INTERNAL AUDIT FUNCTION The Group has outsourced the internal audit function to a professional service firm, which is independent of the activities and operations of the Group, to review the adequacy and effectiveness of the internal control system of the Group. The outsourced internal auditors, which report directly to the Audit Committee, conducted internal control assessment on the Group in order to identify areas for improvement, besides compliance with internal best practices, guidelines and objectives. During the financial year under review, the outsourced internal auditors have carried out an internal control assessment based on the internal audit plan for the FYE 31 August 2025 as approved by the Audit Committee, covering the following subsidiaries and functional areas/sections: i. Sasbadi Sdn Bhd • Management Information System / Information Technology, in respect of software and hardware maintenance and management, software licensing management, purchasing / disposing of computer software and hardware procedures, virus protection and security, disaster recovery / business continuity planning procedures, access security and data integrity control procedures, data backup and restore policies and procedures and general cyber security control procedures. • Personal Data Protection, in respect of personal data collection policies, processes and procedures, consent, purpose limitations and type of data collection and verification procedures, data storage security and protection policies and control procedures, monitoring procedures for specified control measures for data loss, misuse, modification, unauthorised or accidental access, disclosure, alteration, or destruction, etc., updating personal data processes and procedures, inactive personal data management, retention period and cessation of the personal data procedures, data protection officer / compliance person, compliance execution procedures, personal data breach handling and management, data breach notification processes and procedures and governance of overall personal data protection act compliance (data subject rights, third party data sharing, transparency, governance, risk assessment and related legal and regulatory). II. Edu Paper And Stationery Sdn Bhd • Sales and Marketing, in respect of new market identification processes and procedures, distributor / agent appointment processes and procedures, costing computation processes and procedures, pricing control processes and procedures, customer order processing, selling and distribution expenses allocation processes and procedures, credit application and evaluation processes and procedures, goods return management, customer retention management, performance monitoring and reporting and implementation process of business development strategy. • Finance and Accounts, in respect of billing and revenue recognition processes and procedures, collection processes and procedures, credit and accounts receivable management, payment processes and procedures, cash flow management processes and procedures, limits of authority, intercompany transactions processes and procedures, staff claims processes and procedures, debit note and credit note processes and procedures, capital asset management processes and procedures, procedures for the related party transactions / recurrent related party transactions, and inventory valuation processes and procedures. iii. Follow-up review on previously reported audit findings to ensure weaknesses identified have been or are being addressed. Upon completion of the work, the outsourced internal auditors presented their reports to the Audit Committee during the quarterly meetings whereby the outsourced internal auditors’ findings and recommendations as well as the Management’s responses and action plans were deliberated. WEAKNESSES IN INTERNAL CONTROLS WHICH RESULTED IN MATERIAL LOSSES, IF ANY During the FYE 31 August 2025 and up to the date of approval for issuance of this Statement, there were no material losses incurred by the Group arising from weaknesses in its internal control system. SASBADI HOLDINGS BERHAD 70 Statement On Risk Management And Internal Control (conঞ nued)
RkJQdWJsaXNoZXIy NDgzMzc=