Kumpulan Fima Berhad
4.7 Review and award of major contracts by the project committees and teams, subject to the delegated authority limits set
by the Board. A minimum of three quotations are called for and tenders are awarded based on criteria such as quality,
track record and speed of delivery.
4.8 Clear documented standard operating procedure manuals set out the policies and procedures for day to day operations
to be carried out. Regular reviews are performed to ensure that documentation remains current, relevant and aligned
with evolving business and operational needs.
4.9 The competency of staff is enhanced through rigorous recruitment process and development programmes. Aperformance
appraisal system of staff is in place, with established targets and accountability and is reviewed on an annual basis.
INTERNAL AUDIT FUNCTION
The Group’s internal audit function is undertaken by GIA which reports directly to the Audit Committee and administratively to
the Group MD. The GIA assists the Audit Committee in the discharge of its duties and responsibilities. Its key role is to provide
independent and objective assurance designed to add value and assist the Group in accomplishing its objectives by bringing
a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control system and
The business processes and conduct of the operating units within the Group are continuously assessed by GIA in the context
of adequacy and effectiveness of the financial, operational controls and risk management. GIA reports to the Audit Committee
and communicates to the Management on audit observations noted in the course of their review and performs monitoring
on the status of actions taken by the operating units. It conducts independent reviews of the key activities within the Group’s
operating units based on a detailed annual audit plan developed using a risk-based methodology including input from Senior
Management and the Audit Committee, which was approved by the Audit Committee. The terms of reference of the GIA are
clearly spelt out in the Group Internal Audit Charter.
The GIA evaluates the following:
Adequacy, integrity, effectiveness of the Company and the Group’s internal controls in safeguarding shareholders’
investment and the Group’s assets. The internal controls cover financial, operational, information technology, compliance
controls and enterprise risk management.
Extent of compliance with established policies, procedures and statutory requirements.
Adequacy of policies, procedures and guidelines on the Company and Group’s accounting, financial and operational
For the year under review, the GIA had undertaken the following work:
Prepared the annual audit plan for approval by the Audit Committee.
Performed risk-based audits based on the annual audit plan, including follow-up of matters from previous internal audit
Issued internal audit reports to the Management on risk management, control and governance issues identified from the
risk-based audits together with recommendations for improvements for these processes.
Undertook ad-hoc reviews and investigations on matters arising from the audits and/or requested by the Management
and/or Audit Committee and issued reports accordingly to the Management.
Reported on a quarterly basis to the Audit Committee on significant risk management, control and governance issues
from the internal audit reports issued, the results of investigations and special reviews undertaken and the results of
follow-up of matters reported.
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL