1 66 Table of Contents 68 339

KENANGA ANNUAL REPORT 2018

65 ANNUAL REPORT 2018 An Annual Audit Plan based on the appropriate risk based methodology has been developed and approved by the AC. On a quarterly basis, audit reports and status of internal audit activities including the sufficiency of GIA resources are presented to the AC for review. Periodic follow up reviews are conducted to ensure adequate and timely implementation of Management’s action plans; 15. Quarterly meetings are held by the AC together with Management to review issues highlighted in the reports by internal and external auditors, as well as, audits conducted by regulators such as SC, Bursa Securities and BNM, in particular the actions taken to address the issues. If required, the internal auditors will also assist the AC to periodically review the measures taken to address the AC’s concerns on any internal control system; 16. Regular Board and Management meetings to review the operational and financial performance of the Group and assess any significant internal control issue highlighted by the AC, GIA, GRCS, regulators and external auditors so as to seek resolution of those matters; 17. The Board does not regularly review the internal control systems of associate companies and joint venture company as the Board does not have any direct control over their operations. Notwithstanding this, the Group’s interests are served through representation on the boards of the respective companies via receipt and review of management accounts, periodical reports, as well as, deliberation on proposals related to these companies. Such representation also provides the Board with information for decision-making on the continuity of the Group’s investments based on the performance of these associate companies and joint venture company; and 18. Management is responsible for, amongst others: a. reviewing the actual performance against the budget and previous year’s achievements on a quarterly basis; b. addressing any internal control issues with the AC, Group Board Risk Committee (“ GBRC ”), GIA and the External Auditors; and c. addressing any matters arising from the meetings of the Board, Audit Committee and GBRC and ensuring that actions are taken in relation to these matters. Effectiveness of Risk Management Framework and Internal Control System The Board confirms that the risk management framework and the system of internal controls, with the key elements highlighted above, was implemented to identify, evaluate and manage significant risks faced by the Group during the Financial Year and has taken into consideration any material developments up to the date of approval of the annual report and Audited Financial Statements for the Financial Year Ended 31 December 2018. The main risk areas faced by the Group and the guidelines and policies adopted to manage them are provided in detail under Note 50 of the Audited Financial Statements of the Company for the Financial Year Ended 31 December 2018. The Board is satisfied that there is a sound system of risk management and internal controls in the Group which is functioning adequately and there are regular checks to ensure the controls are efficient and effective. Review of the Statement by External Auditors As required by Paragraph 15.23 of the MMLR of Bursa Securities, the External Auditors have reviewed this Statement on Risk Management and Internal Control. Their review was performed in accordance with the Audit and Assurance Practice Guides (“ AAPG ”) 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the annual report issued by the Malaysian Institute of Accountants. Based on the review, the External Auditors have reported to the Board that nothing has come to their attention that causes them to believe that this Statement on Risk Managemnet and Internal Control is inconsistent with their understanding of the process that the Board has adopted in the review of the adequacy and integrity of the internal controls of the Group. AAPG 3 does not require the External Auditors to, and they did not, consider whether this Statement on Risk Managemnet and Internal Control covers all risks and controls, or to form an opinion on the effectiveness of the Group’s risk and control procedures. This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board dated 28 February 2019. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

RkJQdWJsaXNoZXIy NDgzMzc=