| Internal Control Statement |
|
| |
|
The Board of Directors is ultimately responsible for the Group's system of internal control and for reviewing its effectiveness in providing shareholders with a return on their investments that is consistent with a responsible assessment and management of risks.
Because of the limitations that are inherent in any system of internal control, such systems are designed to manage rather than eliminate the likelihood of fraud, error or failure to achieve Tanjong's business objectives. Accordingly, these systems can provide only reasonable and not absolute assurance against material misstatement or loss. The concept of reasonable assurance also recognises that the cost of controls should not exceed the expected benefits.
The Malaysian firm of the External Auditors, Messrs. PricewaterhouseCoopers has reviewed this Statement on Internal Control as required by paragraph 15.24 of the Listing Requirements of Bursa Securities. Their review was performed in accordance with Recommended Practice Guide 5 ("RPG 5") issued by the Malaysian Institute of Accountants. Based on their review, the External Auditors have reported to the Board that nothing has come to their attention that causes them to believe that this statement is inconsistent with their understanding of the process the Board has adopted in the review of the adequacy and integrity of the system of internal control of the Group. RPG 5 does not require the External Auditors to and they did not consider whether this statement covers all risks and controls, or to form an opinion on the effectiveness of the Group's risk and control procedures.
There were no significant internal control deficiencies or material weaknesses resulting in material losses or contingencies requiring disclosure in the Annual Report.
KEY ELEMENTS OF THE SYSTEM OF INTERNAL CONTROL OF THE GROUP
In addition to regular review and appraisal by the Audit Committee, the Group's system of internal control comprises the following key elements: |
| |
| (a) Control
Environment |
| |
|
The Board has approved a Statement of General Business Principles and Human Resource Policies and Procedures that set the tone of control consciousness and employee conduct. There is also in place supporting procedures for the reporting and resolution of actions which contravene these policies. The Board has established a proper organisational structure with clear reporting lines and formalised roles and responsibilities. There are guidelines within the Group for hiring and termination of staff, formal training programmes for staff and annual performance appraisals to ensure that staff are competent and adequately trained in carrying out their responsibilities. There is, furthermore, a Limits of Authority manual that delineates authorisation limits between various levels of Management and matters that need to be escalated to the respective Boards of the operating subsidiary groups and Tanjong, to ensure proper identifi cation of accountabilities and segregation of duties. |
| |
| (b) Control
Procedures |
| |
|
Detailed budgets are prepared requiring Management and Board approval. Operational manuals have been established to guide key business processes throughout the Group and accounting manuals are in place towards ensuring that the recording of financial transactions are complete and accurate. Procedures also exist for mitigating exposures to losses arising from business interruption, material fraud or error, as well as ensuring compliance with legal and regulatory requirements relevant to the Group. |
| |
| (c) Information
and Communication |
| |
|
The Group's business units monitor and explain performance against budgets on a monthly basis. The results are reviewed by the Board on a quarterly basis to enable it to gauge the Group's achievement of its annual targets. Financial reports are submitted prior to each quarterly meeting, analysing trend and budget variances as well as reporting on fluctuations in non-financial metrics. Operational reports are issued every quarter discussing key matters such as strategy, execution of Board and management decisions, industry analyses, legal and regulatory developments and operational performance. |
| |
| (d) Monitoring |
| |
|
Proper monitoring and oversight mechanisms have been put in place to monitor local and foreign assets. In addition to these monitoring procedures, which are embedded within the Group's policies, processes and activities, independent engagements are carried out by Group Corporate Assurance and are communicated to the Audit Committee and ultimately to the Board, to enable a timely evaluation of the adequacy and integrity of the Group's system of internal control. |
| |
| (e) Risk
Management |
| |
|
There is in place a structured and on-going process to identify, evaluate and manage risks that may significantly impact the Group. This entails the establishment of an enterprise-wide structure and process to embed risk management precepts in the activities of the Group.
This includes identifying principal business risks in critical areas, assessing the likelihood and impact of material exposures and determining the corresponding risk mitigation and treatment measures. The structure and process are presented as follows:. |
| |
| Risk Governance Structure |
| The Group maintains a governance structure that strengthens the process of risk identification, evaluation and mitigation, which enables the Group to manage the changing operating environment in a structured and effective manner. |
| |
 |
| |
| The Board, assisted by its Group Oversight Functions and Business Units, approves the overall risk management framework and reviews the Group's risk profiles against the agreed risk appetite. Responsibility for risk management resides at all levels within the organisation from the executive to the operational level at both local and foreign business units. |
| |
| Risk Management Process |
| The Risk Management Process in place allows the identification, assessment, measurement and mitigation of the principal business risks on a common and structured basis. This strengthens the ability of the Group to develop the appropriate risk management strategies to ensure the achievement of its strategic and operational objectives. A schematic diagram of the process is presented below. |
| |
 |
| |
| The ongoing process is facilitated by a dedicated Group Risk Management Department working closely with the business units of the Group, where residual risks of significant impact to the Group are monitored and reported quarterly to the Group Risk Management Committee ('RMC') which is chaired by the Group Chief Financial Officer. The following activities were undertaken by the RMC during the year: |
 |
Review of the Group's Risk Parameters and Strategic Investment Framework, serving as the principal guidelines in implementing the Group's Strategic Plan. |
|
Evaluation of the Principal Business Risk Schedules and Risk Maps summarising the Group's overall risk profile. The deliberated risks together with its mitigating measures were subsequently tabled to the Audit Committee by the RMC Chairman and ultimately to the Board on a quarterly basis. |
|
Initiation of efforts to further enhance the Risk Management Framework to link enterprise-wide risks to the various business processes in a more structured and comprehensive manner across the Group. |
|
| The principal risk factors faced by the Group are outlined on Page 27 of the Annual Report. |
