The Sustainability Working Group Committee (“SWG”) is setup as part of the management in reinforcing its existing governance ecosystem. The SWG advises on sustainability strategies and its alignment with business strategy, risk environment and regulatory requirements including providing strategic direction and facilitate stakeholder engagement processes.
The key features of the internal control processes are described as follows:
• Board meetings are held at least once in a quarter with a formal agenda on matters for discussion. During the meeting, the Board reviews the financial performance of the Group, discuss and deliberate on the business development, management, corporate issues and regulatory matters affecting the Group.
• Board Committees with clearly defined terms of reference and authority hold regular meetings and assist the Board in overseeing internal controls and Board effectiveness. This includes reviewing the adequacy and integrity of the Group’s internal control system and to follow-up on action plans by Management on the recommendations proposed by the internal audit department.
• The Group Managing Director (“GMD”) plays a pivotal role in communicating the Board’s expectations of the system of risk management and internal control to management. This is achieved through his active participation in the management of the business as well as chairing at various management and committee meetings. The GMD will update the Board of any significant matters that require the latter’s immediate attention.
• Monthly management meetings are held to review the financial and manufacturing operational performance of business units including key performance indicators, productivity, efficiency and effectiveness. This includes evaluation of factors impacting performance such as business, operational and key management.
• There is an established mechanism to identify and review the risks element that impact on the financial performances of the Group to manage risks including and not limiting to volatility of foreign exchange rates, escalating cost of operations and competitive pricing of products.
• A Whistleblowing Policy serves as an avenue for all employees and the general public to raise concerns about malpractice or improper conduct within the Group whilst ensuring the integrity of the process and information and also protecting the rights of informants.
• The Group adopted an Anti-Corruption Policy which describes Kossan’s commitment to ensure zero-tolerance against any forms of bribery and corruption. The Group is committed to maintain and preserve the highest standard of integrity, transparency and accountability in our business operations.
• The management sets the tone for an effective control environment and culture within the Group through the Group’s mission, vision and core values. The Group developed its key pillars for all Kossan employees to embrace on, based on the below five (5) core value tenets:
Through Kossan’s core values, the Group seeks to inculcate a culture of honesty and integrity, inspiration and innovation as well as caring and commitment.
Core
ASSURANCE MECHANISM
The Group has in place an in-house Internal Audit (“IA”) department established by the Board to provide independent assurance on the adequacy and effectiveness of the risk management and internal control system. The IA reports directly to the AC and is guided by the Internal Audit Charter. The IA performs audits based on an annual internal audit plan approved by the AC. The areas of audit covered by the IA during the financial year under review included:
• regulatory compliance focusing on environment, safety and health;
• labour laws compliance;
• financial audits;
• taxation audit and
• operational audits on inventory management and control.
The IA presented its audit report, including findings, recommendations and management’s response to the AC on a quarterly basis. Follow up reviews are conducted and the status of the implementation of action plans are monitored and reported to the AC.
For the year ended 31 December 2020, the IA reviewed the adequacy and effectiveness of the internal control processes and necessary actions have been and are being taken to remedy any significant failings or weaknesses for the financial year under review and up to the date of approval of this Statement for inclusion in the Annual Report.
The Board, through the AC, has reviewed the effectiveness of the Group’s system of risk management and internal control. There were no significant risk management and internal control aspects that would have resulted in any material losses or contingencies that would require disclosure in the Annual Report.
The Board has received assurances from the GMD who is also the Group Chief Executive Officer and the Senior Group Accountant that for the year ended 31 December 2020, the Group’s risk management and internal control system is operating adequately and effectively in all material aspects, based on the risk management and internal control system of the Group. Taking into consideration the information and assurances given, the Board is satisfied with the adequacy, integrity and effectiveness of the Group’s system of risk management and internal control.
Continuous quality assurance audits are being conducted as part of the requirements and compliance of the ISO 9001, ISO 13485, IATF 16949, MS ISO/IEC 17025 and ISO 14001 certifications.
BOARD’S COMMITMENT
The Board remains committed towards keeping abreast with the ever-changing business environment in order to support the Group’s business and size of operations. There were no material losses incurred during the current financial year as a result of weaknesses in internal control that would require a separate disclosure in the Annual Report.
The Board and the Management, in striving for continuous improvement, have and will continue to put in place appropriate measures to further strengthen and enhance the Group’s system of risk management and internal control environment.
Statement on Risk Management and Internal Control
(Cont’d)
REVIEW OF THIS STATEMENT BY EXTERNAL AUDITORS
The external auditors have reviewed this Statement on Risk Management and Internal Control pursuant to the scope set out in Audit and Assurance Practice Guide (“AAPG”) 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants for inclusion in the annual report of the Group for the year ended 31 December 2020, and reported to the Board that nothing has come to their attention that cause them to believe that the statement intended to be included in the annual report of the Group, in all material respects:
a) has not been prepared in accordance with the disclosures required by paragraphs 41 and 42 of the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers, or
b) is factually inaccurate.
AAPG 3 does not require the external auditors to consider whether the Directors’ Statement on Risk Management and Internal Control covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the Group’s risk management and internal control system including the assessment and opinion by the Board of Directors and management thereon. The auditors are also not required to consider whether the processes described to deal with material internal control aspects of any significant problems disclosed in the annual report will, in fact, remedy the problems.
This Statement has been approved by the Board on 13 April 2021.
Statement on Risk Management and Internal Control
(Cont’d)
The Board of Directors have pleasure in submitting the report of the Audit Committee of the Board for the year ended 31 December 2020.
1. TERMS OF REFERENCE OF THE AUDIT COMMITTEE
1.1 Composition
The Audit Committee shall consist of at least three Directors, all of whom are non-executive and a majority of them are independent. The Chairman of the Audit Committee shall be an independent non- executive director and not the Chairman of the Board.
1.2 Authority
The Audit Committee shall have explicit authority to investigate any matter within its terms of reference, have full access to information and the resources which it needs to do so. The Audit Committee shall be able to obtain external professional advice and to invite outsiders with relevant experience to attend, if necessary.
1.3 Responsibility
The Audit Committee shall be the focal point for communication between external auditors, internal auditors, Directors and management on matters in connection with financial accounting, reporting and controls. It shall also ensure that accounting policies and practices are adhered to by the Company and its subsidiaries.
1.4 Functions and Duties
The functions and duties of the Audit Committee shall include previewing and reporting to the Board the following:
1.4.1 External Audit
(i) appointment and re-appointment or resignation of the external auditors;
(ii) scope of the audit; and
(iii) evaluation of suitability, objectivity and independence of the external auditors.
1.4.2 Internal Audit
(i) adequacy of the scope of work, competency and resources and its authority to carry out the functions;
(ii) approve the internal audit plan and assess the process and results of the audit; and (iii) ensure internal audit work is effective and independent of management.
1.4.3 Risk Management
(i) ensure adequacy and effectiveness of the functions; and (ii) review the reports of the functions.
1.4.4 Financial Reporting
(i) review financial reporting and any changes in accounting policies;
(ii) review financial reporting issues and significant judgement by the management; and (iii) review significant and unusual transactions and ensure these are effectively addressed.