This Terms of Reference for Audit & Risk Management Committee (“Terms of Reference”) outlines the manner in which the Audit & Risk Management Committee assist the Board in discharging its statutory and other responsibilities relating to internal controls, financial and accounting matters, compliance and risk management. The Terms of Reference adopts principles of good corporate governance and is designed to maximize the Company’s compliance with best practice requirements.
The Board shall establish a Committee of the Board to be known as the Audit & Risk Management Committee.
The Audit & Risk Management Committee must be appointed from amongst its Directors and fulfil the following requirements:-
(a) The Audit & Risk Management Committee must be composed of not less than three (3) members;
(b) A majority of the members must be independent directors and all members must be non-executive; and
(c) At least one member of the Audit & Risk Management Committee:-
(i) Must be a member of the Malaysian Institute of Accountants (MIA); or
(ii) If she/he is not a member of the MIA, she/he must have at least three (3) years’ working experience and:-
• He / She have passed the examination specified in Part I of the 1st Schedule of the Accountants Act 1967; or
• He / She must be a member of one of the associations of accountants specified in Part II of the 1st Schedule of the
Accountants Act 1967; or
(iii)Fulfills such other requirements as prescribed or approved by the Exchange.
(d) The Chairman shall be an Independent, Non-Executive Director.No alternate director is appointed as a member of the Audit & Risk Management Committee;
(e) In the event that any vacancy in the Audit & Risk Committee results in the non-compliance of the above requirements, the Company must fill the vacancy within three (3) months; and
(f) The Company Secretary shall act as Secretary to the Audit & Risk Management Committee.
4.1 The Audit & Risk Management Committee shall be granted the authority to investigate any activity of the Company and its subsidiaries, and all employees shall be directed to co-operate as requested by members of the Committee;
4.2 The Audit & Risk Management Committee shall be empowered to retain persons having special competence as necessary to assist the Committee in fulfilling its responsibilities;
4.3 The Audit & Risk Management Committee shall provide assistance to the Board in fulfilling its fiduciary responsibilities particularly relating to business ethics, policies and financial management control;
4.4 The Audit & Risk Management Committee shall maintain a direct line of communication between the Board, External Auditors, Internal Auditors and Management through regularly scheduled meetings;
4.5 The Audit & Risk Management Committee shall provide greater emphasis on the audit functions by increasing the objectivity and independence of External and Internal Auditors, and providing a forum for discussion that is independent of the Management;
4.6 The Audit & Risk Management Committee may invite any person to the meeting to assist the Committee in decision-making process and that the Committee may meet exclusively as and when necessary; and
4.7 Serious allegations that have financial implications against any employee of the Company shall be referred to the Audit & Risk Management Committee for investigation to be conducted.
The Audit & Risk Management Committee shall have the following authority as empowered by the Board:-
(a) The authority to investigate any matter within its terms of reference;
(b) The resources which are required to perform its duties;
(c) Full, free and unrestricted access to any information, records, properties and personnel of the Company and any other subsidiaries (if any) or sister companies;
(d) Direct communication channels with the External Auditors, person(s) (in case of an in house function) and outsourced engagement firm carrying out the internal audit function or activity for the Group (Internal Auditors);
(e) Able to obtain independent professional or other advice; and
(f) Able to convene meetings with the External Auditors, the Internal Auditors or both, together with other independent non-executive members of the Board, excluding the attendance of any Executive Directors, at least twice a year in the case of External Auditors or whenever deemed necessary.
6.1 The Audit & Risk Management Committee shall meet at least four (4) times in a year to discuss any matters raised by the Auditors in discharging their functions.The quorum for a meeting of the Committee shall be two (2);
6.3 The Secretary is responsible for the co-ordination of administrative details including calling for meetings, voting and keeping of minutes;
6.4 In addition to the Audit & Risk Management Committee members, the MD and Chief Financial Officer are invited for attendance at each meeting.The Head of Companies / Departments and their management team will attend when audit reports on their companies / departments are tabled for discussion.The presence of External Auditors and outsourced Internal Auditors will be requested when required;
6.5 The Chairman shall, upon the request of the External Auditor,convene a meeting of the Audit & Risk Management Committee to consider any matter the External Auditor believes should be brought to the attention of the Directors or Shareholders;
6.6 The External Auditors and the Internal Auditors have the right to appear and be heard at any meeting of the Audit & Risk Management Committee and shall appear before the Committee when required to do so by the Committee; and
6.7 Decision making can be carried through a resolution in writing signed by a majority of the members of the Committee.
7.0 Duties and Responsibilities
The duties and responsibilities of the Audit & Risk Management Committee with the following groups will be as follows:-
(i) To obtain satisfactory response from Management on reports issued by the External Auditors and the Internal Auditors, and report to the Board:-
• Significant findings identified and the impact of the audit findings on the operations;
• Deliberations and decisions made at the Audit & Risk Management Committee’s meetings with focus given to significant issues and resolutions resolved by the Committee, on a regular basis; and
• A summary of material concerns and weaknesses in the control environment noted during the year and the corresponding measures taken to address the issues.
(ii) To oversee the internal audit function, and report to the Board on significant changes in the business and the external environment, which affect key risks;
(iii) Where the review of audit reports of subsidiaries and any related corporations also falls under the jurisdiction of the Audit & Risk Management Committee, all the above mentioned functions shall also be performed by the Committee in co-ordination with the Board of Directors of the subsidiaries and related corporation;
(iv) To review arrangements established by Management for compliance with any regulatory or other external reporting requirements, by-laws and regulations related to the Company’s operations; and
(v) To consider other areas as defined by the Board.
(b)Dealings with External Auditors
(i) To recommend to the Board the appointment of the External Auditors, the audit fee and any issues relating to the resignation or dismissal of the External Auditors;
(ii) To discuss with the External Auditors before the audit commences, the nature and scope of the audit, and ensure co-ordination where more than one audit firm is involved;
(iii) To discuss with the External Auditors, their audit report and evaluation of the system of the internal controls and risk management;
(iv) To discuss problems and reservations arising from the external audits, and any matter the External Auditors may wish to discuss;
(v) To review and assess the performance and independence of the External Auditors; and
(vi) To review the quarterly financial results and year-end financial statements of the Company, focusing particularly on:-
•Any changes in accounting policies;
•Significant matters highlighted including financial reporting issues, significant judgments made by management, significant and unusual events or transactions, and how these matters are addressed;
•Significant adjustments arising from the audit;
•The going-concern assumption; and
•Compliance with accounting standards and other legal requirements.
(c) Oversight of Internal Audit Function
To oversee the internal audit function by:-
• Reviewing and approving the annual internal audit plan;
• Reviewing the adequacy of the scope of internal audit and governance review, internal audit and governance review programmes, functions and resources of the internal audit function, and that they have the necessary authority to carry out its work;
• Reviewing the reports prepared by the Internal Auditors, discussing major findings and Management’s response, and to ensure that appropriate action in respect of the recommendations of the Internal Auditors;
• Approving any appointment or termination of senior staff members of the internal audit function (in case of an in-house function), and appointment or dismissal of outsourced Internal Auditors;
• Approving the fees to be paid to the outsourced Internal Auditors;
• Being informed of resignations of internal audit staff members and providing the resigning staff member with an opportunity to submit his / her reasons for resigning (in case of an in-house function);
• Reviewing and assessing the effectiveness of the internal audit function;
• Ensuring on an on-going basis that internal audit function has adequate and competent resources; and
• Monitoring closely any significant disagreement between internal audit function and Management irrespective of whether they have been resolved.
(i) To review and endorse the corporate governance framework for the Board’s approval and monitor the progress of implementation;
(ii) To assess the effectiveness of the corporate governance framework and recommend to the Board necessary changes to the corporate governance framework;
(iii) To drive the code of conducts across the Group including ensuring that the whistle-blowing programme is implemented across the Group, and complied with;
(iv) To review the reports on violation of the whistle-blowing issues, as well as breaches involving pivotal positions; and
(v) To review the Statement on Corporate Governance, ARMC Report and Statement on Risk Management and Internal Control prior to their inclusion in the Company’s Annual Report for recommendation to the Board for approval.
(e) Risk Management Oversight
(i) To provide oversight, direction and counsel to the risk management process, specifically:
To ensure that the risk management framework and the appropriate policies and procedures are established and implemented;
To consider whether response strategies (and mitigation plan) to manage or mitigate material risks are appropriate and effective given the nature of the identifiable risks; and
To evaluate the risk profile and risk tolerance of the Group.
(f) Related Party Transaction
To consider any related party transactions that may arise within the GROUP including any transaction, procedure or course conduct that raises questions of Management’s integrity.
(g) Employees’ Share Scheme
To verify the allocation of ESGP Grants and ESOS Options under the Scheme in compliance with the allocation criteria which
has been disclosed to employees of the Group and established in the By-Laws of ESS of the Company, at the end of each