Fraser & Neave Holdings Bhd Annual Report 2019

WWW . F N . C O M . M Y 116 F R A S E R & N E A V E H O L D I N G S B H D STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL INFORMATION SYSTEMS The Group operates on an enterprise resource planning system which integrates various facets of the Group’s operations. The system provides management with data, analysis, variations, exceptions and other input relevant to the Group’s performance. Employees within the Group are guided by the Information Technology policies and procedures such as IT Security Policy, Access Management, Cyber Security Framework and End User Policy. BUSINESS CONTINUITY MANAGEMENT The Board is cognizant of the importance of business continuity management (“BCM”) in strengthening the Group’s resilience in response to the evolving business environment and enhancement of shareholders’ values. F&NHB has in place the following components within the BCM Framework to enable the Group’s operations to be prepared in the event of emergencies: The Framework and the BCM plans developed are reviewed on an annual basis and tested periodically to ensure that it is up-to-date and relevant to the business environment. AUDIT COMMITTEE AND GROUP INTERNAL AUDIT Group Internal Audit performs periodic audits of subsidiaries within the Group in accordance with an annual internal audit plan, which is formulated through a comprehensive risk-based methodology and approved by the Audit Committee. The audits are designed to test the appropriateness of control design and implementation as well as compliance with the existing policies and procedures. Based on the audits performed, areas of improvement on control design and implementation are highlighted, on a quarterly basis, to the Audit Committee and Management to implement internal audit recommendations. Status of implementation of agreed audit recommendations is tracked until completion and quarterly updates are provided to the Audit Committee and Management. Further details on the activities of the Audit Committee and Group Internal Audit are set out in the Audit Committee Report. CONCLUSION The Board, through the SRMC and Audit Committee, has undertaken review of the adequacy and effectiveness of risk management and internal control system in accordance with the Terms of Reference during the year under review. The Board is of the view that the Group’s overall risk management and internal control system is sound and adequate in all material aspects, and has received the same assurance from both the CEO and CFO of the Group. The Board ensures that the risk management process in identifying, evaluating and managing significant risks is operating adequately and effectively throughout the financial year up to the date of approval of this Statement. It is in the Board’s opinion that the Group’s system of internal control during the year under review is adequate and effective to safeguard the Group’s assets and the interests of shareholders and stakeholders. Business Impact Analysis Development of BCM Strategies and Plans Business Recovery Procedures Business Continuity Testing and Exercise Monitoring and Evaluation of The Overall Effectiveness of BCM