Basic HTML Version
130
Gamuda Berhad
(29579-T)
• annual report 2014
Statement on Risk Management
and Internal Control
Board’s Responsibility
The Board of Gamuda Berhad (the Group and the Company)
affirms the overall responsibility for maintaining a sound
system of risk management and internal control so as to
safeguard shareholders’ interests and the Group’s assets.
The system of risk management and internal control is
designed to manage, but may not totally eliminate the risk
of failure to achieve business objectives. Accordingly, such
systems can only provide reasonable and not absolute
assurance against material error, misstatement or losses.
The Board confirms that there is an ongoing process of
identifying, evaluating and managing all significant risks
faced by the Group that has been in place for the year and
up to the date of approval of this Statement for inclusion
in Annual Report. The process is regularly reviewed by the
Board and is in accordance with the Statement on Risk
Management and Internal Control: Guidance for Directors
of Listed Issuers (SRMICG).
Risk Management
The risk management framework, which is embedded in
the management systems of the Group, clearly defines
the authority and accountability in implementing the
risk management process and internal control system.
The Management assists the Board in implementing the
process of identifying, evaluating and managing significant
risks applicable to their respective areas of business and
in formulating suitable internal controls to mitigate and
control these risks.
The project task force is responsible for assessing and
evaluating the feasibility and risk impact that prospective
investments would have on the Group. For ongoing business
operations, risk assessment and evaluation is an integral
part of the annual business planning and budgeting process.
The Management of each business unit, in establishing its
business objectives, is required to identify and document all
possible risks that can affect their achievement taking into
consideration the effectiveness of controls that are capable
of mitigating such risks. By this process, each business
unit’s identified risks, the controls and processes for
managing them are tabulated in a risk assessment report.
Significant risks of business units have been presented to
the Risk Management Committee for their deliberation.
Key Internal Control Features
The Group’s internal control system encompasses the
following key control processes:
• Clearly defined operating structure, lines of
responsibilities and delegated authority. Various Board
and Management Committees have been established
to assist the Board in discharging its duties. Among the
committees are:
- Audit Committee
- Risk Management Committee
- Nomination Committee
- Remuneration Committee
- Budget Committee
- ESOS Committee
• Feasibility study and risk impact and assessment on
new investments/projects is evaluated by Project Task
Force for Board’s deliberation.
• Internal control activities have been established
in all business units with clearly defined lines of
responsibilities, authority limits for major capital
expenditure, contract awards and other significant
transactions, segregation of duties, performance
monitoring and safeguarding of assets.
• Systematically documented Policies, Procedures and
Standard Operating Procedures are in place to guide
employees in their day-to-day work. These policies and
procedures are reviewed regularly and updated when
necessary.
• Anannual budgetary process that requires business units
topreparebudgets, business plans andcontrolmeasures
to mitigate identified risks for the forthcoming year.
These budgets are deliberated by the Budget Committee
before being presented to the Directors for approval.