IHH Healthcare Berhad | Annual Report 2024 106 regulatory requirements and reputational risks to the Hospital Chief Executive Officer (CEO)/Director; 2. Hospital CEOs/Directors, Business Heads, Business Unit Heads and Corporate Heads report on business operations issues to the Senior Management on a monthly basis. Matters such as nursing issues, clinical incidents with lapses, adverse outcomes, potential legal issues and media exposure, are reported and addressed at the hospitals’ Ǫuality Assurance meetings and attended by the Hospitals’ CEOs, supported by the relevant Country functions; 3. The Medical Affairs and Quality Division manages the accreditation process and scrutinizes the qualifications and experience of our medical practitioners. In cases of unethical or negligent conduct, the case is discussed with the country CEOs for appropriate discipline of the medical practitioner, such as privileges being promptly revoked without hesitation; 4. The Quality Assurance committees of the business units maintain a vigilant oversight role to ensure that the clinical care delivered within the hospitals aligns meticulously with government regulations, thereby upholding the highest standards of quality; 5. On a quarterly/monthly basis, the operations divisions are to submit to the Group CEO updates pertaining to legal cases, IT, hospital development projects, business matters, HR matters, financial performance and analyses, group target savings, as well as the outlook for the business and strategic projects; 6. This information will form the body of the Executive Report by Group CEO to IHH Board; 7. Senior management tracks the development of legal cases. Any significant risk exposures or trends, in terms of incident type or case categorisation, are highlighted to the Board/RMC quarterly; 8. Insurance policies covering workers’ compensation and employer’s liability, property damage and business interruption, cyber and data liability, thirdparty liability, professional indemnity, and medical malpractice liability are procured to minimally comply with local regulations and meet the business needs of Business Units, Divisions, and Group; 9. Financial risk management processes are in place to address credit risk, liquidity risk, market risk, interest rate risk and foreign currency risk; 10. GIA independently audit and report findings on financial, operational and compliance controls to the AC or the Board. In addition, on annual basis, the external auditors perform statutory audit and report findings on financial controls relevant to the statutory audit to the AC; and 11. Employees must abide by the Code of Conduct and avoid any dealings or conduct that could appear to be in conflict with the Group’s interests, unless such business relationships are consented to by the Board. Adequacy and Effectiveness of the Group’s Risk Management and Internal Control Systems IHH’s Management is accountable to the Board for the implementation of the processes involved in identifying, evaluating and managing risk and internal control. In the financial year under review and up to the date of approval of this Statement, the Board has received assurances from the Group CEO, as well as the Group Chief Financial Officer, that the Group’s system of operating is adequate and effective in all material aspects, based on the risk management and internal control system of the Group. Taking into consideration the information and assurances given, the Board is satisfied with the adequacy, integrity and effectiveness of the Group’s system of risk management and internal control. For the financial year under review, there were no material control failures or adverse consequences that have directly resulted in any material losses to the Group. The measures to protect and enhance shareholders’ value and business sustainability continue to be a focal point of the Group and, therefore, the system of risk management and internal control across the Group continues to be subject to enhancement, validation and regular review. The Group’s system of risk management and internal controls does not cover associates and joint ventures. Review of the Statement by External Auditors The external auditors have reviewed this Statement on Risk Management and Internal Control pursuant to the scope set out in Audit and Assurance Practice Guide (AAPG) 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants (MIA), for inclusion in the annual report of the Group for the year ended 31 December 2024, and reported to the Board that nothing has come to their attention that causes them to believe that the statement intended to be included in the annual report of the Group, in all material respects: a) has not been prepared in accordance with the disclosures required by paragraphs 41 and 42 of the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers, or b) is factually inaccurate. AAPG 3 does not require the external auditors to consider whether the Directors’ Statement on Risk Management and Internal Control covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the Group’s risk management and internal control system, including the assessment and opinion by the Board of Directors and management thereon. The auditors are also not required to consider whether the processes described to deal with material internal control aspects of any significant problems disclosed in the annual report will, in fact, remedy the problem. Statement on Risk Management and Internal Control Governance
RkJQdWJsaXNoZXIy NDgzMzc=