The Malaysian Code on Corporate Governance requires public listed companies to maintain a sound system of internal controls to safeguard shareholders’ investments and the Company’s assets. Equally, under paragraph 15.26 (b) of the Main Market Listing Requirements of Bursa Malaysia Securities Berhad (‘Bursa Securities’), the Board of Directors of public listed companies is required to include in its annual report, a statement on the Company’s state of internal control. The Board of Directors (‘Board’) recognises its responsibilities for and the importance of sound internal controls. Set out below is the Board’s Statement on Internal
Control, which provides an overview of the Company’s state of internal control.

 

 

The Board has ultimate responsibility for the system of internal controls. Overall, the Board has established a risk management framework with the objective of setting clear guidelines in relation to the levels of risk acceptable to the Company. The system of internal controls is designed to meet the Company’s particular needs and the risks to which it is exposed. This system covers not only financial controls but risk management, operational and compliance controls. It should be appreciated that, however effective a system is, it can only provide reasonable, not absolute, assurance against material misstatement, loss or irregularities. It should be further noted that such a system is designed to manage, rather than eliminate, the risks of failure to achieve its business objectives.

 

The Company has in place an on-going process for identifying, evaluating and managing the significant risks affecting the achievement of its business objectives for the year and up to the date of approval of the annual report and financial statements. This process is on-going and reviewed by the Board on a quarterly basis and in accordance with Bursa Securities’ Statement on Internal Control: Guidance for Directors of Public Listed Companies. The risk management process was also extended to its significant subsidiary company and significant associate company.

 

 

Part 2 of the Best Practices in the Malaysian Code on Corporate Governance states that the Board should identify principal risks and ensure the implementation of appropriate systems to manage these risks. The Board, in fulfilling its stewardship responsibilities, has established an organisation structure with clearly defined lines of accountability and delegated authority. The risk management functions and effectiveness of such controls were first formalised in May 2002. Each financial year, with the assistance of the Internal Audit Department, the Board undertook a review of its existing risk management processes and key components of its internal controls that were in place within the various operating business units. 

 

 

• The Risk Management Policy was issued in August 2002, which outlines the risk management framework for the Company and offers practical guidance to all employees on risk management issues;
• A database of all risks and controls had been formed, and the information organised to produce detailed risk registers for the major business units, that have been categorised into strategic, operations, financial and knowledge risks;
• Key risks to each of the Company's business unit’s objectives, aligned with the Company’s strategic objectives, had been identified and assessed for likelihood of the risks occurring and the magnitude of impact using a self-assessment approach;
• Management’s risk assessments had been moderated and re-confirmed; with the corresponding action plans for the significant risks prepared by the key members of management to address those risks;
• A risk profile of the Company had been developed, which together with a summary of the key findings and corresponding action plans, were presented and discussed in the Board Audit and Risk Management Committee before submitting to the Board for consideration;
• Quarterly risk management reports were updated and submitted to the Enterprise Risk Management Committee before being tabled to the Board Audit and Risk Management Committee and ultimately the Board for consideration; and
• The processes adopted to monitor and review the adequacy and integrity of the system of internal control are continuously reviewed and improved upon by the Board Audit and Risk Management Committee.

The Company has its own internal audit function, which provides reports to the Board Audit and Risk Management Committee on a quarterly basis and provides the Board with much of the assurance it requires regarding the adequacy and integrity of the system of internal controls. The Board Audit and Risk Management Committee reviews and approves the internal audit plan on an annual basis. The Internal Audit Department independently reviews the internal controls in the key activities of the Company’s businesses implemented by the management.

 

Apart from risk management and internal audit, the other key elements of the Group’s internal control systems are as follows:

• An organisational structure with clearly defined delegation of responsibilities to Committees of the Board and to Management that promotes accountability for appropriate risk management and control procedures. The procedures include the establishment of authority limits for all aspects of the business, which is subject to periodic review throughout the year as to their implementation and for their continuing suitability;
• Regular internal audit reviews to monitor compliance with procedures and assess the integrity of financial information provided;
• Regular and comprehensive information provided to Management, covering financial performance and key business indicators, such as sales, production volumes, staff turnover and cash flow performance;
• Regular internal quality inspection to monitor compliance with ISO and OHSAS requirements;
• A detailed budgeting process, whereby operating units prepare budgets for the coming year which are then approved both at the operating unit level and by the Board;
• Monthly monitoring of results against budget, with major variances being followed up and management action taken (where necessary); and
• Regular visits to operating units by the Executive Directors and key members of management.

During the year, no weaknesses in internal control that have resulted in any material losses, contingencies or uncertainties that would require disclosure in the Company’s annual report were noted. Management continues to review and take measures to ensure the ongoing effectiveness and adequacy of internal controls, so as to safeguard shareholders’ investments and the Company’s assets.