This Terms of Reference for Audit & Risk Management Committee (“Terms of Reference”) outlines the manner in which the Audit & Risk Management Committee assist the Board in discharging its statutory and other responsibilities relating to internal controls, financial and accounting matters, compliance and risk management. The Terms of Reference adopts principles of good corporate governance and is designed to maximize the Company’s compliance with best practice requirements.
2.1. The Board shall establish a Committee of the Board to be known as the Audit & Risk Management Committee.
3.1 The Audit & Risk Management Committee must be appointed from amongst its Directors and fulfil the following requirements:-
(a) The Audit & Risk Management Committee must be composed of not less than three (3) members;
(b) A majority of the members must be independent directors and all members must be non-executive; and
(c) At least one member of the Audit & Risk Management Committee:-
(i) Must be a member of the Malaysian Institute of Accountants (MIA); or
(ii) If she/he is not a member of the MIA, she/he must have at least three (3) years’ working experience and:-
• He / She have passed the examination specified in Part I of the 1st Schedule of the Accountants Act 1967; or
• He / She must be a member of one of the associations of accountants specified in Part II of the 1st Schedule of the Accountants Act 1967; or
(iii) Fulfils such other requirements as prescribed or approved by the Exchange.
(d) The Chairman shall be an Independent, Non-Executive Director. No alternate director is appointed as a member of the Audit & Risk Management Committee;
(e) In the event that any vacancy in the Audit & Risk Committee results in the non-compliance of the above requirements, the Company must fill the vacancy within three (3) months; and
(f) The Company Secretary shall act as Secretary to the Audit & Risk Management Committee. The Company Secretary shall act as Secretary to the Audit & Risk Management Committee.
3.1 The Audit & Risk Management Committee shall be granted the authority to investigate any activity of the Company and its subsidiaries, and all employees shall be directed to co-operate as requested by members of the Committee;
3.2 The Audit & Risk Management Committee shall be empowered to retain persons having special competence as necessary to assist the Committee in fulfilling its responsibilities;
3.3 The Audit & Risk Management Committee shall provide assistance to the Board in fulfilling its fiduciary responsibilities particularly relating to business ethics, policies and financial management control;
3.4 The Audit & Risk Management Committee shall maintain a direct line of communication between the Board, External Auditors, Internal Auditors, CGRM and Management through regularly scheduled meetings;
3.5 The Audit & Risk Management Committee shall provide greater emphasis on the audit functions by increasing the objectivity and independence of External and Internal Auditors and CGRM, and providing a forum for discussion that is independent of the Management;
3.6 The Audit & Risk Management Committee may invite any person to the meeting to assist the Committee in decision-making process and that the Committee may meet exclusively as and when necessary; and
3.7 Serious allegations that have financial implications against any employee of the Company shall be referred to the Audit & Risk Management Committee for investigation to be conducted.
The Audit & Risk Management Committee shall have the following authority as empowered by the Board:-
(a) The authority to investigate any matter within its terms of reference;
(b) The resources which are required to perform its duties;
(c) Full, free and unrestricted access to any information, records, properties and personnel of the Company and any other subsidiaries (if any) or sister companies;
(d) Direct communication channels with the External Auditors,person(s) (in case of an in house function) or outsourced engagement firm carrying out the internal audit function or activity for the GROUP (Internal Auditors), and personnel of CGRM;
(e) Able to obtain independent professional or other advice; andv
(f) Able to convene meetings with the External Auditors,the Internal Auditors or both, together with other independent non-executive members of the Board, excluding the attendance of any Executive Directors, at least twice a year in the case of External Auditors or whenever deemed necessary.
5.1 The Audit & Risk Management Committee shall meet at least four (4) times in a year to discuss any matters raised by the Auditors in discharging their functions. The quorum for a meeting of the Committee shall be two (2);
5.2 At least twice a year, the Audit and Risk Management Committee and/or the whole Board shall meet with the External Auditors without the presence of any executive Board member, MD or other Senior Management;
5.3 The Secretary is responsible for the co-ordination of administrative details including calling for meetings, voting and keeping of minutes;
5.4 In addition to the Audit & Risk Management Committee members, the MD, Chief Financial Officer and the Head of CGRM are invited for attendance at each meeting. The Head of Companies / Departments and their management team will attend when audit reports on their companies / departments are tabled for discussion. The presence of External Auditors and outsourced Internal Auditors will be requested when required;
5.5 The Chairman shall, upon the request of the External Auditor, convene a meeting of the Audit & Risk Management Committee to consider any matter the External Auditor believes should be brought to the attention of the Directors or Shareholders; and
5.6 The External Auditors, Internal Auditors and the Head of CGRM have the right to appear and be heard at any meeting of the Audit & Risk Management Committee and shall appear before the Committee when required to do so by the Committee.
6.0 Duties and Responsibilities
The duties and responsibilities of the Audit & Risk Management Committee with the following groups will be as follows:-
(a) Board Oversight
(i) To obtain satisfactory response from Management on reports issued by the External Auditors, Internal Auditors and the CGRM, and report to the Board:-
• Significant findings identified and the impact of the audit findings on the operations;
• Deliberations and decisions made at the Audit & Risk Management Committee’s meetings with focus given to significant issues and resolutions resolved by the Committee, on a regular basis; and
• A summary of material concerns and weaknesses in the control environment noted during the year and the corresponding measures taken to address the issues.
(ii) To oversee the internal audit function and the CGRM, and report to the Board on significant changes in the business and the external environment, which affect key risks;
(iii) Where the review of audit reports of subsidiaries and any related corporations also falls under the jurisdiction of the Audit & Risk Management Committee, all the above mentioned functions shall also be performed by the Committee in co-ordination with the Board of Directors of the subsidiaries and related corporation
(iv) To review arrangements established by Management for compliance with any regulatory or other external reporting requirements, by-laws and regulations related to the Company’s operations; and
(v) To consider other areas as defined by the Board.
(b) Dealings with External Auditors
(i) To recommend to the Board the appointment of the External Auditors, the audit fee and any issues relating to the resignation or dismissal of the External Auditors;
(ii) To discuss with the External Auditors before the audit commences, the nature and scope of the audit, and ensure co-ordination where more than one audit firm is involved;
(iii) To discuss with the External Auditors, their audit report and evaluation of the system of the internal controls and risk management;
(iv) To discuss problems and reservations arising from the external audits, and any matter the External Auditors may wish to discuss;
(v) To review and assess the performance and independence of the External Auditors; and
(vi) To review the quarterly and year-end financial statements of the Company, focusing particularly on:-
• Any changes in accounting policies;
• Significant adjustments arising from the audit;
• The going-concern assumption; and
• Compliance with accounting standards and other legal requirements.
(c) Oversight of Internal Audit Function and CGRM
To oversee the internal audit function and the CGRM by:-
• Reviewing and approving the annual internal audit plan;
• Reviewing the adequacy of the scope of internal audit and governance review, internal audit and governance review programmes, functions and resources of the internal audit function and the CGRM, and that they have the necessary authority to carry out its work;
• Reviewing the reports prepared by the Internal Auditors and the CGRM, discussing major findings and Management’s response, and to ensure that appropriate action in respect of the recommendations of the Internal Auditors and the CGRM;
• Determining and recommending to the Board the remit of the internal audit function and theh CGRM, including the remuneration of the Head of CGRM, and ensure that they are able to undertake their activities independently and objectively;
• Approving any appointment or termination of senior staff members of the internal audit function(in case of an in-house function), and appointment or dismissal of outsourced Internal Auditors;
• Approving the fees to be paid to the outsourced Internal Auditors;
• Being informed of resignations of internal audit staff members and providing the resigning staff member with an opportunity to submit his / her reasons for resigning (in case of an in-house function);
• Reviewing and assessing the effectiveness of the internal audit function;
• Reviewing and assessing the effectiveness of the internal audit function;
• Ensuring on an on-going basis that internal audit function and the CGRM has adequate and competent resources; and
• Monitoring closely any significant disagreement between internal audit function and the CGRM, and Management irrespective of whether they have been resolved.
(d) Related Party Transaction
To consider any related party transactions that may arise within the GROUP including any transaction, procedure or course of conduct that raises questions of Management’s integrity.