S E C T I O N 5 C O R P O R A T E G O V E R N A N C E 115 STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL Key Elements of Internal Control The Board acknowledges that the internal control systems are designed to identify, evaluate, monitor, and manage the risks that may hinder the Group from achieving its goals and objectives. The Manager’s Internal Control Policy and Procedures (ICPP) was designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations The ICPP is a reference tool for all employees to identify and assess operating controls, financial reporting, and legal/regulatory compliance processes and to take action to strengthen controls where needed. By developing effective systems of internal control, we can contribute to Damansara REIT Managers Sdn Berhad (DRMSB)’s ability to meet its objectives and reducing the potential liability arising from non-compliance to regulatory requirements, fraud and lack of efficiency and effectiveness in operations. This guide is designed to satisfy the basic objectives of most business systems as they relate to carrying out the responsibilities of the REIT Manager/ DRMSB. An effective check and balance control environment is fundamental for ensuring a sound internal control system in the Fund’s operations. The Board and Management are committed to maintain an effective internal control environment by continuously enhancing the design of internal control systems to ensure that they are relevant and effective to promote operational agility while ensuring corporate governance and compliance to regulatory guidelines. The key elements and/or features of internal control system established for maintaining strong corporate governance are as follows: 1. The Standard Operating Procedures (SOPs) with specified roles and responsibilities in the reporting structure to incorporate the elements of checks and balances which are aligned to the business and compliance requirements. 2. Limit of Authority (LOA) Policy is in place for approving capital expenditure and matters on financial, treasury, legal and secretarial, audit, Human Resource, Procurement & Contract Management, Investment and Corporate matters - aimed at keeping potential risk exposures under control. A revision in the LOA was tabled to the BARC on 15 November 2021 and approved at the Board on 2 December 2021. In relation to this, the REIT Manager has formulated the Procurement Policy with the objectives of ensuring alignment of procurement practices across departments and business units within the Johor Corporation Group of companies and adoption of the following best practices which includes transparency in processes and management of integrity risks. The policy was approved by the Board on 18 February 2021. The Investment Policy was set up with the objectives of: • To have a framework for disciplined approach to investing • To establish reasonable expectations and guidelines for investment and divestments • To create a diversified investment portfolio that can generate acceptable medium-to-long term returns at reasonable risk tolerance levels • To establish governance for monitoring investment performance The Investment Policy was approved by the Board on 18 February 2021. 3. Documented policies and procedures are also in place subject to review every now and then to ensure that it maintains its effectiveness to support the REIT’s business activities. These include the ERM Framework, Internal Control Policy Manual, Compliance Framework and Policy. The Manager has revised its the Business Continuity Management (BCM) and Disaster Recovery Plan (DRP) Policy, which was approved by the Board on 25 January 2021. 4. The BCM Drill/ testing is undertaken annually, and the results presented to the BARC and the Board for their notation. The Company has also undertaken an IT Risk assessment and Penetration Test which was concluded on 12 April 2021 and presented to the Board on 19 May 2021. Based on the outcome of the IT Risk, the Management has formulated the IT Policy which was recommended by the BARC and approved by the Board on 15 November 2021 and 2 December 2021 respectively.
RkJQdWJsaXNoZXIy NDgzMzc=