Registration No. 199601014835 ( 387185-W )

Corporate Governance

Statement On Risk Management And Internal Control


The Statement on Risk Management and Internal Control of the Group is set by the Board of Directors of Timberwell Berhad’s (“The Board”) made in compliance with the Main Market Listing Requirements (“MMLR”) of the Bursa Malaysia Securities Berhad (“Bursa Securities”) and the Statement on Risk Management and Internal Control: Guidance for Directors of Public Listed Companies.


The Board places importance on, and is committed to maintaining effective risk management practice and a sound system of internal control in the Group to ensure good corporate governance. The Board affirms its responsibility for reviewing the adequacy and integrity of the Group’s system of internal control and management information systems, including systems for compliance with applicable laws, rules, directives, guidelines and risk management practices.

Notwithstanding, as with any internal control system, the Group’s system of internal control is designed to manage rather than eliminate the risk of failure to achieve business objectives. Therefore, the system of internal control can only provide reasonable but not absolute assurance against material misstatement or loss.



The Board maintains continuous commitment in strengthening the Group's risk management framework and activities. The Management has been entrusted to continuously monitor the principal risks of the Group that have been identified, evaluate existing controls and formulate the necessary action plans with their respective process owners. The Chief Executive Officer ("CEO") is tasked with the responsibility of continuous monitoring and reviewing of the strategic directions of the Group.

Periodic meetings are held to assess and monitor the Group's risk as well as discuss, deliberate and address matters associated with strategic, financial and operational facets of the Group.

The Risk Management Committee (“RMC”) was established to oversee and assess the Group’s overall business risk profile. The RMC evaluates and sets out the Group Risk Management Plan and ensure that the action and strategies adopted by the Group would be developed and executed by Management and reviewed by the Audit Committee and RMC.

RMC is mainly responsible for the following:-

• assessing, improving and monitoring the Group Risk Management Framework (“RMF”);
• evaluating and monitoring the overall risk profile;
• reviewing key business area and activities that are considered significant from a risk perspective; and
• providing guidance to Management in the development of appropriate and effective response strategies and

contingency plans to manage or mitigate material risks that are in line with the nature of the identifiable risk.

Management (Each operation division) is responsible for:-

• implementing the RMF, policies and procedures on risk management and internal control; and
• the compliance risks and obligations are effectively managed on a timely manner.

External and Internal Auditors are to provide an independent and objective report on operational and management activities addressing of the possible level of risk assessed


The principal risk areas and factors were identified, assessed and evaluated according to the risk management approach above.

The following are the principal risk areas/factors of the Group. These factors have a significant impact on the Group in terms of its results and strategic objectives, after considering likelihood and impact of the factor from both a financial and non-financial perspective.

• Current image, shareholders and management

• Profitability and Sustainability

• Corporate Social Responsibility

• Effects of support from Banker and recruitment of good management staff and employees.
• Effects of support from the local communities.

• Medium

• Low
• Harvesting
• Plantations

• Properties
• Others (Disposal of Fixed Assets)

• Contractors
• Fair Weather, Soil Suitability and Weather Condition, Proper application of fertilizers.
• Occupancy and Maintenance
• Under control and monitor

• Great Impac
• Affect the profitability

• Impairment loss
• Impairment loss

• Medium
• High

• Medium
• Medium
• Major shareholders
• Shareholders expectation

• Financial Position
• Dividend & Profitability

• Liquidity and cash flow problem
• Loss of Shareholders' support

• Low
• Low
• International Financial Reporting Standard and Malaysia Financial Reporting Standards

• Property, Plant and Equipment

• Financial Performance (Funding and Costing)

• Budget

• Compliance with accounting standard

• Control or monitor of assets movement

• Effective decision making & Efficient costing/performance
• Accuracy & Comprehensive

• Suspended or reprimanded by MIA, MASB, Bursa Securities, Securities Commission (“SC”), Companies Commission of Malaysia (“CCM”) and possible penalties that maybe imposed.
• Loss of Assets

• Loss of credibility and funding

• Loss of credibility and funding

• Medium

• Medium

• Low

• Medium
• Directors

• Key Management

• Forest Management Unit ("FMU")

• Harvesting Staffs

• Plantation Staffs

• Occupation Safety and Health

• Foreign Workers

• Minimum Wages

• Ability and concern of the Company.

• Competency and concern of the Company

• Devotion

• Competency

• Competency

• Safety Procedure and Awareness

• Levy and approval from Immigration

• Performance

• Affect Company performance and Profitability
• Affect Company performance and Profitability
• Affect Company performance and Profitability
• Affect Company performance and Profitability
• Affect Company performance and Profitability
• Penalty for non-compliance & company's performance
• Loss of workers

• Penalty for non-compliance

• Medium

• Medium

• Medium

• Medium

• Medium

• Medium

• High

• Medium
• Obligation & Compliance Annual Working Plan ("AWP"), Plantation Development Plan ("PDP") & Forest Management Plan ("FMP")
• Malaysian Timber Certification Scheme (“MTCS”)
• Bursa Securities (Listing Regulations)

• Securities Commission of Malaysia (“SC”)

• Companies Commission of Malaysia (“CCM”)

• Sabah Forestry Department (“SFD”)

• Malaysian Anti-Corruption Commission (“MACC”)

• Proper preparation and compliance

• Compliance
• Compliance

• Compliance


• Good working relationship with the authority

• Section 17A on Corporate Liability which takes effect in June 2020 and recommendation from Bursa Malaysia to strengthen the Governance of Listed Issuers to prevent Corruption, Misconduct, and Fraud.

• Affect the FMU Licence Agreement

• Reduce profitability and performance
• Non-Compliance and possible penalty that maybe imposed
• Non-Compliance and possible penalty that maybe imposed
•Non-Compliance and possible penalty that maybe imposed
• Affect the FMU and the core business of the Company
• Non-Compliance and possible penalty that maybe imposed

• Medium

• Low
• Low

• Low

• Low

• Significant

• Medium
• Other FMU Holders
• Timber Association Sabah
• Timber Demand & Market Price
• Competition with Artificial Timber Replacement
• Sabah Timber Industry Association
• Anti-Logging of Tropical Rainforest by world NGOs
• Foreign Currency Exchange

• Mutual Co-operation
• Devoted leaders
• Economic downturn or boom
• Competition
• Downstream Production
• Raising of Tariff
• Fluctuation of foreign currency, US dollar for sale of timber

• Loss of market information
• Loss of market information
• Reduce profitability and performance
• Loss of market information
• Loss of Income
• Ban of import of tropical timber
• Impact on Ringgit, profit and cash flow from exchange of Ringgit to US Dollar.

• Medium
• Low
• Medium
• Medium
• Medium
• High
• Medium
• Natural Disaster (Fire, Flood and Storm)
• Social Impact (3rd Party )
• Environmental Impact Assessment and Environmental Compliance Report
• Wildlife Risk

• Dry and Wet season, full attention
• Encroachment Goodwill policy
• Environmental Mitigation Measures

• Wildlife Mitigation Plan

• Loss of Income
• Penalty by the Authority
• Penalty by the Authority

• Destruction of young plants

• Medium
• Medium
• Medium

• Medium

During the financial year under review, the risk management profile and framework have been updated and circulated to the RMC members for review and discussion prior to the RMC recommended the same for the Board’s approval

Monitoring Mechanisms and Management Style

Scheduled periodic meetings of the Board, Executive Committee, Board Committees and Management represent the main platform by which the Group’s performance and conduct are monitored. The daily running of the business is entrusted to the CEO and their respective management teams. Under the purview of the CEO, the heads of the respective departments of the Group are empowered with the responsibility of managing their respective operations.

The Board is responsible for setting the business direction and for overseeing the conduct of the Group’s operations through its various Standing Committees and management reporting mechanisms. Through these mechanisms, the Board is informed of all major control issues pertaining to internal controls, regulatory compliance and risk taking.

Internal Audit Function

The Board recognises that effective monitoring on a continuous basis is a vital component of a sound internal control system. For 2020, the Group has outsourced its internal audit function to Messrs Lim Chong & Co., an independent professional services firm which reports to the Audit Committee on half-yearly basis at yearly cost of RM30,000.00. The Audit Committee acknowledges that an independent and adequately resourced internal audit function is required to provide assurance on the effectiveness of the system of the internal control in addressing the risks identified.

The internal auditor primarily acts as an assurance unit highlighting significant audit findings, areas for improvement, management comment on the audit findings and subsequently monitors the implementation of its recommended corrective actions.

An internal audit is carried out based on the internal audit plan that was reviewed by the Audit Committee and approved by the Board. The internal audit approach examined, evaluated and ensured compliance with the Group’s policies, procedures and system of controls. It has also evaluated the adequacy and effectiveness of the internal control system and assessed the consequences of any potential risks and suggested improvements required.

For the financial year under review, some weaknesses on internal control were identified. However, after due and careful inquiry and based on the information and assurance provided, the Board is satisfied that there were no material losses as a result of weaknesses in the system of internal control, that would require separate disclosure in Annual Report. Nevertheless, for areas requiring attention, measures have been and are being taken to ensure ongoing adequacy and effectiveness of internal controls and to safeguard shareholders’ investments and the Group’s assets.

Other Key Elements of the Group's System of Internal Control

The principal features of the Company's internal control structure are summarised as follows:

  • Board Meeting
    The Board meets at least quarterly and has a formal agenda on matters for discussion. The Chairman leads the presentation of board papers and provides comprehensive explanation of pertinent issues. In arriving at any decision, on recommendation by the Standing Committees and Management, a thorough deliberation and discussion by the Board is a prerequisite. In addition, the Board is kept abreast on the Group’s activities and its operation on quarterly basis by Management.

  • Board Committees
    There is a clear definition to the duties and responsibilities of the Board Committees. These include the Audit Committee, the Nomination and Remuneration Committee, Investment Committee, Executive Committee and RMC.

  • Organisational Structure and Responsibility Levels
    Management is committed to the highest standard of business conduct and integrity to build the Group into a highly credible organisation and to maintain these standards in all aspects of the business to ensure fair and equitable treatment of all stakeholders. To achieve these objectives, the Group has instituted an appropriate organisational structure for planning, executing, controlling and monitoring business operations. Policy guidelines, procedures and authority limits are established for all companies within the Group, to ensure clear accountabilities and responsibilities for all business units.

  • Budget and Reporting
    Comprehensive management reports are generated on a regular and consistent basis to facilitate the Board and Management to perform financial and operating reviews on the various operating units. The reviews encompass areas such as financial and non-financial key performance indicators, variances between budget and operating results and compliance with laws and regulations.

Assurance from Management

The Board has received assurance from the CEO that the function of the Group’s risk management and internal control system for the financial under review, and up to the date of approval of this statement, are operating adequately and effectively in all material aspects, based on the risk management and internal control system adopted by the Group

Review of statement by the External Auditors

Pursuant to Paragraph 15.23 of the MMLR, the External Auditors have reviewed this Statement on Risk Management and Internal Control for inclusion in this Annual Report and has reported to the Board that nothing has come to their attention that caused them to believe that the statement is inconsistent with their understanding of the process adopted by the Board in reviewing the adequacy and integrity of the system of internal control. This Statements was reviewed by AC and approved by the Board on 26 March 2021.


For the financial year ended 31 December 2020 and up to the date of approval of this statement, the Board is of the opinion that the risk management and internal control system currently in place is adequate and effective to safeguard the Group’s interests and assets. For the coming year, the Board will continually assess the adequacy and effectiveness of the Group’s system of internal control and to strengthen it, as and when necessary.

© 2021 Timberwell Berhad