STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL
(CONT’D)
Risk Management and Internal Control Structure (Cont’d)
(a) An organisation structure with clearly defined lines of responsibility, authority and accountability;
(b) Documented internal policies, guidelines, procedures and manuals, which are updated from time to time;
(c) Regular Board and management meetings where information is provided to the Board and management
covering financial performance and operation;
(d) Quarterly review of financial results by the Board and Audit Committee;
(e) Regular training and development programmes attended by employees with the objective of enhancing
their knowledge and competency;
(f) Existence of risk management team to enhance its risk management practice; and
(g) Ongoing reviews on the system of internal controls by an independent internal audit function. Results of
such reviews are reported to the Audit Committee, which in turn reports to the Board.
In addition, the Executive Directors have day to day involvement with the business and are responsible for
monitoring risks affecting the business and control activities. These are supplemented by comprehensive and
independent reviews undertaken by the internal audit function on the controls in operation in each individual
business. The internal auditors independently report to the Audit Committee on the outcome and findings from
their reviews.
Risk Management Process
The Board regards risk management as an integral part of business operations. For the period under review, the
RMC is assisted by the senior management team from various divisions to effectively embed risk management
and control into the corporate culture, processes and structures within the Group. The RMC has identified and
reviewed the major business risk factors affecting the Group and derive risk management strategies to manage
and mitigate the risks identified. The following factors were considered in the risk assessment:
(a) The nature and extent of risks facing the Group;
(b) The extent and categories of risk which it regards as acceptable for the Group to bear;
(c) The likelihood of the risks concerned materializing; and
(d) The Group’s ability to reduce the incidence of risks that may materialise and their impact on the business.
Control Environment
The Group has in place a proper control environment which emphasizes on quality and performance of the
Group’s employees through the development and implementation of human resource policies and programmes
designed to enhance the effectiveness and efficiency of the individual and the organisation.
The Board believes that a sound internal control system reduces, but cannot eliminate, the possibility of poor
judgement in decision making, human error, control processes being deliberately circumvented by employees
and others, management overriding controls and the occurrence of unforeseeable circumstances.
•
Pentamaster Corporation Berhad
(572307-U)
Annual Report 2014
23
