INTERNAL AUDIT FUNCTION (CONT’D) Functionally, the Internal Auditor reports directly to the ARMC. Upon conclusion of each engagement, the Internal Auditor presented the Internal Audit Reports covering internal audit findings, together with the corresponding root-cause analysis and recommendations, to the ARMC for deliberation. The Management is tasked to implement the necessary corrective actions to address the internal control weaknesses identified, and follow-up reviews are conducted at a later date by the Internal Auditor to verify implementation within the stipulated timelines. Based on the internal audit reviews conducted by Baker Tilly Malaysia, there were no significant weaknesses identified in the Group’s internal control system that would have a material impact. REVIEW OF THE STATEMENT BY THE EXTERNAL AUDITOR The External Auditor has reviewed this Statement for FYE 2025 for inclusion in this Annual Report as required by Paragraph 15.23 of MMLR. Their review was conducted in accordance with the Audit and Assurance Practice Guide 3 (“AAPG 3”): Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in Annual Report issued by the MIA and is based on the International Standard on Assurance Engagements 3000 (Revised) (“ISAE 3000 (Revised)”) issued by the IAASB. AAPG 3 does not require the External Auditor to form an opinion on the adequacy and effectiveness of the risk management and internal control systems of the Group. Based on the procedures performed and evidence obtained, nothing has come to the External Auditor’s attention that causes them to believe that the Statement on Risk Management and Internal Control intended to be included in the annual report is not prepared, in all material respects, in accordance with the disclosures required by section 7 of the SORMIC Guide 2025, nor is the Statement on Risk Management and Internal Control factually inaccurate. MANAGEMENT’S ASSURANCE The Board has received assurance from the Group Executive Director / Group CEO and Group Chief Financial Officer, representing the Management, that the Group’s risk management and internal control systems have been operating adequately and effectively in all material aspects during the financial year under review and up to the date of approval of this Statement. CONCLUSION The Board is of the view that the Group’s risk management and internal control systems have operated adequately and effectively for the financial year under review and up to the date of approval of this Statement, in all material aspects, and remains aligned with the Group’s business objectives and risk appetite. The Board is not aware of any material losses, contingencies or uncertainties arising from weaknesses in the Group’s risk management and internal control systems that would require separate disclosure in this Annual Report. The Board remains committed to continuously enhancing the Group’s risk management and internal control systems to remain responsive to the evolving operating environment, including emerging risks and sustainability-related risks. This Statement was approved by the Board on 13 April 2026. 137 Annual Report 2025
RkJQdWJsaXNoZXIy NDgzMzc=