Annual Report
2015
|
DAYANG ENTERPRISE HOLDINGS BHD
(712243-U)
47
Statement on Risk Management
and Internal Control
(cont’d)
The risk workgroups which made up of Senior Managers from the major operating units established the risk
profiles of the Group during the risk assessment sessions. The level of risk tolerance of the Group highlighted in
the risk profiles is tabled through the use of a risk impact and likelihood matrix. Once the risk level is determined,
the risk owner is required to deal with the relevant risks by adhering to the Group’s risk treatment guidance on
the actions to be taken and establish risk action plans to detail out activities to be carried out to mitigate the
risks. Meetings were held on quarterly basis by the risk owners to ensure the risk action plans were carried out in
order to manage the risks identified. The progress was reported to the RMC on half yearly basis. For the financial
year, the types of major risk identified are categorised into (i) strategic risk, (ii) operational risk, (iii) financial risk,
(iv) information technology risk, (v) human resources risk; and (vi) compliance risk.
INTERNAL CONTROLS SYSTEM
The key elements of the Group’s internal controls system are described as below;
Clear Organisation Structure
The Group has a clear defined organisation structure with clear lines of delegation of responsibility to the Board,
the Management and the operating units. At the Board level, all strategic, business and investment plans are
approved and monitored by the Board. Certain Board responsibilities are delegated to the Board Committees
through clearly defined Terms of Reference. Further details of the Board Committees are stated in the Statement
of Corporate Governance of this Annual Report.
Independence of the Audit Committee
The Audit Committee (“AC”) comprises wholly of independent and non-executive directors from various
experiences and qualifications who bring a vast amount of commercial experience, technical expertise, industry
insight and business knowledge. The AC assesses the adequacy and effectiveness of the internal controls during
the financial year. The AC reviewed and approved the financial year 2015 (“FY15”) Internal Audit Plan. The AC
also reviews and reports to the Board on the engagement of the External Auditor, quarterly interim reports and
annual financial statements. Other activities of the AC during the FY15 are disclosed in the AC Report.
Group Internal Audit
The Board acknowledges the importance of the internal audit function as part of its effort in ensuring the system
of internal control of the Group is adequate and effective. The main function of the Group Internal Audit (“GIA”)
is to provide an independent objective assurance and consulting services designed to enhance work activities
of the Group by emphasising a systematic approach to evaluate and improve the effectiveness of the system
of internal controls. The GIA has a clear reporting line to the Audit Committee.
The GIA activities are carried out according to an annual audit plan approved by the Audit Committee. The
audit plan is prepared based on the key risks identified within the Group. The GIA assesses the adequacy and
integrity of the Group’s internal controls and provides recommendations, if any, for the improvement of the
control policies and procedures. The GIA and the Management are tasked to ensure management action
plans are carried out effectively and regular follow-up audits are performed to monitor continued compliance.
For FY15, the GIA has conducted 14 audits on operational processes according to audit plan and 2 ad-hoc
audits requested by the Management. The results of the internal audit assessments are reported quarterly to the
Audit Committee.
