Integrated Annual Report 2021

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL GOVERNANCE ASSURANCE FUNCTIONS Group Health, Safety, Security & Environment (Group HSSE) The HSE Management System is developed in reference to PETRONAS HSE Management System, industry standards and best practices, which serves as a reference in planning and mitigating the risks of Health and Safety of employees, visitors, contractors and sustainability of the environment. Group HSSE ensures that the Group’s Security Risk exposures are reviewed according to national and international regulatory requirements and best practices; and mitigating measures are accordingly planned and implemented to ensure the security of employees, visitors, contractors and assets in accordance with the Security Management System. The threat of COVID-19 pandemic since early 2020 is effectively managed and contained through risk assessments, situational analysis, case management and mitigation measures. Standard operating procedures are regularly reviewed in accordance to the legislative requirements and best practices. Cybersecurity conducts risk assessments on emerging technology areas, collaborates with operating units on internal and external audits and ensuring audit findings on cybersecurity areas are close to satisfaction. Regular reviews are done to continuously improve operational processes. HSSE assurance is carried out on the respective business segments, vessels and floating facilities by Group HSSE with the objective to verify, evaluate and review the HSSE operational activities to ensure their operational integrity and reliability are maintained at all times, consistent with international regulations, HSSE controls and internal policies. MISC Group’s vessels are subjected to stringent audits, vetting and inspections to meet various regulatory and commercial requirements. These include vetting by oil majors, audits by the Malaysian Marine Department and ship classification societies to maintain international safety and security management certification under the relevant codes. In addition, MISC is also subjected to periodic management reviews by its customers’ risk management units. The MISC Group HSSE Council, chaired by the President/Group Chief Executive Officer (CEO) with the MC and Managing Director/ CEO of all subsidiaries as members, reviews the Group HSSE performance on a monthly basis and HSSE policies and strategies periodically, to ensure that they are in line with business objectives. The BGRC will then be updated on the HSSE quarterly performance while the BAC oversees the HSSE risk and control effectiveness through review of the assurance findings on a half yearly basis. GROUP INTERNAL AUDIT MISC’s GIA supports the BAC by providing independent review on the adequacy of risk management, governance as well as the efficiency and effectiveness of the internal control systems. The authority, responsibilities and scope of work are defined in the approved Internal Audit Charter, which is aligned with the principles outlined in the International Professional Practices Framework (IPPF). In performing its audit engagements, GIA refers to the internal control framework and guideline issued by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). COSO is an internationally recognised organisation providing guidance on internal control, enterprise risk management and governance. Further information on the internal audit functions are set out in the Statement on Internal Audit Function on pages 262 to 263 in the BAC Report of this Integrated Annual Report. OTHER MATTERS With regards to the associated companies and joint ventures, the Board does not regularly review their internal control systems as the Board has no direct control over their operations. Nevertheless, MISC’s interests in the associated companies and jointly controlled entities are served via representations on the boards as well as review of management accounts and enquiries thereof. AFFIRMATION BY THE BOARD The Board has received assurance from the President/Group CEO and Vice President, Finance that the internal control and risk management systems of the Company and its subsidiaries for the year under review up to the date of approval of the statement are, in all material aspects, operating adequately and effectively. During the financial year under review, there was no significant control failure or weakness that would result in material losses, contingencies or uncertainties requiring separate disclosure in this Integrated Report. REVIEW BY EXTERNAL AUDITOR The external auditor, Messrs. Ernst & Young PLT, has reviewed this Statement on Risk Management and Internal Control for inclusion in the Integrated Annual Report for the financial year ended 31 December 2021, in compliance with paragraph 15.23 of the Listing Requirements in accordance with guidelines issued by the Malaysian Institute of Accountants, and reported to the Board that nothing has come to their attention to cause them to believe that the statement intended to be included in the Integrated Annual Report is not prepared, in all material respects, in accordance with disclosures required by Paragraph 41 and 42 of the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuer, or that the statement is factually inaccurate. CONCLUSION For the financial year under review, based on enquiry, information and assurance provided, the Board is satisfied that the internal control and risk management systems were generally satisfactory. Measures would continuously be taken to ensure ongoing adequacy and effectiveness of the internal control and risk management systems, and to safeguard the Group’s assets and shareholders’ investment. This statement is made in accordance with the resolution of the Board of Directors dated 21 February 2022. MISC Berhad 284 Integrated Annual Report 2021 MISC Berhad Integrated Annual Report 2021 285

RkJQdWJsaXNoZXIy NDgzMzc=