Internal Control Statement
|
The Board is committed to maintaining a sound system of internal control in the Group. The following
statement outlines the nature and scope of internal control within the Group during the FY2010. |
|
Board Responsibility
|
The Board affirms its overall responsibility for the Group's systems of internal
control and risk management, and for reviewing the adequacy and integrity of
those systems. The system of internal control covers inter alia, governance,
risk management, financial, organisational, operational and compliance
control. However, the Board recognises that this system is designed to
manage, rather than eliminate the risk of non-achievement of the Group's
policies, goals and objectives. Therefore, the system provides reasonable, but
not absolute, assurance against the occurrence of any material misstatement,
loss and fraud.
|
Risk Management
|
Risk management is firmly embedded in the Group's management systems. To
manage our risk taking activities and ensure they are aligned with our strategic
objectives, our shareholders' expectations and regulatory requirements, Bursa
Malaysia has implemented an enterprise wide risk management framework
to measure, assess, aggregate and manage risks across the organisation.
Bursa Malaysia strongly believes that risk management is vital for continued
profitability and enhancement of shareholder value. Further information on
the Group's risk management activities is highlighted in the Risk Management
Statement on pages 74 to 75 of the Annual Report.
|
Key Internal Control Processes
|
The Group's internal control system encompasses the following key control
processes:
- Separation of Commercial and Regulatory Functions
-
The Group's regulatory and commercial functions are segregated
to ensure the proper discharge of Bursa Malaysia's regulatory
duties. It is Bursa Malaysia's statutory duty to always act in the
public interest, having particular regard to the need for protection
of investors. Accordingly, public interest prevails in the event Bursa
Malaysia's own interest, or any interest that it is required to serve
under any law relating to corporations, conflicts with the public
interest. Four PIDs are appointed by MOF to Bursa Malaysia's Board
of Directors to act in the public interest.
-
Processes are established and set out in the Guidelines for
Handling Conflict of Interest (Guidelines) to deal with any possible
COI which may arise in the course of Bursa Malaysia performing
its commercial or its regulatory role. The types of COI that are
managed by the Guidelines are:
- COI or potential COI where Bursa Malaysia or its subsidiaries
make regulatory decisions involving listed issuers, market
participants or advisers/sponsors with whom Bursa Malaysia
or its subsidiaries have a commercial or competitive
relationship;
- COI or potential COI where Bursa Malaysia makes a
business decision which may have an adverse impact on the
performance of its regulatory duties; and
- Conflicts arising from the interest (direct or indirect) of a
director, member or major shareholder or person connected
with such director, member or major shareholder in a
transaction proposed to be entered into or action/decision to
be taken by Bursa Malaysia or its subsidiaries.
|
- Authority and Responsibility
-
Certain responsibilities are delegated to Board Committees through
clearly defined TOR which are annually reviewed.
-
The ALD is reviewed from time to time to reflect the authority
and authorisation limits for management in all aspects of Bursa
Malaysia's major business operations and regulatory functions.
|
- Planning, Monitoring and Reporting
-
An annual planning and budgetary exercise is undertaken requiring
all divisions to prepare business plans and budgets for the
forthcoming year, which are deliberated upon and approved by the
Board before implementation.
-
Monthly monitoring and half-yearly review of the Group's
performance against budgets with any major variances are
deliberated by the Board.
-
There is a regular and comprehensive flow of information to the
Board and Management on all aspects of the Group's operations,
to facilitate the monitoring of performance against the Group's
corporate strategy, business and regulatory plans. The Board also
reviews and approves the Annual Regulatory Report, which is aimed
at reporting to the SC under Section 16 of the CSMA the extent to
which Bursa Malaysia and its subsidiaries have complied with their
duties and obligations under Sections 11 and 21 of the CMSA.
|
- Policies and Procedures
-
Clear, formalised and documented internal policies, standards and
procedures are in place to ensure compliance with internal controls
and relevant laws and regulations. Regular reviews are performed to
ensure that documentation remains current and relevant. Common
Group policies are available on Bursa's Malaysia's intranet for easy
access by staff.
-
For significant system development projects that are meant to
support new product launches or intended to enhance existing
products, Group IA conducts a System Readiness Review to
ensure that all the necessary due processes have been adequately
considered and adhered to prior to the product launching.
|
- Audits
-
Through its internal audits, Group IA assesses compliance with
policies and procedures as well as relevant laws and regulations. In
addition, it examines and evaluates the effectiveness and efficiency
of the Group's internal control system.
-
Annual on-site regulatory audits are conducted by the SC on
the Group's operations to ensure compliance with its duties and
obligations under the CMSA, as well as its policies and procedures.
-
Yearly audits are carried out by the SIRIM in relation to the ISO
9001:2008 Quality Management System (ISO 9001) and ISO
14001:2004 Environment Management System (ISO 14001),
collectively known in Bursa Malaysia as the Integrated Management
System. This process ensures that product and service quality
as well as environment performance comply with international
standards and are continually improved. In 2010, Bursa Malaysia
was recertified by SIRIM following the completion of a three-year
certification cycle which commenced in 2007 with Bursa Malaysia's
initial certification.
-
The Auditor's Independence Policy requires the lead and concurring
audit partners to be subject to a five-year rotation with a five-year
cooling off period. Planned statutory audit and non-audit services
by the External Auditors require prior approval by the AC. A change
in the lead audit partner of the External Auditors took place in
FY2010 pursuant to this policy. The concurring audit partner was
also changed in FY2010 and will be rotated in FY2015.
-
The External Auditors are engaged to conduct a limited review of
quarterly financial results.
|
- Performance Measurement
-
KPIs, which are based on the CBS approach, are used to measure
staff performance.
-
Yearly internal and external surveys, via an employee engagement
survey and a customer satisfaction survey respectively, are
conducted to gauge feedback on effectiveness and efficiency for
continuous improvement.
|
- Staff Competency
-
Training and development programmes are established to ensure
that staff is kept up to date with the necessary competencies to
carry out their responsibilities towards achieving the Group's
objectives. A KPI on average learning days per staff is in place to
encourage staff learning, growth and knowledge sharing.
|
- Conduct of Staff
-
A Code of Ethics is established for all employees which defines the
ethical standards and conduct of work required at Bursa Malaysia.
-
Bursa Malaysia has in place a Whistleblower Policy, which forms
part of the Code of Ethics, to provide an avenue for staff to report
any breach or suspected breach of any law or regulation, including
business principles and the Company's policies and guidelines in a
safe and confidential manner. The current Policy is being reviewed
to enhance effectiveness and is expected to be implemented in the
first quarter of 2011.
-
A Securities Transaction Policy is established to govern the
securities transactions of the Group's staff. The policy prohibits
employees from using unpublished price sensitive information
obtained during the course of their work for personal gain or for the
gain of other persons. Employees (including principal officers) are
also not allowed to trade in the securities of Bursa Malaysia during
closed period.
-
A Corporate Fraud Policy is established to aid in the detection
and prevention of fraud and to promote consistent organisational
behaviour and practices.
-
Segregation of duties is practised whereby conflicting tasks are
apportioned between different members of staff to reduce the
scope for error and fraud.
|
- Business Continuity Planning
-
A comprehensive BCP, including a DR plan, which is tested annually,
is in place to ensure continuity of business operations.
|
-
There exists sufficient insurance coverage and physical
safeguards on major assets to ensure that assets of the Group
are adequately covered against any mishap that could result in
material loss. A yearly policy renewal exercise is undertaken in
which Management reviews the cover based on the fixed asset
inventory and the respective net book values and 'replacement
value' i.e. the prevailing market price for the same or similar item,
where applicable. The underwriter also assists by conducting a
risk assessment, which helps Bursa Malaysia in assessing the
adequacy of intended cover.
|
Review of this Statement
|
Pursuant to paragraph 15.23 of the MMLR, the External Auditors have
reviewed this Statement and the Risk Management Statement for inclusion
in the Annual Report for FY2010, and reported to the Board that nothing has
come to their attention that causes them to believe that this Statement is
inconsistent with their understanding of the process adopted by the Board in
reviewing the adequacy and integrity of the system of internal controls. Both
statements were approved by the Board on 27 January 2011.
Additionally, Group IA has reviewed this Statement and reported to the AC that,
while it has addressed individual lapses in internal controls during the course
of its IA assignments for the year, it has not identified any circumstances
which suggest any fundamental deficiencies in the system of internal controls
in the Group.
|
Conclusion
|
The Board is of the view that the system of internal controls in place for the
year under review and up to the date of approval of this statement is sound
and sufficient to safeguard the shareholders' investment, the interests of
customers, regulators and employees, and the Group's assets.
|