1 71 Table of Contents 73 352

KENANGA ANNUAL REPORT 2019

K E N A N G A I N V E S T M E N T B A N K B E R H A D A n n u a l R e p o r t 2 0 1 9 70 The GBRC is supported by the Group Risk Committee (“ GRC ”) that provides a forum to address and review the management of credit, operational, market, liquidity, technology and other significant risks to enable effective oversight, accountability and responsibilities for risk taking decisions. Assisting the GRC is the Group Operational Risk Committee and the Group Business Continuity Management Committee. The GBDITC focuses on technologies and IT risk of the Group at the Board level and is supported by the Group Information Technology Steering Committee which covers the Group’s technology plans and projects. Quarterly meetings are held by the Audit Committee (“ AC ”) together with Management to review issues highlighted in the reports by internal and external auditors, as well as audits conducted by regulators such as Bank Negara Malaysia (“ BNM ”), Securities Commission Malaysia (“ SC ”) and Bursa Securities, in particular the actions taken to address issues. If required, the internal auditors will also assist the AC to periodically review the measures taken to address the AC’s concerns on any internal control system. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL BOARD OF DIRECTORS Group Risk Committee Group Operational Risk Committee Group Business Continuity Management Committee Group Board Risk Committee Group Nomination & Remuneration Committee Group Board Digital Innovation & Technology Committee Group Executive Committee Group Credit Committee Group Products Committee Group Outsourcing & Procurement Committee Shariah Committee Group Talent Committee Group Disciplinary Committee Group Information Technology Steering Committee Audit Committee Board Committee Management Committee Management Committees (“ MC ”) are established to oversee specific responsibilities based on defined terms of references. They are held regularly to ensure that business operations are executed in accordance with approved strategies, policies and business directions. The MCs are responsible for, amongst others: - reviewing the actual performance against expectations and budget; - addressing any internal control issues with the AC, GBRC, GBDITC, GIA, regulators and the external auditors; and - addressing any matters arising from the meetings of the Board, AC, GBRC and GBDITC; and ensuring that actions are taken in relation to these matters.

RkJQdWJsaXNoZXIy NDgzMzc=