functions; 3. The Medical Affairs and Quality Division manages the accreditation process and scrutinizes the qualifications and experience of our medical practitioners. In cases of unethical or negligent conduct, the case is discussed with the country CEOs for appropriate discipline of the medical practitioner, such as privileges being promptly revoked without hesitation; 4. The Quality Assurance committees of the business units maintain a vigilant oversight role to ensure that the clinical care delivered within the hospitals aligns meticulously with government regulations, thereby upholding the highest standards of quality; 5. On a quarterly/monthly basis, the operations divisions are to submit to the Group CEO updates pertaining to legal cases, IT, hospital development projects, business matters, HR matters, financial performance and analyses, group target savings, as well as the outlook for the business and strategic projects. 6. This information will form the body of the Executive Report by Group CEO to IHH Board; 7. Senior management tracks the development of legal cases. Any significant risk exposures or trends, in terms of incident type or case categorisation, are highlighted to the Board/RMC quarterly; 8. Insurance policies relating to workforce compensation, property damage and equipment breakdown, cyber liability and network business interruption, third party liability, professional indemnity and medical malpractice liability, are procured to meet the local regulatory requirements and business requirements of the operational divisions and the wider Group; 9. Financial risk management processes are in place to address credit risk, liquidity risk, market risk, interest rate risk and foreign currency risk; 10. GIA independently audit and report findings on financial, operational and compliance controls to the AC or the Board. In addition, on annual basis, the external auditors perform statutory audit and report findings on financial controls relevant to the statutory audit to the AC; and 11. Employees must abide by the Code of Conduct and avoid any dealings or conduct that could appear to be in conflict with the Group’s interests, unless such business relationships are consented to by the Board. Annual Report 2023 117
RkJQdWJsaXNoZXIy NDgzMzc=