site map | links
Search
 
Home Products Cement Facts Feedback Contact Us Our Businesses

NAVIGATION

Corporate Profile

Corporate Profile

Company Background
Corporate Data
Annual Report
Announcements
Internal Control
Chairman's Message
Board of Directors
Management System Policy
Corporate Governance

 

Statement On Risk Management and Internal Control

 

Introduction

 

The Malaysian Code on Corporate Governance requires the Board of Directors to establish a sound risk management framework and internal controls system to safeguard shareholders’ investments and the Group’s assets.  In accordance with paragraph 15.26 (b) of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad (‘Bursa Malaysia’), the Board of Directors of a listed issuer is required to include in its annual report, a statement about the state of risk management and internal control of the listed issuer as a group.


The Board of Directors (‘Board’) recognises its responsibilities for and the importance of a sound system of risk management and internal controls, and is committed to establish a sound framework to manage risks. The Board is pleased to present herewith the Statement on Risk Management and Internal Control, prepared in accordance with the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers (“Guidelines”) endorsed by Bursa Malaysia, which outlines the nature and state of risk management and internal control of the Company and its subsidiaries (“the Group”) for the financial year under review.


 

Board Responsibility

 

The Board affirms its ultimate responsibility for the adequacy, effectiveness and integrity of the system of risk management and internal controls to safeguard shareholders’ investments and the assets of the Group. Overall, the Board has established a risk management framework with the objective of setting clear guidelines in relation to the levels of risk acceptable to the Group.  


The system of risk management and internal controls is designed to meet the Group’s objectives and strategies, and the risks to which it is exposed.  This system covers the risk areas on financial, operational, compliance and information technology, and controls put in place to manage the risks. It should be appreciated that, however effective a system is, it can only provide reasonable, not absolute, assurance against material misstatement, loss or irregularities.  It should be further noted that such a system is designed to manage, rather than eliminate, the risks of failure to achieve its business objectives and strategies.

 

The Board is supported by the Enterprise Risk Management Committee (“ERMC”) in overseeing the risk management efforts. The ERMC is headed by the Group Chief Executive Officer, and its members comprised senior personnel from management, finance, operations, business development and internal audit.


The Group has in place an ongoing process for identifying, evaluating, managing and monitoring the significant risks affecting the achievement of its business objectives and strategies for the year under review and up to the date of approval of this statement for inclusion in the annual report. This process is ongoing with monthly review by ERMC and internal audit function, the results of such reviews and the relevant actions arising are reported on a quarterly basis to the Board Audit and Risk Management Committee.    


 

 

Risk Management Framework

 
Recommendation 6.1 of Principle 6 in the Malaysian Code on Corporate Governance 2012 states that the Board should establish a sound framework to manage risks. The Board, in fulfilling its stewardship responsibilities, has established an organisation structure with clearly defined lines of accountability and delegated authority.


 

With the assistance of the Internal Audit Department, the Board undertook reviews of its existing risk management processes and key components of its internal controls that were in place within the various operating business units, to ensure effectiveness, adequacy and integrity of the risk management functions and controls.


 

The Group took the following initiatives:


  • Formulation of the Risk Management Policy, which outlines the risk management framework for the Group and offers practical guidance to all employees on risk management issues; 


  • A database of all risks and controls had been formed, and the information organised to produce detailed risk registers for the major business units, that have been categorised into strategic, operations, financial and knowledge risks; 


  • Key risks to each of the Group’s business unit’s objectives, aligned with the Group’s strategic objectives, had been identified and assessed for likelihood of the risks occurring and the magnitude of impact using a self-assessment approach; 


  • Management’s risk assessments had been moderated and re-confirmed; with the corresponding action plans for the significant risks prepared by the key members of Management to address those risks; 


  • A risk profile of the Group had been developed, which together with a summary of the key findings and corresponding action plans, were presented and discussed in the Board Audit and Risk Management Committee before submitting to the Board for consideration; 


  • Quarterly risk management reports were updated and submitted to the Enterprise Risk Management Committee before being tabled to the Board Audit and Risk Management Committee and ultimately the Board for consideration; and


  • The processes adopted to monitor and review the adequacy and integrity of the system of risk management and internal controls are continuously reviewed and improved upon by the Board Audit and Risk Management Committee. 


The operations of the Group are exposed to a variety of risks, including financial risk like credit, foreign exchange, interest rate and liquidity risks. The nature of these risks and measures taken by the Group to minimise those risks are disclosed below:-


(a)  Credit risk

At reporting date, there were no significant concentrations of credit risk. The maximum exposure to credit risk is represented by the carrying amount of each financial asset in the statements of financial positionManagement has a credit policy in place and the exposure to credit risk is monitored on an ongoing basis. Credit evaluations are performed on all customers requiring credit terms

 

(b)  Foreign exchange risk

The Group incurs foreign currency risk on sales and purchases that are denominated in a currency other than Ringgit Malaysia. The currency giving rise to this risk is primarily United States Dollar.

Material foreign currency transaction exposures are hedged, mainly with derivative financial instruments such as forward foreign exchange contracts, on a case by case basis.


(c)  Interest rate risk

The Group is exposed to interest rate risk in respect of their short term deposits with licensed banks and the contractual borrowing rate for bankers’ acceptance. However, the fluctuation in interest rates, if any, is not expected to have a material impact on the financial performance of the Group.


(d)  Liquidity risk

Cash flow forecasting is performed in the operating entities of the Group and aggregated by the Group finance. Group finance monitors rolling forecasts of the Group’s liquidity requirements to ensure it has sufficient cash to meet operational needs. Surplus cash held by the operating entities over and above balance required for working capital management is transferred to the Group treasury. Group treasury invests surplus cash in short term deposits with licensed banks.

 

 

  

Internal Audit Function

 

The Group has its own internal audit function, which is independent of the activities it audits. The internal audit function submits reports to the Board Audit and Risk Management Committee on a quarterly basis and provides the Board with much of the assurance it requires regarding the effectiveness, adequacy and integrity of the system of risk management and internal controls.

 

The Internal Audit Department develops risk-based audit plans to determine the priorities of the internal audit activities, consistent with the Group’s objectives and strategies. The Board Audit and Risk Management Committee reviews and approves the internal audit plans on an annual basis.

 

Internal Audit Department independently reviews the internal controls in the key activities of the Group’s businesses implemented by the Management, ascertains the extent of compliance with established policies, procedures and relevant statutory requirements, recommends improvements to the system of internal controls, and conducts follow-up reviews on previous audit reports to ensure that appropriate actions are taken to address issues reported on a timely basis or within agreed timelines.

 

 

 

Other risks and control processes

 

Apart from risk management and internal audit, the other key elements of the Group’s internal control system are as follows:


  • An organisational structure with clearly defined lines of responsibility and the appropriate levels of delegation to Committees of the Board and to Management that promotes accountability for appropriate risk management and control procedures.  The procedures include the establishment of authority limits for all aspects of the business, which is subject to periodic review throughout the year as to their implementation and for their continuing suitability;

     

  • Each operating unit is responsible for the operation, conduct and performance of its unit, this includes the identification and assessment of significant risks applicable to its operation areas, the design and operation of appropriate internal control to ensure that an adequate and effective internal control system is in place;

  • Code of Ethics and Conduct are established and adopted for  all directors, officers and staff, and a Whistleblowing Policy to facilitate disclosure of any improper conduct within the Group;

     

  • Regular internal audit reviews to monitor compliance with procedures and assess the integrity of financial information provided;

     

  • Regular and comprehensive information provided to Management, covering financial performance and key business indicators, such as sales, production volumes, staff turnover and cash flow performance etc.;

     

  • Periodic internal quality inspection to monitor compliance with ISO and OHSAS requirements;

  • Standard operating procedure (“SOP”) manual sets out the policies and procedures for day to day operations to be carried out. Periodic reviews are performed to ensure that the SOP remains current, relevant and aligned with evolving business environment and operational needs;

  • Regular supervisory checks to ensure strict adherence to operations, administration, accounting and financial reporting procedures;

  • A detailed budgeting process, whereby operating units prepare budgets for the coming year which are then approved both at the operating unit level and by the Board;

     

  • Monthly monitoring of results against budget, with major variances being followed up and Management action taken, where necessary;

     

  • Regular visits to operating units by the Executive Director and key members of Management; and

  • Annual training and development programmes are established to ensure that officers and staff are equipped and kept up to date with the necessary competencies to carry out their responsibilities towards achieving the Group’s objectives and strategies.

 

 

 

Adequacy and effectiveness of risk management and internal control system

 

 

The Board has reviewed the effectiveness of the Group’s risk management and internal control system for the year under review and up to the date of approval of this statement for inclusion in the annual report. 


The Board is satisfied with the Group’s ongoing process for identifying, evaluating, managing and monitoring the risks of the business, including the scope and frequency of reports on both risk management and internal control that were received and reviewed during the year by the Board Audit and Risk Management Committee and the Board, important risk and control matters discussed and associated actions taken by Management.


The review was also extended to the associated companies through the Company’s representation in the Audit Committee of the associated companies.

 

Based on the framework established and the reviews conducted, the Board is of the opinion, with the concurrence of the Board Audit and Risk Management Committee, that there are sound and sufficient controls in place within the Group addressing material financial, operational, compliance and information technology risks to meet the business objectives and strategies of the Group in its current business environment.


No weaknesses in internal control or adverse compliance events that have resulted in any material losses, contingencies or uncertainties that would require disclosure in the Group’s annual report were noted.  


The Board has received assurance from the Group Chief Executive Officer and Chief Financial Officer that the Group’s risk management and internal control system is operating adequately and effectively in all material aspects, based on the risk management model adopted by the Group. The Management will continue to review and take measures to ensure the ongoing effectiveness and adequacy of the system of risk management and internal controls, so as to safeguard shareholders’ investments and the Group’s assets.

 

 

Review of statement by external auditors

 

 

As required by paragraph 15.23 of the Main Market Listing Requirements of Bursa Malaysia, the external auditors, Messrs Ernst & Young, have reviewed this Statement on Risk Management and Internal Control in accordance with the Recommended Practice Guide 5 (Revised 2015) issued by the Malaysian Institute of Accountants, for inclusion in the Annual Report for the financial year ended 31 December 2016 and reported to the Board that nothing has come to their attention that causes them to believe that the Statement is inconsistent with their understanding of the process the Board has adopted in the review of the adequacy and effectiveness of risk management and internal controls within the Group.


This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board of Directors dated 23 February 2017.

 

 

Copyright © Tasek Corporation Berhad. All Rights Reserved.