The Board of Directors (“the Board”) is pleased to present its Statement on Risk Management and Internal Control for the financial year ended 31 August 2019 (“Statement”). This Statement is prepared pursuant to Paragraph 15.26(b) of the Bursa Malaysia Securities Berhad (“Bursa Securities”)’s Main Market Listing Requirements (“MMLR”).
The Board is also guided by the latest “Statement on Risk Management and Internal Control – Guidelines for Directors of Listed Issuers” issued by the Task Force on Internal Control with the support and endorsement of the Bursa Securities and Principle B of the Malaysian Code on Corporate Governance (“the Code”) – Risk Management and Internal Control Framework.
The Board affirms its overall responsibilities of good practice of corporate governance and is committed to maintain a sound system of internal control and effective risk management to safeguard its investments and assets. The system will provide reasonable assurance in ensuring the effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations.
However, due to inherent limitations of any system of internal control and risk management, it should be noted that the system is designed to manage rather than to eliminate the risk of failure to achieve the objectives. Therefore, any system of internal control for that matter could only provide a reasonable and not complete assurance against any material misstatement or omission.
The Board is assisted by the Audit Committee, Internal Auditors and Management to identify, approve, and implement policies and procedures on risk management and internal control. As such, the Audit Committee assume the oversight on the risk management matters. Management identifies and evaluates the risks faced, designs, implements and monitors an appropriate system of internal control in line with the policies approved by the Board.
The Board with the assistance of the Audit Committee and Internal Auditors, RSM Corporate Consulting (Malaysia) Sdn. Bhd. (“RSM”), continuously review the existing risks and identify new risks that the Group faces. In addition, the Management’s action plans that manage such risks are also being reviewed by the Audit Committee to ensure its adequacy and effectiveness.
RISK MANAGEMENT FRAMEWORK
Risk management is regarded by the Board as part of the business operation activities of the Group. It is the Board’s priority to ensure that uncertainties and investment risks in new business ventures are managed in order to safeguard the interest of the shareholders. Collectively, the Board oversees and reviews the conduct of the Group’s businesses while the Executive Directors and Management execute measures and controls to ensure that the risks are effectively managed.
The key aspects of the risk management framework are:
The other key elements of the systems of internal control and the Board’s review mechanisms are as follows:-
- Organisation structure with well-defined delegation of responsibilities and accountabilities for the Group’s operating units.
- Establishment of the Nomination, Remuneration, Long Term Incentive Plan, Shariah Advisory and Investment Committees, apart from the Audit Committee;
- Clearly defined and documented internal policies and procedures for certain key operational areas have been established and is subject to periodic review;
- Establishment of the limits of Management’s approvals and authorities and the authority limit is to be reviewed from time to time;
- Periodic review of Group’s management accounts and performance analysis by the Executive Directors and Management; and
- The Audit Committee regularly convenes meetings with the Internal Auditors to deliberate on the findings and recommendations for improvement to the system of internal control of the Group. The Audit Committee reviews the action plans taken by the Management to rectify the findings in a timely manner and to evaluate the effectiveness and adequacy of the Group’s system of internal control.
Besides reviewing the systems of internal control, the Audit Committee also reviews the financial information and reports produced by the Management. With the Management’s consultation, the Board and the Audit Committee deliberate the integrity of the financial results, Annual Report and audited financial statements before presenting these financial information to the shareholders, investors and public.
In accordance with the Statement on Risk Management and Internal Control – Guidelines for Directors of Listed Issuers issued by Bursa Securities, the Management is responsible to the Board for:-
- continuously reviewing the risk profile and action plan to be undertaken to manage the principle risks relevant to the businesses of the Group;
- designing, implementing and monitoring the risk management framework in accordance with the Group’s strategic vision and overall risk appetite; and
- identifying changes to risks or emerging risks, taking actions as appropriate and promptly bringing these to the attention of the Board.
The Board has received assurances from the Executive Chairman, the Managing Director/Group Chief Executive Officer and Chief Financial Officer that, to the best of their knowledge, the Group’s risk management and system of internal control, in all material aspects, are operating effectively.
INTERNAL AUDIT FUNCTION
The Audit Committee engaged RSM, an external professional firm to provide independent internal audit services to the Group. RSM provides the Audit Committee with quarterly reports of their audit findings and observations, together with recommendations and Management’s action plans to enhance the internal control system. The Audit Committee reviews the internal audit reports and reports to the Board on significant control issues noted. Follow-up audits are carried out to ascertain if Management’s actions are effectively implemented.
The principal roles of the Internal Auditors are to assist the Audit Committee in discharging its duties and responsibilities in respect of reviewing the adequacy and effectiveness of the internal control system, risk management framework, governance and control processes.
During the financial year ended 31 August 2019, the cost incurred for the internal audit function amounted to RM38,500/-.
OTHER RISK MITIGATION PROCESSES
The Board has also adopted various other processes to complement the system of internal control which include:-
- The establishment of Board Charter and Code of Ethics and Conduct which assist the Directors and employees of the Group in defining the minimal ethical standards and conducts in discharging their responsibilities; and
- The implementation of a Whistleblowing Policy and Procedures to provide a channel for legitimate concerns to be raised by employees or other stakeholders to the Audit Committee’s Chairman.
The Board Charter, Code of Ethics and Conduct and Whistleblowing Policy and Procedures of the Company are available for reference on the Company’s website at www.wzs.my.
BOARD ASSURANCE AND LIMITATION
The Board confirms that there is an ongoing process for identifying, evaluating and managing significant risks faced by the Group. While the Board reiterates that the risk management and internal control system are continuously improved in line with evolving business developments, it should also be noted that all the risk management systems and internal control system can only manage rather than eliminate the risks of failure to achieve business objectives. Therefore, these systems of internal control and risk management in the Group can only provide reasonable but not absolute assurance against all material misstatements, frauds and losses.
The Group has invested in associated companies, SE Satu Sdn Bhd, SE Satu Pelangi Sdn Bhd and WZS Technologies Sdn Bhd. While the Group has board representatives in the associated companies, the Group does not have management control in their operations. Accordingly, the associated companies have not been dealt with and considered for the purposes of this Statement.
REVIEW OF STATEMENT BY THE EXTERNAL AUDITORS
Pursuant to Paragraph 15.23 of the Bursa Securities’s MMLR, the External Auditors have conducted a limited assurance engagement on this Statement for inclusion in the Annual Report for the financial year ended 31 August 2019. Their assurance engagement was performed pursuant to the scope set out in Audit and Assurance Practice Guide (“AAPG”) 3: Guidance for Auditors on Engagements to Report on the Statement on Risk Management in accordance with ISAE 3000 (Revised 2015) and Internal Control issued by Malaysian Institute of Accountants.
Based on their procedures performed, the External Auditors have reported to the Board that nothing has come to their attention that causes them to believe that this Statement is not prepared, in all material respect, in accordance with disclosure required by paragraphs 41 and 42 of the Statement on Risk Management and Internal Control: Guidance for Directors of Listed Issuers as set out, nor it is factually inaccurate. AAPG 3 does not require the External Auditors to consider whether this Statement covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the Group’s risk and control system.
For the financial year under review, the Board is of the view that the systems of internal control and risk management, procedures and processes in place are reasonable, adequate and effective in safeguarding the assets of the Group, interests of shareholders and other stakeholders.