Internal Control Statement

1. Separation of Commercial and Regulatory Functions

1. The Group's regulatory and commercial functions are segregated to ensure the proper discharge of Bursa Malaysia's regulatory duties. It is Bursa Malaysia's statutory duty to always act in the public interest, having particular regard to the need for protection of investors. Accordingly, public interest prevails in the event Bursa Malaysia's own interest, or any interest that it is required to serve under any law relating to corporations, conflicts with the public interest. Four PIDs are appointed by MOF to Bursa Malaysia's Board of Directors to act in the public interest.
   
2. Processes are established and set out in the Guidelines for Handling Conflict of Interest (Guidelines) to deal with any possible COI which may arise in the course of Bursa Malaysia performing its commercial or its regulatory role. The types of COI that are managed by the Guidelines are:
   
   • COI or potential COI where Bursa Malaysia or its subsidiaries make regulatory decisions involving listed issuers, market participants or advisers/sponsors with whom Bursa Malaysia or its subsidiaries have a commercial or competitive relationship;
   • COI or potential COI where Bursa Malaysia makes a business decision which may have an adverse impact on the performance of its regulatory duties; and
   • Conflicts arising from the interest (direct or indirect) of a director, member or major shareholder or person connected with such director, member or major shareholder in a transaction proposed to be entered into or action/decision to be taken by Bursa Malaysia or its subsidiaries.

2. Authority and Responsibility

1. Certain responsibilities are delegated to Board Committees through clearly defined TOR which are annually reviewed.
   
2. The ALD is reviewed from time to time to reflect the authority and authorisation limits for management in all aspects of Bursa Malaysia's major business operations and regulatory functions.
   
   

3. Planning, Monitoring and Reporting

1. An annual planning and budgetary exercise is undertaken requiring all divisions to prepare business plans and budgets for the forthcoming year, which are deliberated upon and approved by the Board before implementation.
   
2. Monthly monitoring and half-yearly review of the Group's performance against budgets with any major variances are deliberated by the Board.
   
3. There is a regular and comprehensive flow of information to the Board and Management on all aspects of the Group's operations, to facilitate the monitoring of performance against the Group's corporate strategy, business and regulatory plans. The Board also reviews and approves the Annual Regulatory Report, which is aimed at reporting to the SC under Section 16 of the CSMA the extent to which Bursa Malaysia and its subsidiaries have complied with their duties and obligations under Sections 11 and 21 of the CMSA.
   
   

4. Policies and Procedures

1. Clear, formalised and documented internal policies, standards and procedures are in place to ensure compliance with internal controls and relevant laws and regulations. Regular reviews are performed to ensure that documentation remains current and relevant. Common Group policies are available on Bursa's Malaysia's intranet for easy access by staff.
   
2. For significant system development projects that are meant to support new product launches or intended to enhance existing products, Group IA conducts a System Readiness Review to ensure that all the necessary due processes have been adequately considered and adhered to prior to the product launching.
   
   

5. Audits

1. Through its internal audits, Group IA assesses compliance with policies and procedures as well as relevant laws and regulations. In addition, it examines and evaluates the effectiveness and efficiency of the Group's internal control system.
   
2. Annual on-site regulatory audits are conducted by the SC on the Group's operations to ensure compliance with its duties and obligations under the CMSA, as well as its policies and procedures.
   
3. Yearly audits are carried out by the SIRIM in relation to the ISO 9001:2008 Quality Management System (ISO 9001) and ISO 14001:2004 Environment Management System (ISO 14001), collectively known in Bursa Malaysia as the Integrated Management System. This process ensures that product and service quality as well as environment performance comply with international standards and are continually improved. In 2010, Bursa Malaysia was recertified by SIRIM following the completion of a three-year certification cycle which commenced in 2007 with Bursa Malaysia's initial certification.
   
4. The Auditor's Independence Policy requires the lead and concurring audit partners to be subject to a five-year rotation with a five-year cooling off period. Planned statutory audit and non-audit services by the External Auditors require prior approval by the AC. A change in the lead audit partner of the External Auditors took place in FY2010 pursuant to this policy. The concurring audit partner was also changed in FY2010 and will be rotated in FY2015.
   
5. The External Auditors are engaged to conduct a limited review of quarterly financial results.
   
   

6. Performance Measurement

1. KPIs, which are based on the CBS approach, are used to measure staff performance.
   
2. Yearly internal and external surveys, via an employee engagement survey and a customer satisfaction survey respectively, are conducted to gauge feedback on effectiveness and efficiency for continuous improvement.
   
   

7. Staff Competency

1. Training and development programmes are established to ensure that staff is kept up to date with the necessary competencies to carry out their responsibilities towards achieving the Group's objectives. A KPI on average learning days per staff is in place to encourage staff learning, growth and knowledge sharing.
   
   

8. Conduct of Staff

1. A Code of Ethics is established for all employees which defines the ethical standards and conduct of work required at Bursa Malaysia.
   
2. Bursa Malaysia has in place a Whistleblower Policy, which forms part of the Code of Ethics, to provide an avenue for staff to report any breach or suspected breach of any law or regulation, including business principles and the Company's policies and guidelines in a safe and confidential manner. The current Policy is being reviewed to enhance effectiveness and is expected to be implemented in the first quarter of 2011.
   
3. A Securities Transaction Policy is established to govern the securities transactions of the Group's staff. The policy prohibits employees from using unpublished price sensitive information obtained during the course of their work for personal gain or for the gain of other persons. Employees (including principal officers) are also not allowed to trade in the securities of Bursa Malaysia during closed period.
   
4. A Corporate Fraud Policy is established to aid in the detection and prevention of fraud and to promote consistent organisational behaviour and practices.
   
5. Segregation of duties is practised whereby conflicting tasks are apportioned between different members of staff to reduce the scope for error and fraud.
   
   

9. Business Continuity Planning

1. A comprehensive BCP, including a DR plan, which is tested annually, is in place to ensure continuity of business operations.
   
   

1. There exists sufficient insurance coverage and physical safeguards on major assets to ensure that assets of the Group are adequately covered against any mishap that could result in material loss. A yearly policy renewal exercise is undertaken in which Management reviews the cover based on the fixed asset inventory and the respective net book values and 'replacement value' i.e. the prevailing market price for the same or similar item, where applicable. The underwriter also assists by conducting a risk assessment, which helps Bursa Malaysia in assessing the adequacy of intended cover.