INTEGRATED ANNUAL REPORT 2024 202 203 SECTION 12: GOVERNANCE www.miscgroup.com MISC BERHAD In addition, overall tax risks of the Group are being managed, among others, through: I. Risk Register which sets out KRI in relation to non-compliance events which resulted in penalties being imposed by tax authorities. II. Tax Compliance & Control (TCC) assurance which is designed to enforce effective governance and management of tax risks for both direct and indirect tax areas; and III. Performing tax assessment covering contractual, business structure and operational tax risks as part of Project Risk Assessment (PRA). IV. Assessment of potential tax liabilities including GMT in each jurisdiction annually. The Group, however, does not have a material exposure to Pillar Two income taxes in the relevant jurisdiction. Finance Transformation Programme (FTP) MISC Group has embarked on FTP: Project Lightspeed. The primary objective of Project Lightspeed is to shift the role of Finance from transaction processing to becoming strategic business partners, by leveraging analytics and automation to enable data-driven business decisions. The objective will be achieved through the re-engineering of financial processes, internal reorganisation, implementation of modernised financial platforms and automation technologies, as well as the upskilling of finance practitioners in the Group, whilst ensuring the adequacy and effectiveness of internal controls. The Group has completed the Wave 1 initiatives whereby all Wave 1 companies have integrated into SAP S4 Hana and process harmonisation has taken place. Wave 2 initiatives have started in Q4 2024 and is expected to complete in Q4 2025. PROCUREMENT The MISC Group Procurement Transformation Programme is focused on: MISC Group Procurement Guidelines related to Category Management were launched in August 2023 and adopted in all Business Procurement Manuals across the Group; and The digitalisation of procurement processes and policies through a procurement platform which will enforce compliance to Procure to Pay policies and improve visibility of procurement activities. The Source to Contract modules were fully operational across the entire Group from February 2023 and the Procure to Pay modules are progressively being rolled out. CONTRACT MANAGEMENT MISC Group has implemented contract management digital transformation which aims to drive efficiency and automate the monitoring of contractual compliances. The system and framework will undergo continuous monitoring and evaluation to ensure a seamless contract lifecycle management experience across the organisation. PROJECT MANAGEMENT Project management of newbuilding engineering and construction for GAS Business and AET are handled by Asset Construction & Conversion (ACC) department of the Marine Services whereas the project management for Offshore is managed by the Project Delivery and Technology (PD&T) department of the Offshore unit. The primary objective of the ACC and PD&T departments is to strategise, lead and control the shipbuilding/conversion of vessels and newbuild/conversion of floaters respectively, to ensure safe and successful execution of projects within the agreed schedule and allocated budget limits. Two main functions of Marine Services ACC are: • Project engineering team, which mainly provides technical support in project bidding and contracting, feasibility and conceptual studies, retrofitting and modification projects; and • Project management team, which handles project execution post contract signing, engineering review, supervision, guarantee claim management and appraisal of builders’ performance, depending on the agreed scope of work with the project owner. The ACC continuously reviews the execution of the project against the project execution plan, which includes the planned programme, procurement schedule, factory test schedule and commissioning schedule. The ACC also provides regular reporting to management on the progress and escalating pertinent issues. The Offshore’s PD&T manages all project phases, from the bid through Front End Engineering Design (FEED), and execution until handover to the asset management team. During project execution, the team will carry out regular project reviews and risk assessments and formulates risk mitigation to ensure that appropriate actions are taken in a timely manner. Independent reviews, which may include external experts if required, are performed during the project execution phase led by MISC’s GIA. Statement on Risk Management & Internal Control INFORMATION & COMMUNICATION TECHNOLOGY (ICT) MISC Group is responsible for implementing and maintaining enterprise ICT systems and corporate applications to support core business functions. The goal is to enhance technology delivery to a Managed State by 2025. A Managed State refers to all areas of ICT being monitored, tracked and controlled through a defined process, ensuring consistency and visibility of all systems. This is to ensure the continuity of ICT systems within MISC Group to meet its availability and information security needs. ICT Risk and Governance ICT risks are governed through the following governance body: The ITPC serves as the central governance platform for evaluating and monitoring ICT strategic investments. It provides management oversight, ensures business alignment and track the progress of strategic initiatives to ensure successful implementation. The Information Technology Program Committee (ITPC) The EAC oversees ICT architecture decisions, ensuring alignment with business goals, and promoting future-proof solutions that deliver business value while minimising risk. To support this, an Enterprise Architecture Team is established under the governance of the EAC through: • The Digital Foundation and ICT Standards (DFIS), Unified Control Framework (UCF) and Project Management Procedures to ensure robust performance and risk management. • The ICT UCF defines minimum standards to enhance ICT control effectiveness across the Group, minimising risks and improving IT governance. The Enterprise Architecture Committee (EAC) CYBERSECURITY In 2024, MISC continues to execute its 5-year MISC Cybersecurity Strategic plan to continuously improve on the maturity of cybersecurity in MISC. The strategy aims to ensure MISC remain continuously protected and secured from existing and emerging threats and to improve on MISC’s cyber resiliency. MISC, recognising the increased risk to supply chain, as evident from various cybersecurity incidents globally, as well as to operational technology (OT) onboard MISC’s maritime assets due to the increased convergence of IT and OT devices, had developed new cybersecurity guidelines for third party and MISC maritime assets. The Guideline for Third-Party will require third parties, who supply systems and applications to MISC or have accesses to MISC digital resources and data comply to MISC’s cybersecurity requirements to protect and secure the confidentiality, the integrity and the availability of MISC data. In 2025, MISC will be looking to enhance the current practice to include the third-party monitoring tool for continuous monitoring of critical third parties. The Guideline for Maritime Assets ensures that MISC vessels and floating platforms maintain a cybersecurity standard to safeguard their operations, the assets and its crew, and to comply to regulatory requirements. During the development of the guideline, MISC had commissioned an independent third-party assessor to evaluate the current cyber posture of MISC vessels. While the assessment has rated the current risk as low, it has provided the necessary recommendations to further improve on the existing gaps and cyber hygiene which was taken into consideration. Statement on Risk Management & Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=