105 Apart from Gleneagles Hong Kong, the Group’s internal audit function is managed in-house and supported by co-sourcing with independent external subject matter experts, where necessary. Fortis Healthcare Limited Group runs its internal audit function in-house which is also supported by outsourced independent internal audit firms. GIA has visibility and ability to influence those internal audit activities at all levels throughout the Group including those operating companies’ internal audit functions which are outsourced to independent internal audit firms. GIA shares insights, good practices and improvement opportunities, in addition to audit observations. Common audit themes are leveraged across countries to benchmark and improve the organisational business processes. The GIA function supports the management of risks including those related to Conflict of Interest (COI) and Sustainability. GIA reviews COI matters as part of audits or upon management request, ensuring compliance with ethical and regulatory standards. In relation to sustainability, GIA continuously evaluates the risks on an annual basis and plan to collaborate with relevant stakeholders to perform an internal review in 2025, aiming to enhance governance and reporting practices further. GIA function helps the organisation to accomplish its goals by bringing an objective and disciplined approach consistent with the International Standards for the Professional Practice of Internal Auditing (Standards) and the Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control – Integrated Framework and to evaluate and improve the effectiveness of risk management, internal control and governance processes. GIA performs audits on all major business units and areas based on the risk assessment performed during the preparation of the Annual Internal Audit Plan which is reviewed and approved by the AC annually. Audit recommendations are developed based on the root cause analysis outcome. Further, GIA performs ad-hoc reviews and investigations requested by the AC and/or Senior Management and follow up on the implementation of agreed management actions on a quarterly basis to ensure all the key risks are addressed. GIA runs a guest auditor program by inviting subject matter experts from different functions and business units. 7. Conducted information technology (IT) and application audits, IT risk and control assessments, and control reviews across the entities of the Group. 8. Greater use of data analytics during audits to provide enhanced audit coverage and better assurance. 9. GIA is working closely with Group Medical Affairs and Quality to ensure alignment and complementarity in our efforts across clinical assurance. This collaboration involves sharing operational findings and coordinating annual audit plans to deliver aligned assurance to the Board. 10. Financial and operational audit on key balance sheet reconciliation effectiveness, accounts receivable and credit control, discounts, cancellations and refunds, revenue including packages and promotion, billing, financial counselling at the business office, management of reportable/ occurrence cases, review of urgent care centre, workplace health & safety, cash collections, fixed asset management, tariff master data management, procurement and vendor management, IT user access, physical access to key hospital areas and inventory management within the Group. Other Risk and Control Processes The overall governance structure, and formally defined policies and procedures play a major part in establishing the control and risk environment of the Group. Although the Group is a networked organisation, a documented and auditable trail of accountability has been established within the business units of the Group. Each business unit of the Group is tasked with undertaking these corporate governance and risk management practices, as well as implementing the same: 1. A governance and management structure is established within each hospital for functional accountability with operational/functional heads reporting financial, legal, operational (clinical and non-clinical) risks, compliance with statutory and GIA participates in the Lean Six Sigma Certification Program to help focus on process improvement, understanding of root cause and greater analysis skills. GIA carried out the following major activities for the year ended 31 December 2024 to broaden key business risks coverage: 1. Review of Travel and Entertainment Expense at IHH Group. 2. Review of the general billing process covering discounts and refunds within IHH Malaysia and IHH Singapore. 3. Inventory management review within IHH Malaysia and IHH Singapore. 4. Review of Personal Data Protection at IHH Singapore. 5. Review of Cybersecurity services provided by Cybersecurity Center of Excellence (CoE) based in India. 6. Conducted Red Team exercises at IHH Singapore and IHH Malaysia to assess the effectiveness of the CoE’s Security Operation Center and the entities’ cybersecurity countermeasures.
RkJQdWJsaXNoZXIy NDgzMzc=