113 KENANGA INVESTMENT BANK BERHAD Annual Report 2022 Business Continuity Management Business Continuity Plans and Disaster Recovery Plans are established to ensure non-disruption of business or efficient business resumption. Regular testing or drills are also conducted for the purpose of staff preparedness, readiness of disaster recovery site, effectiveness of communication, escalation and recovery procedures. For effective business continuity management (“BCM”), awareness training is held annually for BCM coordinators and key persons. Information Technology Security The use of information technology (“IT”) is essential and central to Group’s business. In order to ensure the reliability and resiliency of the business operations to meet the expectations of customers and all stakeholders, and in line with the guidelines of regulators such as BNM’s Policy Document on Risk Management in Technology, the Group has established the corporate Cyber Security Policy and implemented the necessary security procedures to protect the confidentiality, integrity and availability of information systems and data. With the increase in adoption of digitalisation and service delivery via cyberspace, the Group will continue to reinforce its IT security efforts and initiatives to be aligned with the Group’s current and envisaged operations, strategies and business environments. The IT security posture of the Group is also continuously reviewed and enhanced to mitigate the risks arising from new and emerging threats. In-house IT security training and security updates on the latest threats are constantly provided to all staff to ensure their awareness on the importance of IT security. Compliance Function The Board is unreservedly committed and always strives to adopt the principles and recommendations of the Malaysian Code on Corporate Governance issued by the SC, as well as, other relevant regulatory requirements relating to corporate governance. Compliance reviews and monitoring are undertaken by Group Regulatory using various tools and approaches based on the framework set by Group Compliance, a department of Group Regulatory. These reviews and monitoring are performed to assess the level of compliance with the relevant regulatory requirements and the respective companies’ internal policies and procedures. Any regulatory deviation or compliance breaches will be reported to the respective Boards of operating entities within the Group and the relevant regulators. Pursuant to this, appropriate corrective actions including disciplinary actions will be taken to address the breach with a view to pre-empt and prevent the occurrence of a similar breach. Aside from Group Compliance, the five (5) other departments of Group Regulatory undertake functions to review and monitor compliance in their respective areas. In this respect, the Group Financial Crime Intelligence, Group Prudential Supervision & Regulatory Affairs, Group Business Ethics & Integrity, Group Legal and Group Company Secretarial provide timely, structured and comprehensive advice and support to the Group in matters relating to the laws, rules and regulations applicable to the Group. Group Regulatory has also implemented self-assessment framework to facilitate and promote regulatory compliance by the business within the Group. For this purpose, a list of identified laws, regulations and other regulatory instruments applicable to the Group are documented and maintained to facilitate compliance. Please refer to the ‘Ethics and Compliance Statement’ for more details on functions, roles and responsibilities of Group Regulatory. Internal Audit GIA provides independent and objective assurance to the Board that the established internal controls, risk management and governance processes are adequate and are operating effectively and efficiently. To ensure independence and objectivity, the GIA reports independently to the AC of KIBB and has no responsibilities or authority over any of the activities it reviews. GIA’s scope of work and activities are guided by the Internal Audit Charter, mandatory elements of The Institute of Internal Auditors’ International Professional Practices Framework and relevant regulatory guidelines. An Annual Audit Plan based on the appropriate risk-based methodology has been developed and approved by the AC. On a quarterly basis, audit reports and status of internal audit activities including the sufficiency of GIA resources are presented to the AC for review. Periodic follow up reviews are conducted to ensure adequate and timely implementation of Management’s action plans. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=