157 CORPORATE GOVERNANCE 3rd Level of Defence: Internal Audit and BARC - Assurance about mitigation effectiveness - Reporting to BARC - Advisory role to improve process Key Features of Internal Control The key elements and/or features of the internal control system established for maintaining strong corporate governance are as follows: (a) Organisation Structure and Reporting Lines The organisation structure and delegation of responsibilities are communicated across all levels, from the Board to the project/ risk owners in the organisation which set out, amongst others, authorisation levels, segregation of duties and other risk and control procedures. The Board and Board Committees are supported operationally by the Management Committee headed by the CEO. The Management Committee meeting ("MCM") convenes on a fortnightly basis to discuss on strategic business plans, ongoing operational matters and the REIT’s financial performance hence has oversight of the REIT’s operations and maintenance of effective control. In addition, ad-hoc meetings to discuss the progress of high-risk corporate projects and exercises. In the absence of the CEO, the Management Committee meetings are chaired by the General Manager as an Acting Chairman. (b) Internal Audit To ensure an independent and objective assurance of the adequacy and effectiveness of the internal control system, the REIT Manager outsources the internal audit function of the REIT to an independent professional consulting firm, Messrs. PKF Risk Management Sdn Bhd (“PKF”). PKF adopts the International Professional Practices Framework (“IPPF”) in carrying out internal audit assignments by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls, and governance processes. The team from PKF is led by Dr. Wong Ka Fee, the Director of Risk and Governance Advisory. He possessed doctoral degree in Behavioural Finance and Master of Science in Management Consultancy. Dr. Wong Ka Fee has over 15 years of experience in a wide range of governance advisory, risk and internal audit work. The Internal Audit Team ("IAT") at PKF consists of 10 permanent internal audit personnel staff who are qualified in the areas of internal audit and assurance. All the internal PKF audit personnel involved are free from any relationships or conflicts of interest, which could impair their objectivity and independence. Audit reviews and engagements are carried out based on a risk-based annual internal audit plan approved by the BARC. PKF executes the audit engagements with regard to risk exposures, compliance with policies and procedures, relevant laws and regulations, and against best practices. PKF then provides the BARC with periodic reports, highlighting observations, recommendations and action plans to improve the organisation’s internal control system. In addition, special reviews and scope extensions were also undertaken as required by the BARC and management. (c) The Standard Operating Procedures The Standard Operating Procedures with specified roles and responsibilities in the reporting structure incorporate the elements of checks and balances which are aligned to the business and compliance requirements. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROLS
RkJQdWJsaXNoZXIy NDgzMzc=