143 ANNUAL REPORT 2025 MST GOLF GROUP BERHAD Element 3 Principle Adoption by the Group Control Activities 10. The organisation selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. The Group’s risk register includes key control activities, implementation timelines and status updates. Each risk is assessed by the Risk Management Working Group after considering existing and new controls to determine the adequacy of the control measures. 11. The organisation selects and develops general control activities over technology to support the achievement of objectives. The Group maintains a well-resourced Information Technology (“IT”) function to ensure the integrity, reliability, and security of its critical systems supporting Finance, Warehouse and Inventory Management, Point-Of-Sale (POS), Human Resources, Enterprise Resource Planning (ERP), and Data Management. An established IT governance framework guides the effective oversight, management, and maintenance of these systems in line with the Group’s operational and risk management requirements. 12. The organisation deploys control activities through policies that establish what is expected and procedures that put policies into action. The Group has established documented policies and procedures covering its key functions, including corporate governance, finance, retail operations, procurement, inventory management and warehouse management. Element 4 Principle Adoption by the Group Information and Communication 13. The organisation obtains or generates and uses relevant, quality information to support the functioning of internal control. The Group has systems in place, as described under Principle 11 above, that generate and provide access to high-quality information and data that is relevant, timely and reliable. 14. The organisation internally communicates information, including objectives and responsibilities for internal control, necessary to support the functional of internal control. In addition to documented job descriptions, KPIs and risk registers, regular meetings are held among the Management, Heads of Department and employees to review the achievement of objectives, internal control matters and other operational issues. Group-wide objectives are also communicated through the Group’s intranet and internal training programmes. 15. The organisation communicates with external parties regarding matters affecting the functional of internal control. The Group complies with all applicable regulatory disclosure requirements, including timely communication with shareholders and investors, as outlined in the Corporate Governance Overview Statement of this Annual Report.
RkJQdWJsaXNoZXIy NDgzMzc=