STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL • Active involvement of Directors in the operation and management of branch and subsidiary companies; • Centralised control of financial resources by head office of respective subsidiary companies; • Whistle Blowing Policy and Code are established to ensure high standards of conduct and ethics in the business operations; • Set out policies and procedures for anti-bribery and corruption and develop internal guidelines to ensure that the Group’s business is conducted in an ethical manner with integrity and honesty; • Establish COI Policy for identifying, addressing, managing and reporting actual, potential, and perceived COI, and to provide guidance on how to deal with situations involving COI as and when they arise; • Implement ISO 9001:2015 Quality Management System for certain subsidiaries of the Company. Annual surveillance audits are conducted by a certification body to provide assurance of compliance with ISO 9001:2015; • Adequate insurance coverage and physical safeguarding of major assets are in place to guard against any mishap that may result in material losses to the Group; • The internal audit function provides reasonable assurance on the effectiveness of the system of internal control within the Group. Internal audits are conducted to review the effectiveness of the control procedures and are directed towards areas with significant risks as identified by the ARMC and Management, and the risk management process is also audited to provide assurance on the management of risks; and • Review of internal audit reports and follow-up on audit findings by the ARMC. The internal audit reports are deliberated by the ARMC and are subsequently presented to the Board on a quarterly basis where the ARMC seeks clarifications from the Executive Directors on internal control matters and provided its views and recommendations on areas where improvements can be made. INTERNAL AUDIT FUNCTION During FY2024, the Group has outsourced its internal audit function to independent professional service firms, namely Axcelasia Sdn. Bhd. (formerly known as Tricor Axcelasia Sdn. Bhd.) (“Axcelasia”), up to August 2024, and subsequently, changed to Axcelasia ESG Sdn. Bhd. (formerly known as Mainstreet Governance Sdn. Bhd.) (“Axcelasia ESG”). Following the completion of a corporate restructuring exercise in December 2024, Axcelasia ESG had transferred to Axcelasia all rights and obligations as stipulated in the engagement letter entered between the Company and Axcelasia ESG. The Group has outsourced its internal audit function to external professional service firms. The firms and their assigned personnel are free from any relationships or conflicts of interest, which could impair their objectivity and independence. The internal audit function has been mandated to continually assess and monitor the Group’s system of internal control. The total cost paid or payable by the Group for the internal audit services amounted to RM52,000 for FY2024. The internal audit function adopts a risk-based approach and prepares its audit strategy and plans based on the risk profiles of individual business units of the Group. These plans are updated periodically and approved by the ARMC. The internal audit function employs the widely used internal control guidance, the Internal Control - Integrated Framework issued by the Committee of Sponsoring Organisations (“COSO”) of the Treadway Commission in assessing and monitoring the effectiveness of the Group’s internal control. The monitoring, review and reporting arrangements undertaken by the Internal Auditor gives reasonable assurance that the internal controls embedded within the major business processes of the Group are appropriate to the Group’s operations to adequately manage the key risks of the Group. The key elements of the Group’s internal audit function are described below:- 1. Prepare a detailed Internal Audit Plan based on a risk-based methodology with the scope and frequency of the internal audit activities for the ARMC’s approval. 2. Carry out internal audit activities on business units of the Group to ascertain the adequacy and integrity of their system of internal controls, governance, risk management capability and adequacy of the Management team. The assessment on recurrent related party transaction procedures is carried out annually. 3. Report to the Management upon completion of each audit on any significant control lapses and/or deficiencies noted from the reviews and the root-cause analysis results (where applicable), for their verification and corrective action plan. 4. Report to the ARMC on all significant non-compliance, internal control weaknesses, root-cause analysis results (where applicable), and agreed actions taken by Management to resolve the audit issues identified. 073 ANNUAL REPORT 2024
RkJQdWJsaXNoZXIy NDgzMzc=