Internal Control Statement

The Board is committed to maintaining a sound system of internal control in the Group and is pleased to provide the following statement, which outlines the nature and scope of internal control of the Group during the FY2008.

BOARD RESPONSIBILITY

The Board affirms its overall responsibility for the Group's systems of internal control and risk management, and for reviewing the adequacy and integrity of those systems. The system of internal control covers inter alia, governance, risk management, financial, organisational, operational and compliance control. However, the Board recognises that this system is designed to manage, rather than eliminate the risk of non-achievement of the Group's objectives. It, therefore, provides reasonable, but not absolute, assurance against the occurrence of any material misstatement, loss and fraud.

RISK MANAGEMENT

Risk management is firmly embedded in the Group's management systems. To manage our risk taking activities and ensure that they are aligned with our strategic objectives, our shareholders' expectations and regulatory requirements, Bursa Malaysia has in place an enterprise wide risk management framework to measure, assess, aggregate and manage risks across the organisation. Bursa Malaysia strongly believes that risk management is vital for continued profitability and enhancement of shareholder value. Further information on the Group's risk management activities is highlighted in the Risk Management Statement on pages 69 to 71.

KEY INTERNAL CONTROL PROCESSES

The Group's internal control system encompasses the following key control processes:

a. segregation of the Group's regulatory and commercial functions to ensure proper discharge of its regulatory duties;

b. processes have been established and documented to deal with any possible COI which may arise in the course of Bursa Malaysia performing its commercial as well as regulatory role;

c. delegation of responsibilities to Board Committees through clearly defined TOR;

d. an ALD outlining the authority and authorisation limits for management in all aspects of its major business operations;

e. up to date and formalised documented internal policies, standards and procedures are in place to ensure compliance to internal controls and relevant laws and regulations. Yearly audits by SIRIM in relation to the ISO 9001:2000 Quality Management System (ISO 9001) where document management system is one of the key requirements, as well as audits by the Group IA, facilitate in keeping policies, standards and procedures current;

f. segregation of duties, whereby conflicting tasks are apportioned between different members of staff, to reduce the scope for error and fraud;