Annual Report 2011
Internal Control Statement

Internal Control Statement

 
The Board is committed to maintaining a sound system of internal control in the Group. The control processes were implemented by the respective units/functional groups under the leadership of the CEO who is responsible for good business and regulatory governance. The following statement outlines the nature and scope of the Group’s internal control system during 2011.
 
BOARD RESPONSIBILITY

The Board affirms its overall responsibility for the Group’s system of internal control and risk management and for reviewing the adequacy and integrity of the system. The system of internal control covers inter alia, governance, risk management, financial, organisational, operational and compliance control. However, the Board recognises that this system is designed to manage, rather than eliminate, the risk of non-achievement of the Group’s policies, goals and objectives. Therefore, the system provides reasonable, but not absolute, assurance against the occurrence of any material mis-statement, loss or fraud.
 
RISK MANAGEMENT

Risk management is firmly embedded in the Group's management systems. To manage risk-taking activities and ensure they are aligned with the Group’s strategic objectives and regulatory requirements, Bursa Malaysia has implemented an enterprise-wide risk-management framework to identify, measure, assess and manage risks faced by the Group. Bursa Malaysia also has an automated system to support the establishment and implementation of its enterprise risk-management process. Bursa Malaysia strongly believes that risk management is vital for continued profitability and enhancement of shareholder value. Further information on the Group's risk management governance structure and activities are highlighted in the Risk Management Statement on pages 84 to 85 of this Annual Report.
 
KEY INTERNAL CONTROL PROCESSES

The Group’s internal control system encompasses the following key processes:

  1. Separation of Commercial and Regulatory Functions

    1. The Group’s regulatory and commercial functions are segregated to ensure the proper discharge of Bursa Malaysia’s regulatory duties. It is Bursa Malaysia’s statutory duty to always act in the public interest, having particular regard to the need for protection of investors. Accordingly, public interest prevails in the event Bursa Malaysia’s own interest, or any interest that it is required to serve under any law relating to corporations, conflicts with the public interest. Four PIDs are appointed by the Minister of Finance to Bursa Malaysia’s Board to ensure decisions are made in the public interest.

    2. Processes are established and set out in the Guidelines for Handling Conflicts of Interest (COI) to deal with any possible COI which may arise in the course of Bursa Malaysia performing its commercial or regulatory role. The types of COI managed by the Guidelines for Handling COI are:

      • COI or potential COI where Bursa Malaysia or its subsidiaries make regulatory decisions involving listed issuers, market participants or advisers/sponsors with whom Bursa Malaysia or its subsidiaries have a commercial or competitive relationship;
      • COI or potential COI where Bursa Malaysia makes a business decision which may have an adverse impact on the performance of its regulatory duties; and
      • Conflicts arising from the interest (direct or indirect) of a director, member or major shareholder or person connected with such director, member or major shareholder in a transaction proposed to be entered into, or action/decision to be taken, by Bursa Malaysia or its subsidiaries.

  2. Authority and Responsibility

    1. Certain responsibilities are delegated to Board Committees through clearly defined Terms of Reference (TOR) which are reviewed annually.

    2. The Authority Limits Documents is reviewed from time to time to reflect the authority and authorisation limits for management in all aspects of Bursa Malaysia’s major business operations and regulatory functions.

    3. The Group’s Management Governance Framework which comprises two committees for governance function, and three committees for business operations function, was established on 25 May 2011 to enable good business and regulatory governance. It is set out on page 93 of this Report.

  3. Planning, Monitoring and Reporting

    1. An annual planning and budgetary exercise is undertaken requiring all divisions to prepare business plans and budgets for the forthcoming year, which are deliberated upon and approved by the Board before implementation.

    2. Monthly monitoring and half-yearly reviews of the Group’s performance against budgets with any major variances explained are deliberated by the Board.

    3. There is a regular and comprehensive flow of information to the Board and Management on all aspects of the Group’s operations to facilitate the monitoring of performance against the Group’s corporate strategy, business and regulatory plans. The Board also reviews and approves the Annual Regulatory Report, aimed at reporting to the SC under Section 16 of the CMSA the extent to which Bursa Malaysia and its subsidiaries have complied with their duties and obligations under Sections 11 and 21 of the CMSA.

    4. The CFO is required to give assurance to the Audit Committee (AC) that adequate processes and controls are in place for an effective and efficient financial statements close process in the preparation of each quarterly financial statements, including consolidated condensed financial statements, and that appropriate accounting policies are adopted and applied consistently to give a true and fair view of the state of affairs of the Group and comply with the Financial Reporting Standards.

  4. Policies and Procedures

    1. Clear, formalised and documented internal policies, standards and procedures are in place to ensure compliance with internal controls and relevant laws and regulations. Regular reviews are performed to ensure that documentation remains current and relevant. Common Group policies are available on Bursa Malaysia’s intranet for easy access by staff.

    2. For significant system development projects that are meant to support new product launches or intended to enhance existing products, the Group Internal Audit (IA) conducts a System Readiness Review to ensure that all the necessary due processes have been adequately considered and adhered to, prior to any product launching.

  5. Audits

    1. Through its internal audits, the Group IA assesses compliance with policies and procedures as well as relevant laws and regulations. In addition, it examines and evaluates the effectiveness and efficiency of the Group’s internal control system.

    2. Annual on-site regulatory audits are conducted by the SC on the Group’s operations to ensure compliance with its duties and obligations under the CMSA, as well as its policies and procedures.

    3. Yearly audits are carried out by SIRIM QAS International Sdn Bhd in relation to the ISO 9001:2008 Quality Management System (ISO 9001) and ISO 14001:2004 Environment Management System (ISO 14001), collectively known in Bursa Malaysia as the Integrated Management System. This process ensures that product and service quality as well as environment performance comply with international standards and are continuously improved.

    4. The Auditor’s Independence Policy requires the lead and concurring audit partners to be subject to a five-year rotation with a five-year cooling-off period. An annual plan which encompasses planned statutory audit, recurring non-audit services and other anticipated non-audit services by the External Auditors require prior approval by the AC. The AC’s approval is also required for unplanned non-audit services obtained from the current External Auditor

    5. The Group IA is required to conduct an assessment of the internal control system pertaining to the processes of the relevant business units/functional groups which have a bearing on the financial information of Bursa Malaysia, to ensure reliability and integrity of such information. The Chief Internal Auditor (CIA) is required to confirm whether the controls of processes which support the preparation of financial statements are operating effectively.

    6. The External Auditors are engaged to conduct a limited review of quarterly financial results.

  6. Performance Measurement

    1. KPIs, which are based on the Corporate Balance Scorecard approach, are used to measure staff performance.

    2. Yearly internal and external surveys, via an employeeengagement survey and a customer-satisfaction survey respectively, are conducted to gauge feedback on the effectiveness and efficiency of stakeholder engagement for continuous improvement.

  7. Staff Competency

    1. Training and development programmes are conducted to ensure that staff are kept up to date with the necessary competencies to carry out their respective duties towards achieving the Group’s objectives. A KPI on average learning days per staff is in place to encourage staff learning, growth and knowledge-sharing.

  8. Conduct of Staff

    1. A Code of Ethics is established for all employees, which defines the ethical standards and conduct of work required at Bursa Malaysia.

    2. In light of Malaysia’s Whistleblower Protection Act 2010 which came into effect on 15 December 2010, Bursa Malaysia decided to embrace a standalone Whistleblower Policy and Procedures (WPP) to provide an avenue for staff or any external parties to report any breach or suspected breach of any law or regulation, including business principles and the Company’s policies and guidelines in a safe and confidential manner. The WPP, which was approved by the Board on 22 November 2011, serves as an anti-fraud programme or internal control mechanism to mitigate the risk of fraud and to improve corporate governance by ensuring that any improper conduct committed by any employee will be exposed, when reported, and dealt with appropriately. To avoid any possible COI, the AC is appointed by the Board to oversee the implementation of the WPP and to ensure effective administration thereof by the CIA and/or designated officer(s) of the Group IA. The Senior Independent Non-Executive Director who serves as a fallback point of contact when other channels of communication are inappropriate or inadequate, is designated to receive report(s) made by employees or external parties for the purpose of whistleblowing in accordance with the WPP.

    3. A Securities Transaction Policy is established to govern the securities transactions of the Group’s staff. The policy prohibits employees from using unpublished price-sensitive information obtained during the course of their work for personal gain or for the gain of other persons. Employees (including principal officers) are also not allowed to trade in the securities of Bursa Malaysia during the closed period. The closed period is 30 calender days immediately preceding the announcement of Bursa Malaysia’s annual results and the interim and quarterly reports. In addition, effective January 2012, all employees are required to submit an annual declaration that they have not at any time transacted in securities of Bursa Malaysia or of other listed issuers while they are in possession of price-sensitive information relating to such listed securities.

    4. A Corporate Fraud Policy is established to aid in the detection and prevention of fraud and to promote consistent organisational behaviour and practices.

    5. Segregation of duties is practised whereby conflicting tasks are apportioned between different members of staff to reduce the scope for error and fraud.

  9. Business Continuity Planning

    1. A comprehensive Business Continuity Plan, including a Disaster Recovery plan which is tested annually, is in place to ensure continuity of business operations.

  10. Insurance

    1. There exists sufficient insurance coverage and physical safeguards on major assets to ensure that assets of the Group are adequately covered against any mishap that could result in material loss. A yearly policy-renewal exercise is undertaken in which management reviews the cover based on the fixed-asset inventory and the respective net book values and ‘replacement value’ i.e. the prevailing market price for the same or similar item, where applicable. The underwriter also assists by conducting a risk assessment, which helps Bursa Malaysia in assessing the adequacy of intended cover.
 
REVIEW OF THIS STATEMENT

Pursuant to paragraph 15.23 of the Main Market Listing Requirement s, the External Auditors have reviewed this Statement and the Risk Management Statement for inclusion in the Annual Report for FY2011, and reported to the Board that nothing has come to their attention that causes them to believe that this Statement is inconsistent with their understanding of the process adopted by the Board in reviewing the adequacy and integrity of the system of internal control. Both statements were approved by the Board on 9 February 2012.

Additionally, the Group IA has reviewed this Statement and reported to the AC that, while it has addressed individual lapses in internal controls during the course of its IA assignments for the year, it has not identified any circumstances which suggest any fundamental deficiencies in the system of internal control in the Group.
 
CONCLUSION

The Board is of the view that the system of internal control in place for the year under review, and up to the date of approval of this Statement, is sound and sufficient to safeguard the shareholders’ investment, the interests of customers, regulators, employees and other stakeholders, and the Group’s assets.