The Board of Directors recognizes the importance of a sound Risk Management System and is therefore committed to establish and maintain an efficient and effective System of Internal Control in financial and operational risk throughout the Group as to safeguard shareholder's investments.
The Board acknowledges its overall responsibility on the Group's Risk Management & Internal Control System which is to establish an appropriate risk control framework including reviewing its adequacy and integrity. The Board is also aware of its responsibilities to determine the nature, level and risk appetite that the Group is able to take whilst maintaining a sound risk management and internal control system. Management has identified and assess the risks faced by the Group, therefore designed and implemented the appropriate internal controls to mitigate these risk firstly by having limits of authority in place. However, there are certain limitations to any system of internal control, and therefore the system is designed to manage and minimize the impact but not completely eliminate risks. Hence, the system in place can only provide reasonable but not absolute assurance against material misstatement, fraud or loss. The system of internal control in place covers financial and operational control risk in the Group.
Management has identified and managed significant risks faced within Group and any updates takes into consideration changes in the regulatory, business and external environment. The outcome is reviewed by the Board via the Audit Committee. The Audit Committee's responsibilities and duties can be found in the Audit Committee Report section of this Annual Report. The Group's required conduct on good ethical behavior requires all employees to act with highest standards of business integrity, comply with all applicable laws and regulations, and ensure that business behavior are not compromised for the sake of results. Therefore, Risk Management has been embedded in the Group's management system as the Group firmly believes that risk management is crucial for the Group's sustainability as well as to ensure its assets and reputation is protected at all times. The Board believes that the ability to manage its risks is paramount to achieving sustained profitability and ability to enhance shareholders' value and therefore the Enterprise Risk Management (ERM) framework in place has been developed within its risk appetite. The ERM Framework sets out the Group's underlying approach to risk management that is approved by the Board. The Board is assisted by a Risk Management Committee (RMC), comprising of managers from all location in the Group and led by the Executive Director. The Group's Risk identified together with its mitigation action is reviewed as and when found needed by the Risk Management Committee. Risk findings together with the internal controls in place are reviewed in monthly management meetings by the Company and the active subsidiaries.
Main responsibility of the Risk Management Committee is to ensure that the enterprise risk management program is carried out by:
a) Identifying potential risk in the Group's processes and compiled/update into the Risk Register when reviewed,
b) Evaluate and determine the likelihood of the risk occurring and the impact of such risk to the Group,
c) Monitor ongoing risk by assessing whether any conditions associated with a particular risk has changed and
d) Review the Group's Enterprise Risk Management processes periodically together with the Management to ensure that the policy is in line with the Group's objectives.
In the financial year, Risk Management Committee had identified risks in the Group which is the non-standardization of the enterprise resource planning system used. The risks identified have been made known to the Board and will be compiled in the Risk Register. This Risk Register are reviewed and assessed by the Risk Management Committee as and when needed.
The Board does recognize the increasing importance of maintaining a sound system of internal control in order to safeguard the Group's assets and shareholders' investment. Therefore the Group has in place a series of policies, practices and controls in relation to the financial and operation process that are designed to address key risks, including risks arising from changes in the business and accounting standards. The following are some of internal controls in place:
.Corporate Policy on Limit of Authority that limits the approval for signing of contracts/agreement, payments and loans for all levels including Management.
.For the Boards deliberation and approvals, Financial Information with variance management report, Financial Commitments, Budget Monitoring Report, Recurrent Related Party Transactions and new business or expansion in current business plans is provided and presented to the Audit Committee/the Board.
.Monitoring of individual subsidiary performance are carried out monthly in Budget and Subsidiary Meetings by Management. Operational performance and issues faced by individual sites and departments are raised and approvals are sought at these meetings.
.Corporate Policies comprising of Code of Conduct, Fraud and Whistle Blowing are implemented throughout the Group.
.An organizational structure with formally defined lines of responsibility and delegation of authority.
.Formalized quality manuals in compliance to ISO 9001:2008 that provides clear guidance to employees carrying out their job responsibilities.
The internal audit function is undertaken by the Company's external professional advisor, BDO Consulting Sdn. Bhd. The Internal Audit function is to provide an independent assurance on the Group's Internal Control policies and practices as well as other consultative activities designed to improve the controls where necessary. The responsibilities of the internal auditors are to assist the Audit Committee in discharging its responsibilities to review the adequacy and the integrity of the Group's internal control systems and management information systems, including systems for compliance with applicable laws, regulations, rules, directives and guidelines. The Audit Committee had approved a risk-based internal audit plan for the Group and for the year ended 31 December 2013 the internal auditors has completed internal audits for all active operations (except Dawa Timber Industries (M) Sdn. Bhd. and Jasa Wibawa Sdn. Bhd.). The internal audit reports with audit findings, recommendations and management actions are submitted to the Audit Committee for its review and deliberation after each period of audit. The Board has received verbal assurance from the Chief Executive Officer and Chief Financial Officer that the Group's risk management and internal control system are in compliance with the Group's policies and practices in all material aspects. The Board has reviewed the adequacy and effectiveness of the Group's Risk Management and Internal Control Systems and in the Board's opinion the Internal Controls on Risk findings of the Group are in place.
There were no material internal control failures which resulted in material losses or any omission within the Group, during the financial year. The Board will however continue to take necessary measures to enhance the Group's System of Internal Control.
As required by Paragraph 15.23 of the Bursa Malaysia Securities Berhad Main Market Listing Requirements, the external auditor has reviewed this statement on Risk Management & Internal Control. The review was performed in accordance with Recommended Practice Guide (RPG) 5 issued by the Malaysian Institute of Accountants. RPG 5 does not require the external auditor to form an opinion on the adequacy and effectiveness of the risk management and internal control systems of the group.