SCC Holdings Berhad Annual Report 2017

18 SCC Holdings Berhad (511477-A) | Annual Report 2017 The Statement on Risk Management and Internal Control by the Board on the Group is made pursuant to Rule 15.26(b) of the Bursa Securities AMLR and in accordance with the Principles and Recommendations relating to risk management and internal controls provided in the Malaysian Code on Corporate Governance 2017 ("MCCG 2017") under Practice 9.1 and 9.2. MCCG 2017 sets out the principles that the board of directors of a listed company should establish a sound risk management framework and internal controls system to safeguard shareholders' investment, stakeholders’ interest and assets of the Group. BOARD RESPONSIBILITIES The Board acknowledges its responsibility to observe the MCCG 2017 in maintaining a sound system of risk management and internal control throughout the operations of the Group in order to safeguard shareholders' investments, stakeholders’ interest and the assets of the Group. The Board is responsible for identifying, evaluating and managing the significant risk of the Group, as well as reviewing adequacy and effectiveness of the risk management and internal control on an ongoing basis. The Board believes the risk management and internal control system are adequate and effective to manage the risk of the Group. Nevertheless, due to the inherent limitations of any system, such systems are designed to mitigate rather than eliminate the likelihood of fraud and error. In addition, it should be noted that any system can provide only reasonable and not absolute assurance against material misstatement or loss. The Board has received assurance from the Group Managing Director that the Group's risk management and internal control system operate adequately and effectively, in all material aspects, based on the risk management and internal control system. RISK MANAGEMENT The Board reviews internal control issues identified by the management and the internal auditors, as well as evaluates the adequacy and effectiveness of the Group's risk management and internal control system. A Risk Management Committee ("RMC") comprises the Managing Director, three (3) Executive Directors and five (5) management staff which include the Finance Manager. The responsibilities of RMC include assisting in development of risk management framework, policies, processes and procedures; maintaining the risk register for the Group; monitoring operating unit’s compliance with Group’s policies and procedures; monitoring and reporting of the key risks as identified by the Management. The RMC meetings are consolidate with bi-monthly management meeting since all the RMC members attended the management meetings. Risk Management matters were being discussed during bi-monthly management meetings on the current and possible future issues that might affect the business of the Group with attending HODs and tasks had been assigned to relevant personnel to follow up. The responsibility for day to day risk management resides with the HOD of each division/department where they are the risk owners and are accountable for the risks identified and assessed. In managing the risks of the Group, Management teamworks closely with the RMC to ascertain that there is on-going monitoring and review of risks and related controls and that action plans are developed and implemented to manage these risks. Minutes of the meeting are recorded, and progress and outcome are being closely monitored by the RMC. Risk identification and assessment Risks identified are assessed to determine their impact on the relevant business strategies / objectives and their likelihood of occurrence. The outcome of the risk assessment process at respective functional or business unit levels will then be consolidated at the Group level in a risk scorecard which enables divisions/departments/subsidiaries within the Group to report risks and risk status using a common platform. A Risk Profile and Action Plan, which registered the nature and extent of risks the division/department/subsidiaries and the Group is willing to accept or retain to achieve its goals and objectives, are reviewed by the RMC from time to time. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL