MSTGOLF Integrated Annual Report 2023

135 ANNUAL REPORT 2023 MST GOLF GROUP BERHAD The Internal Auditors provide independent and objective assurance to the Board and Audit & Risk Management Committee, as well as advice to all levels of the organisation, on all matters related to the achievement of the Group’s objectives including the monitoring and effectiveness of risk controls. The Internal Auditors are free from any relationships or conflict of interest, which could impair their objectivity and independence of the internal audit function and do not have any direct operational responsibility or authority over any of the audited activities. RISK MANAGEMENT AND INTERNAL CONTROL DURING THE FINANCIAL YEAR ENDED 31 DECEMBER 2023 During the financial year ended 31 December 2023: The Board has adopted the Enterprise Risk Management Policy which provides references of the intents and lays out the fundamentals of risk management practices in the Group as described above. In the policy, the Board has established the Group’s risk appetite matrix. The Executive Risk Committee has conducted multiple rounds of trainings for the Risk Management Working Group to raise awareness on the importance of embedding risk management in their respective functions as well as to equip them with the methods of the Group’s risk management framework. The Executive Risk Committee has conducted multiple rounds of workshops with the Risk Management Working Group to produce comprehensive risk registers of the various departments and functions, which include risk ratings and control activities. The Executive Risk Committee has presented, to the Audit and Risk Management Committee and the Board, risk management reports that contain the risk registers for the various functions within the Group. The Risk Management Working Group and Risk Owners have begun implementing the risk control activities determined during the abovementioned workshops. This includes setting up new policies and procedures, as well as revising existing ones. The Board via the Audit and Risk Management Committee has reviewed and approved the appointment of Sterling Business Alignment Consulting Sdn Bhd as the Group’s Internal Auditors. The Executive Risk Committee has the following roles and responsibilities: 1. Develop an effective risk management framework for the Board’s approval. 2. Propose suitable risk appetite and tolerance for the Board’s approval. 3. Review and regulate the outcomes of the Risk Management Working Group, including the identified risks, risk ratings, control activities and risk owners. 4. Ensure the implementation of control activities and monitor their effectiveness, including the assignment of risk owners. 5. Conduct periodic reviews of the risk register (at least once a year) and determine the acceptability of the residual risks of the Group. 6. Review and recommend strategic risk management decisions including major investments and transactions. 7. Conduct ERM meetings or workshops to establish a risk register. The Risk Management Working Group has the following roles and responsibilities: 1. Participate in ERM meetings or workshops conducted by the Executive Risk Committee. 2. Suggest existing or potential risks associated with the various functions of the Group that may arise from time to time. 3. Assess the identified risks and propose suitable control activities and persons responsible for the control activities (risk owners). Risk Owners have the following roles and responsibilities: 1. Execute or supervise the execution of their control activities in a timely manner. 2. Gather and compile data for the measurement of their control activities’ effectiveness for reporting to the Executive Risk Committee. 3. Provide continual feedback on the effectiveness of their control activities. 4. Suggest additional appropriate control activities for their risks if necessary.

RkJQdWJsaXNoZXIy NDgzMzc=