The provisions for Integrity & Compliance (i.e., Code of Conduct for Business Partner, Business Partners Letter of Declaration), HSSE Management Requirements are incorporated accordingly in the procurement terms and conditions to create awareness on our anti-bribery, anti-corruption, safety and accountability policies amongst our suppliers and contractors at the early stage of engagement with these stakeholders. Insurance on Assets Sufficient insurance coverage and physical safeguards on the Group assets, including its human resources are in place to ensure adequate coverage against any mishaps that could result in material loss. Coverage typically includes damage to or theft of assets; liability coverage for the legal responsibility to others for accidents, bodily injury or property damage; and medical coverage for the cost of treating injuries and illnesses, rehabilitation and fatalities. Insurance coverage is reviewed regularly to ensure sufficient coverage in view of changing business environment or assets. Business Continuity Management Business Continuity Management (“BCM”) is defined as an allrounded management process that recognises possible threats to a company and the effects on business operations it may cause, and offers an outline for building organisational flexibility with the aptitude for an effective response that protects the interests of its key stakeholders, reputation, brand and value-creating actions. UEM Edgenta continues to deliver an effective BCM programme as part of its efforts to enhance organisational resilience that enables effective response to continue operations and deliver critical services in the event of any crisis and disruption. Human Resources Management UEM Edgenta’s internal controls are realised and supported by a formal organisational structure. This official structure is made of defined lines of authority, responsibility and accountability. These lines of authority, responsibility and accountability are continuously and transparently updated and improved to demonstrate good governance. Talent acquisition policies and guidelines are established within UEM Edgenta and its subsidiaries. This is to ensure the selection of suitable candidates who meet the job requirements and core competencies for the role in UEM Edgenta. Potential candidates will go through a structured recruitment process which includes interviews by the hiring manager and relevant stakeholders; and for certain roles, additional assessments would be applicable. A thorough and complete pre-employment background screening which includes medical screening, checks on past employment records, education and qualification records, credit records, criminal records, directorship and reference check, would be performed before the job offers are issued. This is a control measure to minimise the risk to the Company. To ensure that we are able to develop a capable, agile and competitive workforce, employees are provided with structured internal technical and soft skills training, mobility opportunities and external development programmes, as well as professional certification opportunities for identified employees. Technical skills training is also prioritised through the development of a technical competency framework and subsequent development interventions. These interventions are tied back to the Individual Development Plan of our employees. Management Information Systems (“MIS”) The Group is continually investing in tools and solutions to migrate processes, people, and technology to the cloud for improved data collection, analysis, and evaluation of organisational development and operational performance. To maximise the benefits of cloud computing, the Group has established partnerships with Microsoft and Alibaba, utilising both the Azure and Alibaba cloud platforms for hosting, deploying, and managing systems and applications. The Group has also converted its data centre into a hybrid cloud, primarily hosting development and test environments, which facilitates seamless deployment across different clouds. With this transition to cloud computing, the Group can allocate its resources more effectively, freeing them from managing physical hardware, networks, and infrastructure, and instead focusing on enhancing its digital capabilities to digitise and transform core business operations. This investment in cloud-related technologies also accelerates application development and simplifies technical operations. The Group places a high priority on cyber security and adopts adequate governance measures, such as implementing robust access controls and conducting security audits, at the earliest stages of software development. This proactive approach helps to ensure compliance with industry regulations and protects against evolving cyber threats. The Group carefully balances the advantages of utilising cloud technology with the requirement to maintain the confidentiality and integrity of data through regular assessments and updates. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Disaster Recovery Planning The Group’s Business Continuity Management (BCM) process encompasses Disaster Recovery Planning to secure its data, systems, and applications stored in the cloud with backup and protection in a safe location. Quick access to company data ensures seamless business continuity, minimising downtime and preserving productivity. Joint Ventures and Associates The disclosures in this statement do not include the risk management and internal control practices of the Group’s joint venture and associate companies, as the Board does not have any direct control over their operations. The Group’s interests in these entities are safeguarded through the representation on the Boards of the respective companies where management accounts and periodical reports are received and reviewed, as well as deliberation on proposals related to these companies. Such representation also provides the Board with information for decision-making on the continuity of the Group’s investments based on the performance of the Group’s joint venture and associate companies. Internal Audit The Group has established its own Internal Audit Department (“IAD”) to carry out the internal audit function of the Group. IAD reports functionally to the Audit Committee (“AC”) and administratively to the Managing Director/Chief Executive Officer. The IAD regularly reviews the Group’s systems of internal controls and evaluates the adequacy and effectiveness of the controls, risk management and governance processes implemented by the management. The reviews conducted are based on the risk-based Annual Audit Plan approved by the AC. The results of audit reviews, including status of management action plans to address gaps identified in the governance processes, risk management processes and controls during the engagements are reported regularly to the AC for deliberation. The Group has also established a Management Audit Committee (“MAC”) to ensure effective actions are taken to address internal control weaknesses and proper closures of all audit issues and areas for improvement highlighted by the IAD. The MAC is chaired by the Managing Director/Chief Executive Officer and holds its meeting regularly. Internal control weaknesses and areas for improvement regarding risk management and governance identified during the financial period under review have been or are being addressed by the management. None of the weaknesses identified have resulted in any material loss that would require disclosure in the Group’s financial statements. ASSURANCE FROM MANAGEMENT The Board has received assurance from the Managing Director/ Chief Executive Officer and Chief Financial Officer that a review on the adequacy and effectiveness of the risk management framework and internal control system has been undertaken and the Group’s risk management and internal control system are operating adequately and effectively, in all material aspects, based on the risk management and internal control system of the Group. REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS The External Auditor has performed limited assurance procedures on this Statement on Risk Management and Internal Control in accordance with the Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information and Audit and Assurance Practice Guide 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants (“MIA”) for inclusion in the Annual Report of the Group for the year ended 31 December 2022, and reported to the Board that nothing has come to their attention that causes them to believe that the statement is not prepared, in all material respects, in accordance with the disclosure required by paragraphs 41 and 42 of the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers, nor is the Statement factually inaccurate. This Statement on Risk Management and Internal Control was approved by the Board on 28 March 2023. CONCLUSION The Board is of the view that the risk management and internal control system are in place for the year under review, and up to the date of approval of the Statement on Risk Management and Internal Control, are sound and sufficient to safeguard shareholders’ interests and the Group’s assets. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL p.244 p.245 UEM EDGENTA BERHAD INTEGRATED ANNUAL REPORT 2022 1 2 3 4 5 6 7 8 9 GOVERNANCE
RkJQdWJsaXNoZXIy NDgzMzc=