PRINCIPAL B: EFFECTIVE AUDIT AND RISK MANAGEMENT (CONT’D) I. AUDIT COMMITTEE (CONT’D) The internal audit process adopts a risk-based methodology to assess the internal controls established by Management. During the FY2025, audit engagements included: l Interviews and consultations with key management personnel; l Comprehensive reviews of established policies, procedures, and discretionary authority limits; and l Substantive testing of the internal controls on a sample basis. The results of these internal audit reviews, including action plans to address identified weaknesses and recommendations for enhancements, are reported to the AC, who then provides a detailed report to the Board. The internal audit activities for FY2025 were executed in accordance with the annual audit plan approved by the AC. The scope of business process audits encompassed: l Logistics Department l Telemarketing Department l Human Resources Department l Industrial Relations Department l Information Technology Department l Operation Department The composition of the AC undergoes an annual review by the NC and is subsequently recommended to the Board for approval. Based on the results of the evaluation conducted during FY2025, the Board expressed satisfaction with the AC’s performance in discharging its responsibilities. For further details on the activities undertaken by the AC, please refer to the AC Report of this IAR2025. II. RISK MANAGEMENT AND INTERNAL CONTROL FRAMEWORK Risk management is a pivotal element of good management practice and effective corporate governance. Our Risk Management Policy ensures that the Board’s decision-making is supported by sufficient information, fostering informed discussions and considerations. The enhanced levels of risk discourse and heightened Management engagement are imperative to ensure that appropriate monitoring and mitigation measures are embedded to support the proposals under discussion. The Board fulfils its risk governance and oversight obligations through its Risk Management Committee (“RMC”), which comprises two (2) Independent Non-Executive Directors and one (1) Non-Independent Non-Executive Director. The RMC is entrusted with managing the Group’s overall risk exposure. In addition to reviewing the adequacy and efficacy of the Group’s internal control system, the RMC also assesses and monitors the effectiveness of risk management frameworks and controls. The Board is committed in driving a proactive risk management approach and ensuring that the Group’s employees possess a comprehensive understanding of risk management principles. This commitment aims to cultivate a sustainable risk management culture throughout the organisation. The Board will continue to challenge the Group’s risk reporting mechanisms and advocate for a data-driven approach to capture and quantify exposures where applicable and necessary. The Board is confident that the system of internal controls and risk management implemented during FY2025 is sound and sufficient to safeguard the Group’s assets, protect shareholders’ investments, and uphold the interests of stakeholders. For further details of the Risk Management and Internal Control Framework, please refer to the Risk Management and Internal Control Statement of this IAR2025. CORPORATE GOVERNANCE OVERVIEW (cont’d) 162
RkJQdWJsaXNoZXIy NDgzMzc=