TThe Board of Directors (“the Board”) is pleased to present its Statement on Risk Management and Internal Control for the financial year ended 31 August 2017 (“Statement”). This Statement is prepared pursuant to Paragraph 15.26(b) of the Bursa Malaysia Securities Berhad (“Bursa Securities”)’s Main Market Listing Requirements (“MMLR”).
The Board is also guided by the latest “Statement on Risk Management and Internal Control – Guidelines for Directors of Listed Issuers” issued by the Task Force on Internal Control with the support and endorsement of the Bursa Securities and Principle B of the Malaysian Code on Corporate Governance (“the Code”) – Risk Management and Internal Control Framework.
The Board affirms its responsibility to maintain a sound system of internal control and risk management to safeguard its investments and assets. The system will provide reasonable assurance in ensuring the effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations.
However, due to inherent limitations of any system of internal control and risk management, it should be noted that the system is designed to manage rather than to eliminate the risk of failure to achieve the objectives. Therefore, any system of internal control for that matter could only provide a reasonable and not complete assurance against any material misstatement or omission.
The Board is assisted by the Internal Auditors and Management to identify, approve, and implement policies and procedures on risk management and internal control. Management identifies and evaluates the risks faced, designs, implements and monitors an appropriate system of internal control in line with the policies approved by the Board.
The Board with the assistance of the Audit Committee and Internal Auditors, RSM Corporate Consulting (Malaysia) Sdn Bhd (“RSM”), continuously review existing risks and identify new risks that the Group faces. In addition, the Management’s action plans that manage such risks are also being reviewed by the Audit Committee to ensure its adequacy.
RISK MANAGEMENT FRAMEWORK
Risk management is regarded by the Board as part of the business operation activities of the Group. It is the Board’s priority to ensure that uncertainties and investment risks in new business ventures are managed in order to safeguard the interest of the shareholders. Collectively, the Board oversees and reviews the conduct of the Group’s businesses while the Executive Directors and Management execute measures and controls to ensure that the risks are effectively managed.
The other key elements of the systems of internal control and the Board’s review mechanisms are as follows:
- establishment of the Nomination, Remuneration, Long Term Incentive Plan, Shariah Advisory and Investment Committees, apart from the Audit Committee;
- documentation of written policies and procedures for certain key operational areas;
- establishment of the limits of Management’s approvals and authorities;
- periodic review of Group’s management accounts and performance analysis by the Executive Directors and Management; and
- organisation structure with well-defined delegation of responsibilities and accountabilities for the Group’s operating units.
Besides reviewing the systems of internal control, the Audit Committee also reviews the financial information and reports produced by the Management. With the Management’s consultation, the Board and the Audit Committee deliberate the integrity of the financial results, Annual Report and audited financial statements before presenting these financial information to the shareholders, investors and public.
In accordance with the Statement on Risk Management and Internal Control – Guidelines for Directors of Listed Issuers issued by Bursa Securities, the Management is responsible to the Board for:-
- continuously reviewing the risk profile and action plan to be undertaken to manage the principle risks relevant to the businesses of the Group;
- designing, implementing and monitoring the risk management framework in accordance with the Group’s strategic vision and overall risk appetite; and
- identifying changes to risks or emerging risks, taking actions as appropriate and promptly bringing these to the attention of the Board.
The Board has received assurances from the Executive Chairman, Chief Executive Officer, Chief Operating Officer and Chief Financial Officer that, to the best of their knowledge, the Group’s risk management and system of internal control, in all material aspects, are operating effectively.
INTERNAL AUDIT FUNCTION
The Audit Committee engaged RSM, an external professional firm to provide independent internal audit services to the Group. RSM provides the Audit Committee with quarterly reports of their audit findings and observations, together with recommendations and Management’s action plans to enhance the systems of internal control. The Audit Committee reviews the internal audit reports and reports to the Board on significant control issues noted. A follow-up audit is carried out to ascertain if Management’s actions are effectively implemented.
The principal roles of the Internal Auditors are to assist the Audit Committee in discharging its duties and responsibilities in respect of reviewing the adequacy and effectiveness of the internal control system, risk management framework, governance and control processes.
OTHER RISK MITIGATION PROCESSES
The Board has also adopted various other processes to complement the system of internal control which include:-
- the establishment of Board Charter and Code of Conduct which assist the Directors and employees of the Group in defining the minimal ethical standards and conducts in discharging their responsibilities; and
- the implementation of a Whistle-Blowing Policy and procedures to provide a channel for legitimate concerns to be raised by employees or other stakeholders to the Senior Independent Non-Executive Director and the Audit Committee.
The Board Charter, Code of Conduct and Whistle-Blowing Policy of the Company are available for reference on the Company’s website at www.wzs.my.
BOARD ASSURANCE AND LIMITATION
The Board confirms that there is an ongoing process for identifying, evaluating and managing significant risks faced by the Group. While the Board reiterates that the risk management and systems of internal control are continuously improved in line with evolving business developments, it should also be noted that all the risk management systems and systems of internal control can only manage rather than eliminate the risks of failure to achieve business objectives. Therefore, these systems of internal control and risk management in the Group can only provide reasonable but not absolute assurance against all material misstatements, frauds and losses.
The Group has invested in associated companies, SE Satu Sdn Bhd, SE Satu Pelangi Sdn Bhd and WZS Technologies Sdn Bhd. While the Group has board representatives in the associated companies, the Group does not have management control in their operations. Accordingly, the associated companies have not been dealt with and considered for the purposes of this Statement.
REVIEW OF STATEMENT ON INTERNAL CONTROL BY EXTERNAL AUDITORS
Pursuant to Paragraph 15.23 of the Bursa Securities’s MMLR, the External Auditors have conducted an assurance engagement on this Statement for inclusion in the Annual Report for the financial year ended 31 August 2017. Their assurance engagement was performed pursuant to the scope set out in Recommended Practice Guide (“RPG”) 5 (Revised): Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control issued by Malaysian Institute of Accountants.
Based on their procedures performed, the External Auditors have reported to the Board that nothing has come to their attention that causes them to believe that this Statement is not prepared, in all material respect, in accordance with disclosure required by paragraphs 41 and 42 of the Statement on Risk Management and Internal Control: Guidance for Directors of Listed Issuers as set out, nor it is factually inaccurate. RPG 5 does not require the External Auditors to consider whether this Statement covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the Group’s risk and control system..
For the financial year under review, there were no significant control failures, weaknesses that result in material losses and require disclosure were identified. The Board is of the view that the systems of internal control and risk management, procedures and processes in place are reasonable, adequate and effective in safeguarding the assets of the Group, interests of shareholders and other stakeholders.
This Statement has been approved by the Board on 7 December 2017.