STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL The Board is pleased to present this Statement on Risk Management and Internal Control (“Statement”), which outlines the main features of the Group’s risk management and internal control systems for FYE 2025. This Statement is made pursuant to Paragraph 15.26(b) and Practice Note 9 of MMLR and is guided by the Statement on Risk Management and Internal Control Guidelines for Directors of Listed Companies (“SORMIC Guide 2025”) issued by the Institute of Internal Auditors Malaysia and adopted by Bursa Securities. BOARD RESPONSIBILITIES The Board recognises that sound risk management practices and effective internal controls are fundamental to the Group’s governance framework and the achievement of the Group’s strategic and operational objectives. In this regard, the Board is responsible for, amongst others: • overseeing the adequacy and effectiveness of the Group’s risk management and internal control systems; • reviewing and approving the Group’s risk appetite and tolerance levels in alignment with the Group’s strategic objectives and operational requirements; • ensuring that key risks are identified, assessed and managed appropriately; • assessing and strengthening the Group’s overall governance, risk management and internal control systems; • ensuring Management implements remedial actions to address identified control weaknesses within agreed timelines; and • integrating sustainability-related and ESG considerations into the Group’s overall risk management approach, in line with evolving regulatory expectations and stakeholder priorities. While the Board assumes ultimate responsibility for the adequacy and integrity of the Group’s risk management and internal control systems, the ARMC supports the Board by reviewing and overseeing the adequacy and effectiveness of the risk management and internal control systems on a regular basis. Through the ARMC, the Board is kept informed of all significant financial or non-financial issues brought to the attention of the ARMC by the Management team, the Internal Auditor and External Auditor. The Group’s risk management and internal control systems are designed to manage risks within an acceptable level, rather than to eliminate the risk of failure. Accordingly, it can provide only reasonable, and not absolute, assurance against material misstatement, loss, fraud or other unforeseen circumstances, having regard to inherent limitations. RISK MANAGEMENT SYSTEM The Group’s risk management and internal control systems are designed to proactively identify, assess and manage risks, safeguard the Group’s assets, promote operational efficiency, and maintain the stakeholders confidence. The Group’s Enterprise Risk Management (“ERM”) Framework adopts ISO 31000:2018 Risk Management Guidelines, which provide principles, framework and process for managing risk. No material joint venture or associate was excluded from the Group in applying the risk management and internal control systems. Risk management is embedded across the Group through a defined governance and reporting structure involving the Board, ARMC, Executive Committee (“EC”), Governance, Risk and Compliance (“GRC”) and Heads of Department (“HODs”). 133 Annual Report 2025
RkJQdWJsaXNoZXIy NDgzMzc=