149 ANNUAL REPORT 2025 MST GOLF GROUP BERHAD (d) Assesses the adequacy of internal controls relevant to financial reporting. (e) Performs such other functions as set out in its Terms of Reference. The GRSC supports the Board in overseeing enterprise-wide risk management and sustainability matters. The GRSC: (a) Reviews and recommends the risk governance structure, policies, framework, risk appetite and tolerance levels for the Board’s approval. (b) Oversees the implementation and effectiveness of the Group’s risk management and internal control framework. (c) Reviews the Group’s risk profile, including key risk exposures and mitigation plans. (d) Monitors assurance activities relating to risk management and internal controls. (e) Carries out such other responsibilities as defined in its Terms of Reference. The Executive Risk Committee is responsible for operationalising the Group’s enterprise risk management (“ERM”) framework. The Executive Risk Committee: (a) Develops and implements the approved risk management framework. (b) Proposes risk appetite and tolerance levels for Board approval. (c) Reviews risk assessments, risk registers, control measures and risk ownership assignments. (d) Monitors the implementation and effectiveness of mitigation plans and control activities. (e) Reviews residual risk level and escalates significant matters to the GRSC and the Board where necessary. (f) Conducts periodic ERM meetings and workshops to ensure risks are properly identified and assessed. The Risk Management Working Group supports the Executive Risk Committee in identifying and assessing risks across business functions. The RMWG: (a) Participates in ERM assessments. (b) Identifies existing and emerging risks within respective functions. (c) Assesses the identified risks and recommends suitable control activities and persons responsible for the control activities (risk owners). Risk Owners are accountable for managing assigned risks within their areas of responsibility. They: (a) Implement and monitor control activities in a timely and effective manner. (b) Track and report on the effectiveness of controls to the Executive Risk Committee. (c) Escalate material risk issues and recommend additional mitigation measures where necessary. Internal Audit Function The Group outsourced its internal audit function to Sterling Business Alignment Consulting Sdn Bhd (“Internal Auditors”), who provides independent assurance and serves to assist the Group to provide an adequate and effective internal control system, and reports directly to the AC on a quarterly basis. The Internal Auditors are free from any relationships or conflict of interest, which could impair their objectivity and independence of the internal audit function and do not have any direct operational responsibility or authority over any of the audited activities. The Internal Auditors adopt the COSO Internal Control – Integrated Framework as a basis in evaluating the effectiveness of internal control systems of the Group. The Internal Auditors submit a proposed risk-based internal audit plan to the AC for review and approval. Based on their internal audit reviews, observations were presented by the Internal Auditors, together with the Management’s response and proposed action plans, to the AC for review during the quarterly AC meetings. In addition, the Internal Auditors have followed up on the implementation of the recommendations from previous cycles of internal audit and updated the AC on the status of the agreed action plans.
RkJQdWJsaXNoZXIy NDgzMzc=