122 Kenanga Investment Bank Berhad Annual Report 2021 Our Sustainability Approach About This Report We Are Kenanga Message From Chairman and GMD Aside from Group Compliance, the five (5) other departments of Group Regulatory undertake functions to review and monitor compliance in their respective areas. In this respect, the Group Financial Crime Intelligence, Group Prudential Supervision and Regulatory Affairs, Group Business Ethics and Integrity, Group Legal and Group Company Secretarial provide timely, structured and comprehensive advice and support to the Group in matters relating to the laws, rules and regulations applicable to the Group. Group Regulatory has also implemented self-assessment framework to facilitate and promote regulatory compliance by the business within the Group. For this purpose, a list of identified laws, regulations and other regulatory instruments applicable to the Group are documented and maintained to facilitate compliance. Please refer to the ‘Ethics and Compliance Statement’ for more details on functions, roles and responsibilities of Group Regulatory. Internal Audit GIA provides independent and objective assurance to the Board that the established internal controls, risk management and governance processes are adequate and are operating effectively and efficiently. To ensure independence and objectivity, GIA reports independently to the AC of KIBB and has no responsibilities or authority over any of the activities it reviews. GIA’s scope of work and activities are guided by the Internal Audit Charter, mandatory elements of The Institute of Internal Auditors’ (“IIA”)’s International Professional Practices Framework (“IPPF”) and relevant regulatory guidelines. In 2021, an external Quality Assessment Review was conducted on GIA to assess its conformity with the IIA’s IPPF, of which GIA has been accorded the rating of “Generally Conforms”, i.e. GIA has fulfilled its key objectives in accordance with the IPPF. An Annual Audit Plan based on the appropriate risk-based methodology has been developed and approved by the AC. On a quarterly basis, audit reports and status of internal audit activities including the sufficiency of GIA resources are presented to the AC for review. Periodic follow up reviews are conducted to ensure adequate and timely implementation of Management’s action plans. Associate and Joint Venture Companies The Board does not regularly review the internal control systems of associate companies and joint venture companies as the Board does not have any direct control over their operations. Notwithstanding this, the Group’s interests are served through representation on the boards of the respective companies via receipt and review of management accounts, periodical reports as well as deliberation on proposals related to these companies. Such representation also provides the Board with information for decision-making on the continuity of the Group’s investments based on the performance of these associate companies and joint venture company. CONCLUSION The Board, through the AC and GBRC, confirms that it has reviewed and considered the effectiveness of the Group’s risk management and internal control system as adequate during the financial year and has taken into consideration any material developments up to the date of approval of the Annual Report and Audited Financial Statements for the Financial Year Ended 31 December 2021. The main financial risk areas faced by the Group and the guidelines and policies adopted to manage them are provided in detail under Note 50 of the Audited Financial Statements of the Company for the Financial Year Ended 31 December 2021. The Board is satisfied that there is an effective on-going process for identification, evaluation and management of risks and there are regular reviews to ensure controls are efficient and effective. REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS As required by Paragraph 15.23 of the MMLR of Bursa Malaysia, the external auditors have reviewed this Statement on Risk Management and Internal Control. Their review was performed in accordance with the Audit and Assurance Practice Guides (“AAPG”) 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants. Based on the review, the external auditors have reported to the Board that nothing has come to their attention that causes them to believe that this Statement is inconsistent with their understanding of the process that the Board has adopted in the review of the adequacy and integrity of the internal controls of the Group. AAPG 3 does not require the external auditors to, and they did not, consider whether this Statement covers all risks and controls, or to form an opinion on the effectiveness of the Group’s risk and control procedures. This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board dated 3 March 2022.
RkJQdWJsaXNoZXIy NDgzMzc=