Corporate Governance


Statement On Risk Management And Internal Control


Introduction

The Statement on Risk Management and Internal Control of the Group is set by the Board of Directors of Timberwell Berhad's ("The Board") made in compliance with the Main Market Listing Requirements ("MMLR") of the Bursa Malaysia Securities Berhad ("Bursa Securities") and the Statement on Risk Management and Internal Control: Guidance for Directors of Public Listed Companies.

The Board's Responsibility

The Board places importance on, and is committed to maintaining an effective risk management practices and a sound system of internal control in the Group to ensure good corporate governance. The Board affirms its responsibility for reviewing the adequacy and integrity of the Group's system of internal control and management information systems, including systems for compliance with applicable laws, rules, directives, guidelines and risk management practices.

Notwithstanding, as with any internal control system, the Group's system of internal control is designed to manage rather than eliminate the risk of failure to achieve business objectives. Therefore, the system of internal control can only provide reasonable but not absolute assurance against material misstatement or loss.


The Group's Risk Management And Internal Control System


Risk Management

The Board maintains continuous commitment in strengthening the Group's risk management framework and activities. The Management has been entrusted to continuously monitor the principal risks of the Group that have been identified, evaluate existing controls and formulate the necessary action plans with their respective process owners. The Chief Executive Officer ("CEO") is tasked with the responsibility of continuous monitoring and reviewing of the strategic directions of the Group.

Periodic meetings are held to assess and monitor the Group's risk as well as discuss, deliberate and address matters associated with strategic, financial and operational facets of the Group.

Risk Management Committee ("RMC") (previously known as Business Risk Assessment Management Committee) was established in 2012 to oversee and assess the Group's overall business risk profile. The RMC evaluate and set out the Group Risk Management Plan and the action and strategies adopted by the Group would be developed and executed by the Management and reviewed by the Audit Committee and RMC nominated by the Board.


Risk Management Framework


RMC is mainly responsible for the following:-

The Management (Each operation division) is responsible for:-

External and Internal Auditors are to provide an independent and objective report on operational and management activities addressing of the possible level of risk assessed.


Risk Management Process & Output


The principal risk areas and factors were identified, assessed and evaluated according to the risk management approach below:


The following are the principal risk areas/factors of the Group. These factors have a significant impact on the Group in terms of its results and strategic objectives, after considering likelihood and impact of the factor from both a financial and non-financial perspective.


NOKEY AREASKEY FACTORSIMPACT/EFFECTLEVEL OF RISK
1IMAGE
• Current image, shareholders and management

• Profitability and Sustainability

• Corporate Social Responsibility

• Effects of support from Banker and recruitment of good management staff and employees.
• Effects of support from the local communities.

• Medium

• Low
2BUSINESS
• Harvesting
• Plantations


• Properties
• Others (Disposal of Fixed Assets)

• Contractors
• Fair Weather, Soil Suitability and Weather Condition, Proper application of fertilizers.
• Occupancy and Maintenance
• Under control and monitor

• Great Impac
• Affect the profitability


• Impairment loss
• Impairment loss

• Medium
• High


• Medium
• Medium
3SHAREHOLDERS
• Major shareholders
• Shareholders expectation

• Financial Position
• Dividend & Profitability

• Liquidity and cash flow problem
• Loss of Shareholders' support

• Low
• Low
4FINANCIAL
• International Financial Reporting Standard and Malaysia Financial Reporting Standards


• Property, Plant and Equipment

• Financial Performance (Funding and Costing)

• Budget and Business Planning

• Compliance with accounting standard


• Control or monitor of assets movement
• Effective decision making & Efficient costing/performance
• Accuracy & Comprehensive

• Suspended or reprimanded by MIA, MASB, Bursa Securities, Securities Commission ("SC"), Companies Commission of Malaysia ("CCM") and possible penalties that maybe imposed.
• Loss of Assets

• Loss of credibility and funding

• Loss of credibility and funding

• Medium



• Medium

• Low

• Medium
5HUMAN CAPITAL
• Directors

• Key Management

• Forest Management Unit ("FMU")
• Harvesting Staffs
• Plantation Staffs
• Occupation Safety and Health

• Foreign Workers

• Minimum Wages

• Ability and concern of the Company.
• Competency and concern of the Company
• Devotion
• Competency
• Competency
• Safety Procedure and Awareness

• Levy and approval from Immigration
• Performance

• Affect Company performance and Profitability

• Affect Company performance and Profitability

• Affect Company performance and Profitability
• Affect Company performance and Profitability
• Affect Company performance and Profitability
• Penalty for non-compliance & company's performance
• Loss of workers

• Penalty for non-compliance

• Medium

• Medium

• Medium
• Medium
• Medium
• Medium

• High

• Medium
6LICENCE & REGULATIONS
• Obligation & Compliance Annual Working Plan ("AWP"), Plantation Development Plan ("PDP") & Forest Management Plan ("FMP")
• MTCS Certification
• Bursa Securities (Listing Regulations)

• SC

• CCM

• Relevant Authority

• Proper preparation and compliance


• Compliance
• Compliance

• Compliance

•Compliance

• Good working relationship with the authority

• Affect the FMU Licence Agreement


• Reduce profitability and performance
• Non-Compliance and possible penalty that maybe imposed
• Non-Compliance and possible penalty that maybe imposed
•Non-Compliance and possible penalty that maybe imposed
• Affect the FMU and the core business of the Company

• Medium


• Low
• Low

• Low

• Low

• Significant
7INDUSTRY & ECONOMIC (MALAYSIA & GLOBAL MARKET)
• Other FMU Holders
• Timber Association Sabah (TAS)
• Timber Demand & Market Price
• Competition with Artificial Timber Replacement
• Sabah Timber Industry Association


• Mutual Co-operation
• Devoted leaders
• Economic downturn or boom
• Competition
• Downstream Production


• Loss of market information
• Loss of market information
• Reduce profitability and performance
• Loss of market information
• Loss of Income


• Medium
• Low
• Medium
• Medium
• Medium
8ENVIRONMENT
• Natural Disaster (Fire, Flood and Storm)
• Social Impact (3rd Party )
• Environmental Impact Assessment and Environmental Compliance Report

• Dry and Wet season, full attention
• Encroachment Goodwill policy
• Environmental Mitigation Measures

• Loss of Income
• Penalty by the Authority
• Penalty by the Authority

• Medium
• Medium
• Medium

The risk assessment profile and framework was reviewed on 3 October 2018 and the key risk areas and factors were updated to better reflect the Group and Company's current situation and business environment, particularly the Company's financial position which had substantially improved.


Monitoring Mechanisms and Management Style

Scheduled periodic meetings of the Board, Executive Committee, Board Committees and Management represent the main platform by which the Group's performance and conduct are monitored. The daily running of the business is entrusted to the CEO and their respective management teams. Under the purview of the CEO, the heads of the respective departments of the Group are empowered with the responsibility of managing their respective operations.

The Board is responsible for setting the business direction and for overseeing the conduct of the Group's operations through its various Standing Committees and management reporting mechanisms. Through these mechanisms, the Board is informed of all major control issues pertaining to internal controls, regulatory compliance and risk taking.


Internal Audit Function

The Board recognises that effective monitoring on a continuous basis is a vital component of a sound internal control system. For 2018, the Group has outsourced its internal audit function to Messrs Lim Chong & Co., an independent professional services firm which reports to the Audit Committee on half-yearly basis at yearly cost of RM30,000.00. The Audit Committee acknowledges that an independent and adequately resourced internal audit function is required to provide assurance on the effectiveness of the system of the internal control in addressing the risks identified.

The internal auditor primarily acts as an assurance unit highlighting significant audit findings, areas for improvement, management comment on the audit findings and subsequently monitors the implementation of its recommended corrective actions.

An internal audit is carried out based on the internal audit plan that was reviewed by the Audit Committee and approved by the Board of Directors. The internal audit approach examined evaluated and ensured compliance with the Group's policies, procedures and system of controls. It has also evaluated the adequacy and effectiveness of the internal control system and assessed the consequences of any potential risks and suggested improvements required.

For the financial year under review, some weaknesses on internal control were identified. However, after due and careful inquiry and based on the information and assurance provided, the Board is satisfied that there were no material losses as a result of weaknesses in the system of internal control, that would require separate disclosure in Annual Report. Nevertheless, for areas requiring attention, measures have been and are being taken to ensure ongoing adequacy and effectiveness of internal controls and to safeguard shareholders' investments and the Group's assets.

Other Key Elements of the Group's System of Internal Control

The principal features of the Company's internal control structure are summarised as follows:


Assurance from Management

The Board has received assurance from the Chief Executive Officer that the Group's risk management and internal control system are operating adequately and effectively in all material aspects, based on the risk management and internal control system of the Group.


Review of statement by the External Auditors

Pursuant to Paragraph 15.23 of the MMLR, the External Auditors have reviewed this Statement on Risk Management and Internal Control for inclusion in this Annual Report and has reported to the Board that nothing has come to their attention that caused them to believe that the statement is inconsistent with their understanding of the process adopted by the Board in reviewing the adequacy and integrity of the system of internal control. This Statements was reviewed by AC and approved by the Board on 26 March 2019.


Conclusion

For the financial year ended 31 December 2018 and up to the date of approval of this statement, the Board is of the opinion that the risk management and internal control system currently in place is adequate and effective to safeguard the Group’s interests and assets. For the coming year, the Board will continually assess the adequacy and effectiveness of the Group's system of internal control and to strengthen it, as and when necessary.