Effective Stewardship Through Good Governance Effective Stewardship Through Good Governance Press Metal Aluminium Holdings Berhad 82 83 Integrated Annual Report 2023 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL INTRODUCTION In accordance with Paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) of Bursa Malaysia Securities Berhad’s (“Bursa Malaysia”), the Board of Directors of public listed companies are required to include in their annual report a statement about the state of risk management and internal control of the listed issuer as a group. The Malaysian Code on Corporate Governance requires listed companies to maintain a sound system of internal control to safeguard shareholders’ investments and the group’s assets. Set out below is the Board’s Statement on Risk Management and Internal Control, which has been prepared in accordance with the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers (“the Guidelines”). BOARD RESPONSIBILITY The Board is committed to maintaining both a sound system of risk management and internal control and the proper management of risks throughout the operations of the Group. The Board acknowledges that it is ultimately responsible for the Group’s system of internal control including the establishment of an appropriate control environment and framework, which encompass financial, operational and compliance controls, and risk management. The Board is responsible for ensuring the key risks of the Group are reviewed and managed adequately, as well as evaluating the adequacy and effectiveness of the risk management and internal control system on an ongoing basis. This process has been in place for the financial year under review and up to the date of approval of this statement for inclusion in the annual report. The Board believes the risk management and internal control system in place are adequate and effective to manage the risk of the Group. In view of the limitations inherent in any process, the Group has established a system of internal control and risk management designed to mitigate the risks that may impede the Group from achieving its objectives. As risks cannot be eliminated completely, the system can only provide reasonable, but not absolute assurance against material misstatements, losses or occurrences of unforeseeable circumstances. INTERNAL AUDIT FUNCTION AND RISK MANAGEMENT FRAMEWORK The Board delegates the responsibility of monitoring the system of risk management and internal control to the Risk Management Committee (“RMC”) and Audit Committee (“AC”). Notwithstanding the delegated responsibilities, the Board retains its overall responsibility in the establishment and oversight of the Group’s risk management framework and internal control system. The Board recognises that the internal control system are designed to manage and minimise rather than eliminate and avoid occurrences of material misstatements or unforeseen circumstances, fraud or losses. This statement does not deal with the associates and joint operation of the Group. Assessments on the adequacy, efficiency and effectiveness of the internal control of the associates and joint operation are performed under the purview of their respective established governing procedures. Risk Management Committee The RMC was established to assist the Board in providing oversight, direction and counsel on the overall risk management process, establishing and reviewing the risk management framework, process and responsibilities as well as assessing whether they provide reasonable assurance that risks are managed within tolerable limits. The specific duties of the RMC are as follows: 1. Review the adequacy of the scope, function, authority and resources of the Risk Management Department; 2. Provide oversight, direction and counsel to the risk management process to ensure that appropriate risk management policies, framework and processes are implemented; 3. Review the Group’s risk profile and ensure that potential significant risks, including ESG risks that are outside tolerable ranges are addressed with appropriate and effective preventive and mitigation actions; 4. Monitor and evaluate the risk profile and risk appetite of the Group; 5. Review and monitor the integration of ESG risks into the Group’s risk management framework; and 6. Conduct periodic review of the Group’s Risk Management Policy and Framework. Statement on Risk Management and Internal Control INTERNAL AUDIT FUNCTION AND RISK MANAGEMENT FRAMEWORK (CONT’D) Risk Management Committee (cont’d) The RMC holds quarterly meetings to review the key risks and, at the same time, ensure that mitigation plans are in place to manage such risks. The adequacy and effectiveness of the controls and the robustness of the mitigation actions are also addressed. The Group recognises the importance of the identification and assessment of ESG and climate-related risks and has included them as part of the Enterprise Risk Management process. This is to strengthen the resilience of the Group in achieving its longterm business objectives amidst the challenges associated with climate change. The inclusion of climate-related risks is also in line with the recommendations of the Task Force on Climate-related Financial Disclosure (“TCFD”). The Sustainability Committee reports to the RMC on sustainability risks as a coordinated approach for the Company’s long-term sustainability plan. The Company has a Risk Management Policy which guides the overall best practice of identifying, evaluating, managing, reporting and monitoring the evolving risks faced by the Group and specific measures to mitigate these risks. The emphasis is to effectively reduce the impact of risks, respond to immediate risk events and recover from any material business disruption to ensure continuity and sustainability of key business activities and achievement of business objectives. Risk Management Department The Risk Management Department (“RMD”) assists the Board and RMC in discharging their risk management responsibilities. RMD is structured to provide adequate support to the Head Office and Business Units with regard to risk management implementation and monitoring. The RMD is mainly responsible for the following: 1. Outlining the strategic framework to guide the priorities and direction of the Group’s risk management activities; 2. Developing the appropriate risk management guidelines; 3. Monitoring risk exposure and tolerance limits across the Group; 4. Providing the necessary guidance and support for the risk management activities of the Group; and 5. Assessing the effectiveness of the preventive and mitigating controls implemented. The RMD continuously enhances the risk reports with guidance from the RMC members. The Risk Dashboard and Key Risk Indicators are tools that assist the Management and Board members in focusing on the Group key risks. Audit Committee For the current year, both the outsourced internal auditors and in-house internal auditors assisted the AC to fulfill its responsibilities by conducting internal audits in accordance with audit plans reviewed and approved by the AC. A risk-based approach is adopted via the development of internal audit policies, establishment of annual audit plans, audit work processes and audit work reporting. The AC reviewed the adequacy of the scope, functions, competency and resources of the internal audit function to ascertain its effectiveness in discharging duties assigned. The details on the Internal Audit function are further explained on page 79 to 81 of this IAR 2023. During the year, the outsourced internal auditors conducted four (4) audits covering one (1) business function and the in-house internal auditors conducted twenty-three (23) audits covering thirty (30) business functions. The internal auditors also conducted follow up reviews on the implementation status of action plans previously agreed by Management. The results of the internal audits and recommendations for improvement co-developed with Management were tabled at the AC meetings for discussion and assessment. Key and significant issues were reported to the Board by the Chairman of the AC for further deliberation.
RkJQdWJsaXNoZXIy NDgzMzc=