Al-`Aqar Healthcare REIT Annual Report 2020

Governance Structure 93 Statement on Risk Management and Internal Control Internal Audit The Manager outsources its Internal Audit Function, which reports independently to the BARC to provide the Board with adequate assurance it requires regarding the adequacy and effectiveness of risk management, internal control and governance processes. The Internal Audit Team (“IAT”) adopts a risk-based approach in executing the annual audit plan that focuses on major business units and/or operations. The annual audit plan is reviewed and approved by the BARC. The IAT reports directly to the BARC on the outcome of its appraisal of the operational activities. Significant audit findings are presented and deliberated by the BARC on a quarterly basis or as appropriate. The IAT also monitors the implementation of audit recommendations in order to obtain assurance that all major risks and controls measures identified have been reasonably addressed by the management in an effective and timely manner. Board Review The Board is of the view that the risk management and internal control system in place throughout the year under review and up to the date of approval of this Statement is sound and sufficient to safeguard the interests of the Fund’s stakeholders, their investments and the Fund’s assets. Additionally, the Board regards the risks faced by the Manager/Fund are within its tolerance levels in relation to its business and strategic objectives. The Board is not aware of any material losses or fraud during the year under review as a result of weaknesses in internal control. The management is continuously taking necessary measures to improve and strengthen the risk management and internal control system of the Manager/Fund. Review of the Statement by External Auditors The External Auditors have performed limited assurance procedures on this Statement on Risk Management and Internal Control (“Statement”) in accordance with Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagements other than Audits or Reviews of Historical Financial Information and AAPG 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report. They have reported to the Boards that nothing has come to their attention that causes them to believe the Statement intended to be included in the Annual Report is not prepared, in all material respects, in accordance with the disclosures required by Paragraphs 41 and 42 of Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers nor is the Statement factually inaccurate. This Statement is made in accordance with the resolution of the Board of Directors on 18 February 2021.