05 / HOW WE ARE GOVERNED 01 02 03 04 06 07 08 09 143 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Aside from Group Compliance, the three (3) other departments of GCE undertake functions to review and monitor compliance in their respective areas. In this respect, the Group Financial Crime Compliance, Group Regulatory Affairs and, Group Business Ethics and Integrity provide timely, structured, and comprehensive advice, as well as support to the Group on matters relating to the laws, rules, and regulations applicable to the Group. GCE has also implemented a self-assessment framework to facilitate and promote regulatory compliance by the business within the Group. For this purpose, a list of identified laws, regulations and other regulatory instruments applicable to the Group are documented and maintained to facilitate compliance. Please refer to the ‘Ethics and Compliance Statement’ for more details on functions, roles and responsibilities of GCE. Internal Audit GIA provides independent and objective assurance to the Board that the established internal controls, risk management and governance processes are adequate and are operating effectively and efficiently. To ensure independence and objectivity, GIA reports independently to the AC of KIBB and has no responsibilities or authority over any of the activities it reviews. GIA’s scope of work and activities are guided by the Internal Audit Charter, mandatory elements of The Institute of Internal Auditors’ Global Internal Audit Standards and relevant regulatory guidelines. An Annual Audit Plan based on the appropriate risk-based methodology has been developed and approved by the AC. On a quarterly basis, audit reports and status of internal audit activities including the sufficiency of GIA resources are presented to the AC for review. Periodic follow-up reviews are conducted to ensure adequate and timely implementation of Management’s action plans. Associate and Joint Venture Companies The Board does not regularly review the internal control systems of associate and joint venture companies as the Board does not have any direct control over their operations. Notwithstanding this, the Group’s interests are served through representation on the Boards of the respective companies via receipt and review of management accounts, periodical reports as well as deliberation on proposals related to these companies. Such representation also provides the Board with information for decision-making on the continuity of the Group’s investments based on the performance of these associate and joint venture companies. Conclusion The Board, through the AC and the GBRC, confirms that it has reviewed and considered the effectiveness of the Group’s risk management and internal control system as adequate during the financial year and has taken into consideration any material developments up to the date of approval of the Annual Report and Audited Financial Statements for the Financial Year Ended 31 December 2025. The main financial risk areas faced by the Group and the guidelines and policies adopted to manage them are provided in detail under Note 51 of the Audited Financial Statements of KIBB for the Financial Year Ended 31 December 2025. The Board is satisfied that there is an effective ongoing process for identification, evaluation and management of risks and there are regular reviews to ensure controls are efficient and effective. Review of the Statement by External Auditors As required by Paragraph 15.23 of the MMLR of Bursa Malaysia, the external auditors have reviewed this Statement on Risk Management and Internal Control. Their review was performed in accordance with the principles of Audit and Assurance Practice Guides (“AAPG”) 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants. Based on the review, the external auditors have reported to the Board that nothing has come to their attention that causes them to believe that this Statement is inconsistent with their understanding of the process that the Board has adopted in the review of the adequacy and integrity of the internal controls of the Group. AAPG 3 does not require the external auditors to, and they did not, consider whether this Statement covers all risks and controls, or to form an opinion on the effectiveness of the Group’s risk and control procedures. This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board dated 29 January 2026.
RkJQdWJsaXNoZXIy NDgzMzc=