The Statement on Risk Management and Internal Control of the Group is set by the Board of Directors of Timberwell Berhad’s (“The Board”) made in compliance with the Main Market Listing Requirements (“MMLR”) of the Bursa Malaysia Securities Berhad (“Bursa Securities”) and the Statement on Risk Management and Internal Control: Guidance for Directors of Public Listed Companies.
The Board places importance on, and is committed to maintaining effective risk management practice and a sound system of internal control in the Group to ensure good corporate governance. The Board affirms its responsibility for reviewing the adequacy and integrity of the Group’s system of internal control and management information systems, including systems for compliance with applicable laws, rules, directives, guidelines and risk management practices.
Notwithstanding, as with any internal control system, the Group’s system of internal control is designed to manage rather than eliminate the risk of failure to achieve business objectives. Therefore, the system of internal control can only provide reasonable but not absolute assurance against material misstatement or loss.
The Board maintains continuous commitment in strengthening the Group's risk management framework and activities. The Management has been entrusted to continuously monitor the principal risks of the Group that have been identified, evaluate existing controls and formulate the necessary action plans with their respective process owners. The Chief Executive Officer ("CEO") is tasked with the responsibility of continuous monitoring and reviewing of the strategic directions of the Group.
Periodic meetings are held to assess and monitor the Group's risk as well as discuss, deliberate and address matters associated with strategic, financial and operational facets of the Group.
The Risk Management Committee (“RMC”) was established to oversee and assess the Group’s overall business risk profile. The RMC evaluates and sets out the Group Risk Management Plan and ensure that the action and strategies adopted by the Group would be developed and executed by Management and reviewed by the Audit Committee and RMC.
RMC is mainly responsible for the following:-
• assessing, improving and monitoring the Group Risk Management Framework (“RMF”);
contingency plans to manage or mitigate material risks that are in line with the nature of the identifiable risk.
Management (Each operation division) is responsible for:-
• implementing the RMF, policies and procedures on risk management and internal control; and
External and Internal Auditors are to provide an independent and objective report on operational and management activities addressing of the possible level of risk assessed
RISK MANAGEMENT PROCESS & OUTPUT
The principal risk areas and factors were identified, assessed and evaluated according to the risk management approach above.
The following are the principal risk areas/factors of the Group. These factors have a significant impact on the Group in terms of its results and strategic objectives, after considering likelihood and impact of the factor from both a financial and non-financial perspective.
During the financial year under review, the risk management profile and framework have been updated and circulated to the RMC members for review and discussion prior to the RMC recommended the same for the Board’s approval
Monitoring Mechanisms and Management Style
Scheduled periodic meetings of the Board, Executive Committee, Board Committees and Management represent the main platform by which the Group’s performance and conduct are monitored. The daily running of the business is entrusted to the CEO and their respective management teams. Under the purview of the CEO, the heads of the respective departments of the Group are empowered with the responsibility of managing their respective operations.
The Board is responsible for setting the business direction and for overseeing the conduct of the Group’s operations through its various Standing Committees and management reporting mechanisms. Through these mechanisms, the Board is informed of all major control issues pertaining to internal controls, regulatory compliance and risk taking.
Internal Audit Function
The Board recognises that effective monitoring on a continuous basis is a vital component of a sound internal control system. For 2020, the Group has outsourced its internal audit function to Messrs Lim Chong & Co., an independent professional services firm which reports to the Audit Committee on half-yearly basis at yearly cost of RM30,000.00. The Audit Committee acknowledges that an independent and adequately resourced internal audit function is required to provide assurance on the effectiveness of the system of the internal control in addressing the risks identified.
The internal auditor primarily acts as an assurance unit highlighting significant audit findings, areas for improvement, management comment on the audit findings and subsequently monitors the implementation of its recommended corrective actions.
An internal audit is carried out based on the internal audit plan that was reviewed by the Audit Committee and approved by the Board. The internal audit approach examined, evaluated and ensured compliance with the Group’s policies, procedures and system of controls. It has also evaluated the adequacy and effectiveness of the internal control system and assessed the consequences of any potential risks and suggested improvements required.
For the financial year under review, some weaknesses on internal control were identified. However, after due and careful inquiry and based on the information and assurance provided, the Board is satisfied that there were no material losses as a result of weaknesses in the system of internal control, that would require separate disclosure in Annual Report. Nevertheless, for areas requiring attention, measures have been and are being taken to ensure ongoing adequacy and effectiveness of internal controls and to safeguard shareholders’ investments and the Group’s assets.
Other Key Elements of the Group's System of Internal Control
The principal features of the Company's internal control structure are summarised as follows:
Assurance from Management
The Board has received assurance from the CEO that the function of the Group’s risk management and internal control system for the financial under review, and up to the date of approval of this statement, are operating adequately and effectively in all material aspects, based on the risk management and internal control system adopted by the Group
Review of statement by the External Auditors
Pursuant to Paragraph 15.23 of the MMLR, the External Auditors have reviewed this Statement on Risk Management and Internal Control for inclusion in this Annual Report and has reported to the Board that nothing has come to their attention that caused them to believe that the statement is inconsistent with their understanding of the process adopted by the Board in reviewing the adequacy and integrity of the system of internal control. This Statements was reviewed by AC and approved by the Board on 26 March 2021.
For the financial year ended 31 December 2020 and up to the date of approval of this statement, the Board is of the opinion that the risk management and internal control system currently in place is adequate and effective to safeguard the Group’s interests and assets. For the coming year, the Board will continually assess the adequacy and effectiveness of the Group’s system of internal control and to strengthen it, as and when necessary.