Kumpulan Fima Berhad

(11817-V)

96

4.7 Review and award of major contracts by the project committees and teams, subject to the delegated authority limits set

by the Board. A minimum of three quotations are called for and tenders are awarded based on criteria such as quality,

track record and speed of delivery.

4.8 Clear documented standard operating procedure manuals set out the policies and procedures for day to day operations

to be carried out. Regular reviews are performed to ensure that documentation remains current, relevant and aligned

with evolving business and operational needs.

4.9 The competency of staff is enhanced through rigorous recruitment process and development programmes. Aperformance

appraisal system of staff is in place, with established targets and accountability and is reviewed on an annual basis.

5.

INTERNAL AUDIT FUNCTION

The Group’s internal audit function is undertaken by GIA which reports directly to the Audit Committee and administratively to

the Group MD. The GIA assists the Audit Committee in the discharge of its duties and responsibilities. Its key role is to provide

independent and objective assurance designed to add value and assist the Group in accomplishing its objectives by bringing

a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control system and

governance processes.

The business processes and conduct of the operating units within the Group are continuously assessed by GIA in the context

of adequacy and effectiveness of the financial, operational controls and risk management. GIA reports to the Audit Committee

and communicates to the Management on audit observations noted in the course of their review and performs monitoring

on the status of actions taken by the operating units. It conducts independent reviews of the key activities within the Group’s

operating units based on a detailed annual audit plan developed using a risk-based methodology including input from Senior

Management and the Audit Committee, which was approved by the Audit Committee. The terms of reference of the GIA are

clearly spelt out in the Group Internal Audit Charter.

The GIA evaluates the following:

•

Adequacy, integrity, effectiveness of the Company and the Group’s internal controls in safeguarding shareholders’

investment and the Group’s assets. The internal controls cover financial, operational, information technology, compliance

controls and enterprise risk management.

•

Extent of compliance with established policies, procedures and statutory requirements.

•

Adequacy of policies, procedures and guidelines on the Company and Group’s accounting, financial and operational

activities.

For the year under review, the GIA had undertaken the following work:

•

Prepared the annual audit plan for approval by the Audit Committee.

•

Performed risk-based audits based on the annual audit plan, including follow-up of matters from previous internal audit

reports.

•

Issued internal audit reports to the Management on risk management, control and governance issues identified from the

risk-based audits together with recommendations for improvements for these processes.

•

Undertook ad-hoc reviews and investigations on matters arising from the audits and/or requested by the Management

and/or Audit Committee and issued reports accordingly to the Management.

•

Reported on a quarterly basis to the Audit Committee on significant risk management, control and governance issues

from the internal audit reports issued, the results of investigations and special reviews undertaken and the results of

follow-up of matters reported.

STATEMENT ON RISK MANAGEMENT

AND INTERNAL CONTROL