Dagang NeXchange Berhad Annual Report 2018

70 Dagang NeXchange Berhad Annual Report 2018 Statement on Risk Management and Internal Control RISK MANAGEMENT Risk management is embedded by the Board as part of the business operation activities of the Group. It has been the Board’s priority to ensure that strategic and investment risks particularly in new ventures are managed in order to safeguard the Group’s assets. The Group has established the risk management framework, based on the principles of Committee of Sponsoring Organisations of the Treadway Commission (“COSO”) and benchmarked against ISO 31000:2009 across the Group as a standardised approach to meticulously identify, analysing, measuring, managing, monitoring and reporting risks that may affect the Group. The risk identification process takes effect as early as the initial junctures of investments and key operational activities. Delegation of Authority A risk reporting structure has been established to ensure prompt communication to Audit Committee and the Board. Collectively, the Board and Executive Deputy Chairman oversees and reviews the strategic level risk management whilst the Group Managing Director and Chief Financial Officer are accountable for the conduct of the Group’s businesses and execute measures and controls to ensure that the risks are managed effectively. The risk management processes in identifying, evaluating and managing significant risks facing the Group are embedded in the operating and business processes and recorded in a group wide risk register which is reviewed and reported to the Board on quarterly basis. Risk Appetite The Group’s risk appetite is a key consideration in decision making. The Management team and Chief Financial Officer as the patrons of risk management receives sufficient support at Group level in reporting the key risks identified and assist the Board in ensuring the implementation of appropriate systems to manage the overall risk exposure of the Group. Key features of the Group’s risk appetite cover strategic, operational, financial and regulatory parameters. It guides the Management team and Chief Financial Officer on balancing opportunities and risk management amongst others on assessment of investment proposals, disposals of assets, working capital, cash flows and gearing, project risk and policies to manage the overall risk exposures of the Group to ensure that the strategies are implemented aligned to the Board’s approval. The risk owners are responsible to ensure preventative, detective and corrective controls were in place to address these risks. Gaps in controls and continual improvements were implemented through management action plans. During the reviews, justifications for performances are discussed in order to identify the appropriate measures to manage risks and an informed decision making or evaluation of opportunities and risks were made at strategic level. INTERNAL CONTROL ACTIVITIES In discharging the governance responsibility, the Board delegates the oversight of internal control and risk management. The Management acknowledges their responsibility to the achievement of business goals and is responsible for implementing Board-approved riskmanagement frameworks, compliance to policies and procedures and keeping the Board apprised of new or emerging risk when required. The Management is expected to provide assurance to the Board that the Group’s risk management and internal controls system are operating adequately and effectively based on the risk management framework adopted by the Group through the Audit Committee. Audit Committee Besides reviewing the system of internal control, the Audit Committee also reviews the following key processes and information:- • financial information covering financial performance and quarterly financial results; • annual report and audited financial statements before recommending to the Board for approval and before presentation of the financial information to the shareholders, investors and public; • periodic review of Group’s management accounts and performance analysis of the Management team, subsidiaries companies and supporting units; and • audit findings and reports on the review of systems of internal control provided by the appointed independent internal auditors and status of Management's implementation of the audit recommendations. Role of Auditors The scope of work of the internal audit function is carried out based on the approved internal audit plan by the Audit Committee. For the year under review, the auditor has checked for compliance with policies and procedures and the effectiveness of the internal control system and highlight findings of non-compliance or process improvement during the quarter Audit Committee meetings. The auditor plays a significant role in verifying and validating whether the management has met its responsibilities and determining the level of internal controls compliances. This is carried out by evaluating controls, risk management, business objectives performances, governance processes as well as monitoring whether agreed action plans are in line with recommendations for improvements. The Board also received assurance from the internal auditor that the Group has satisfactorily complied with the guidelines by the Malaysian Code on Corporate Governance, the Board Charter and Term of Reference for the Board of Directors of the Group. Further to this, the external auditors conduct annual statutory audit on the financial statements. Areas for improvement identified during the course of statutory audit by the external auditors are brought to the attention of the Board accordingly.