ANNUAL REPORT 2025 101 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL The internal audit function adopts a risk-based approach and prepares its audit strategy and plans based on the risk profiles of individual business units of the Group. These plans are updated periodically and approved by the ARMC. The internal audit function employs the widely used internal control guidance, the Internal Control - Integrated Framework issued by the Committee of Sponsoring Organisations (“COSO”) of the Treadway Commission in assessing and monitoring the effectiveness of the Group’s internal control. The monitoring, review and reporting arrangements undertaken by the Internal Auditor gives reasonable assurance that the internal controls embedded within the major business processes of the Group are appropriate to the Group’s operations to adequately manage the key risks of the Group. The key elements of the Group’s internal audit function are described below:- 1. Prepare a detailed Internal Audit Plan based on a risk-based methodology with the scope and frequency of the internal audit activities for the ARMC’s approval. 2. Carry out internal audit activities on business units of the Group to ascertain the adequacy and integrity of their system of internal controls, governance, risk management capability and adequacy of the Management team. The assessment on recurrent related party transaction procedures is carried out annually. 3. Report to the Management upon completion of each audit on any significant control lapses and/or deficiencies noted from the reviews and the root-cause analysis results (where applicable), for their verification and corrective action plan. 4. Report to the ARMC on all significant non-compliance, internal control weaknesses, root-cause analysis results (where applicable), and agreed actions taken by Management to resolve the audit issues identified. 5. The internal audit results are communicated with ratings on the overall adequacy and effectiveness of Management’s risk management and internal control in relation to the approved internal audit focus (coverage) areas. This rating reflects the internal audit conclusion or opinion. Each internal audit finding is assigned an implementation priority rating, indicating the urgency of the corrective action. 6. Follow-up on internal audit issues identified to ascertain whether the agreed corrective action plan has been carried out by the Management and provide updates to the ARMC. During the financial year, the internal auditors carried out internal audit reviews on safety and health management, related party transactions, procurement management and property, plant and equipment management, to assess the adequacy and integrity of the system of internal control as established by the Management. There were no significant failings or weaknesses in internal controls which resulted in material losses during the financial year under review until the date of approval of this Statement. Corrective actions on any weaknesses or noncompliance matters have been taken by Management as stated in the scheduled deadline. REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS The External Auditors, Messrs. Ernst & Young PLT have performed limited assurance procedures on the Statement in accordance with Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagement Other Than Audits or Reviews of Historical Financial Information and Audit and Assurance Practice Guide (“AAPG”) 3 - Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control as issued by the Malaysia Institute of Accountants, included in this Annual Report of the Group for the year ended 31 December 2025. Messrs. Ernst & Young PLT have reported to the Board that nothing has come to their attention that causes them to believe the Statement on Risk Management and Internal Control included in this Annual Report is not prepared, in all material respects, in accordance with the disclosures required by Section 7 of the Statement on Risk Management and Internal Control (“SORMIC”): Guidelines for Directors of Listed Companies (“SORMIC Guide 2025”), nor is the SORMIC factually inaccurate. Principles of AAPG 3 does not require the External Auditors to consider whether the Directors’ Statement on Risk Management and Internal Control covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the Group’s risk management and internal control system including the assessment conducted by the Directors and management thereon. This statement is made in accordance with the resolution of the Board of Directors dated 8 April 2026.
RkJQdWJsaXNoZXIy NDgzMzc=