& INTERNAL CONTROL

STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL

(ii) Fire and Industrial Risks

The Group adheres to the zero-burning policy.

However, the Plantation segment is exposed to the risk of fire in estates during prolonged periods of dry weather which could put plantation assets at risk. The resultant haze may also cause serious health concerns, stunt fruit growth and disruption in harvesting. In the Oleochemical division, flammable industrial chemicals, i.e. hydrogen/methanol/hydrogen peroxide/ethylene oxide used in the production processes are hazardous and can cause fire and explosion.

The Group adhered strictly to its safety and sustainability policies which takes into account the changing risk landscape to manage industrial risks. Management had established fully equipped firefighting teams which undergoes yearly firefighting training and practices strict surveillance which includes erecting fire towers at strategic locations and daily web-monitoring of fire hotspots within and surrounding the estates. The Emergency Response Teams were properly trained to contain and control leakages or fire in the processing plants. To mitigate the financial impact, the Group’s assets are adequately insured under Industrial All Risk Policy and Fire-Industrial Policy.

Cyber Security Risk

The business environment is global and highly interconnected, which increases the organisation’s exposure to cyber threats. To manage this risk, controls have been put in place to manage and protect the confidentiality, integrity and availability of data and critical infrastructure. Amongst others, adequate IT Industrial standard network security layer equipment, encryption protocols, virus scanning tools and applications are in place to protect and secure the accessibility to the Group’s IT environment. Notification alerts will be triggered when there is any suspicious network traffic or incident and will be investigated till its resolution. Continuous security awareness trainings and roadshows are provided to the employees to foster awareness in safeguarding the Group’s sensitive data. Disaster Recovery Plan (DRP) has been implemented to recover and protect the business IT infrastructure in the event of adverse events.

COVID-19 Pandemic

The Board and the Group’s Management proactively monitor and manage the impact to business and operations arising from COVID-19 pandemic. In this respect, the Group actively engages with customers, suppliers, transporters and forwarders to minimise movement disruptions.

Various safety and health measures were implemented, such as work-from-home and split team arrangements;

frequent communication on health awareness & travel advisory guides; and instituting daily precautions, inclusive

of sanitisation and daily temperature screening. The Group has in place business continuity plans to provide adequate support for its business and employees, and instituted new working arrangements for business continuity. The Group will continue to monitor the situation closely and will do its best to protect its employees and supply chain.

OTHER ELEMENTS OF RISK MANAGEMENT AND INTERNAL CONTROL

Board Meetings

At a minimum, the Board meets on a quarterly basis and has a formal agenda on matters for discussion. The CEO leads the presentation of board papers and provides explanation on pertinent issues. A thorough deliberation and discussion by the Board is a prerequisite before arriving at any decision. In addition, the Board is kept updated on the Group’s activities and operations on a timely and regular basis.

Organisational Structure with Formally Defined Responsibility Lines and Delegation of Authority

There is in place an organisational structure with formally defined responsibility lines and authorities to facilitate quick response to changes in the evolving business environment, effective supervision of day-to-day business conduct and accountability for operation performance. Capital and non-capital expenditures and acquisition and disposal of investment interest are subject to appropriate approval processes. The limit of authorities for approval levels is established for budgeted and non-budgeted capital expenditure.

Performance Management Framework

Management reports are generated on a monthly and consistent basis to facilitate the Board and the Group’s Management in performing financial and operation reviews on the various operating units. The reviews encompass areas such as financial and non-financial key performance indicators, variances between budget and operation results and compliance with laws and regulations.

The Group has in place a well-controlled budgeting process that provides a responsible accounting framework. The Group’s annual budget is approved by the Board prior to implementation.

Operational Policies and Procedures

Documented policies and procedures form an integral part of the internal control systems to safeguard shareholders’

investment and the Group’s assets against material losses and ensure complete and accurate financial information.

These documents consist of approved memoranda, circulars, manuals and handbooks that are continuously being revised and updated to meet operational needs.

110

STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL

Whistleblowing Policy

A Whistleblowing Policy has been established to provide clarity of oversight of the whistleblowing process, protection and confidentiality to whistleblowers. The policy sets out a protocol for employees and stakeholders to raise genuine possibilities of improprieties, malpractices and misconduct within the Group for remedial action. In addition, the Group had also implemented an Employee Grievance Redressal Policy to provide a clear and transparent framework for employees to raise any grievances. The policy is available on the Company’s website at www.klk.com.my.

Integrity and Anti-Corruption

As a responsible corporation, the Group has always been committed to doing business with integrity. The Group will continue to foster an anti-corruption culture and adhere to the anti-corruption laws and regulations in countries in which it operates.

In line with the Government’s effort to combat corrupt acts and promote better corporate governance culture, the Group had appointed an independent external consultant to conduct an Anti-Bribery and Anti-Corruption Adequate Procedures Review (“Review”) during the financial year 2020. Amongst others, the Review entails a corruption risk assessment and gap analysis to identify any gaps as well as analyse, assess and prioritise corruption risks within the Group, as well as relevant training and awareness programmes for the Directors and employees.

The Board is kept abreast of the Group’s anti-corruption initiatives and compliance programmes via periodic reporting. Where applicable, the requirements of the Group’s existing policies, systems and procedures in relation to anti-bribery and anti-corruption are extended to the Group’s agents, counterparties and business partners to ensure that anti-corruption and bribery initiatives are applied throughout the Group’s supply chain.

As part of the Group’s ongoing commitment, the Group Anti-Corruption Policy had also been formalised to outline the Group’s approach in combating bribery and corruption in order to guide the Group’s employees and associated persons to act professionally, fairly and with integrity in all business dealings and relationships. The Group’s stance in combating corruption is publicly available on the Company’s website at www.klk.com.my, via the Group Anti-Corruption Policy together with the Group’s Codes of Conduct and Ethics, Sustainability Policy and other relevant policies and procedures.

Group Internal Audit

The Internal Audit Division, which reports directly to the Audit and Risk Committee, conducts reviews on the system of internal controls and the effectiveness of the processes that are in place to identify, evaluate, manage and report

risks. Their audit practices are guided by Professional Internal Auditing Standards as prescribed by the Institute of Internal Auditors, Malaysia. Routine reviews are conducted on units under the Group’s major core activities. Appropriate recommendations are made to address all the issues and weaknesses highlighted and they are subsequently followed up to ensure proper implementation.

REVIEW OF STATEMENT BY EXTERNAL AUDITORS The External Auditors have reviewed this Statement pursuant to the scope set out in the Audit and Assurance Practice Guide (“AAPG”) 3, Guidance for Auditors on Engagements to Report on Statement on Risk Management and Internal Control issued by the Malaysian Institute of Accountants for inclusion in the Annual Report of the Group for the year ended 30 September 2020, and reported to the Board that nothing has come to their attention that caused them to believe that the Statement intended to be included in the Annual Report of the Group, in all material aspects:

(a) has not been prepared in accordance with the disclosures required by paragraphs 41 and 42 of the Statement on Risk Management and Internal Control:

Guidelines for Directors of Listed Issuers; or (b) is factually inaccurate.

AAPG 3 does not require the External Auditors to consider whether the Directors’ Statement on Risk Management and Internal Control covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the Group’s risk management and internal control system including the assessment and opinion by the Board and Management thereon. The Auditors are also not required to consider whether the processes described to deal with material internal control aspects of any significant problems disclosed in the Annual Report will, in fact, remedy the problems.

CONCLUSION

The Board has reviewed the adequacy and effectiveness of the Group’s risk management and internal control system for the year under review and up to the date of approval of this Statement for inclusion in the Annual Report, and is of the view that the risk management and internal control system is satisfactory and there were no material losses incurred during the year under review as a result of internal control weakness or adverse compliance events.

For the period under review, the CEO and Group Chief Financial Officer have provided assurance to the Board that the Group’s risk management and internal control system is operating adequately and effectively, in all material aspects.

This Statement was approved by the Board of Directors on 9 December 2020.

STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL

The Board of Directors (“Board”) of KLK is pleased to present the Audit and Risk Committee Report for the financial year ended 30 September 2020.

The Audit Committee was established in 1993 in line with the Main Market Listing Requirements (“Main LR”) of Bursa Malaysia Securities Berhad. Subsequently, on 14 August 2018, the Audit Committee was renamed as the Audit and Risk Committee (“ARC”) to recognise the importance of the risk oversight and management functions carried out by the ARC. The Terms of Reference (“TOR”) of the ARC was also revised and expanded to include the additional roles and functions conducted by the ARC.

The TOR of the ARC is available on the Company’s website at www.klk.com.my.

COMPOSITION AND MEETINGS

The ARC convened five (5) meetings during the financial year ended 30 September 2020. Details of the membership and their attendance at the meetings, are as follows:

MEMBERS

NUMBER OF MEETINGS HELD ATTENDED Dato’ Yeoh Eng Khoon

(Chairman)

Senior Independent Non-Executive Director

5 5

Quah Poh Keat Independent

Non-Executive Director

5 5

Anne Rodrigues Independent

Non-Executive Director

5 5

Mr. Quah Poh Keat and Mrs. Anne Rodrigues are members of the Malaysian Institute of Accountants. The ARC, therefore, fulfils the requirements of having at least one (1) of its members be a qualified accountant pursuant to Paragraph 15.09(1)(c) of the Main LR.

SUMMARY OF THE WORK OF THE ARC

In line with the TOR of the ARC, the work carried out by the ARC in the discharge of its functions and duties for the financial year ended 30 September 2020 are as follows:

Financial Reporting

• Reviewed the Group’s quarterly results and year-end financial statements, and made recommendations to the Board for approval of the same, as detailed below:

DATE OF MEETING

QUARTERLY RESULTS/FINANCIAL STATEMENTS REVIEWED

17 February

2020 Unaudited first quarter results for the period ended 31 December 2019

22 May 2020 Unaudited second quarter results for the period ended 31 March 2020

18 August

2020 Unaudited third quarter results for the period ended 30 June 2020

17 November

2020 Unaudited fourth quarter results for the period ended 30 September 2020 and the unaudited results of the Group for the financial year ended 30 September 2020 7 December

2020 Audited Financial Statements for the financial year ended 30 September 2020 The review of the unaudited quarterly financial results is to ensure the disclosures are in compliance with the Financial Reporting Standard 134 – Interim Financial Reporting and applicable disclosure provisions in the Main LR.

The ARC had also reviewed the Audited Financial Statements of the Company and the Group for the financial year ended 30 September 2020 to ensure it presented a true and fair view of the financial position and performance for the year and ensure that it complied with all disclosures and regulatory requirements and recommended the Audited Financial Statements to the Board for approval.

Risk Management and Internal Control

• Reviewed the Group Risk Management Committee’s meeting minutes and reports, and deliberated on the principal risks highlighted and the controls to mitigate the risks.

• Reviewed and assessed the scope and effectiveness of the processes established by Management to identify, assess, manage and monitor financial, non-financial and corruption risks.

Internal Audit

• Reviewed and approved the risk-based annual audit plan to ensure adequate scope and coverage on the activities of the Company and the Group.

• Reviewed and deliberated on reports of audits conducted by the Internal Audit Division (“IAD”).

• Appraised the adequacy of actions and remedial measures taken by Management in resolving the audit issues reported and recommended further improvement measures.

• Reviewed the adequacy of staff resources and access to information to ensure audit works were carried out effectively.