Annual Report 2012
Audit Committee Report

AUDIT COMMITTEE REPORT

 
The Board presents the Audit Committee Report to provide insight on the discharge of the Audit Committee's functions for the Group in 2012.
 
COMPOSITION AND ATTENDANCE

The Audit Committee (AC) comprises five members, all of whom are Non-Executive Directors (NEDs), four being Independent NEDs and one a Public Interest Director (PID) who also satisfies the test of independence under the Main Market Listing Requirements (MMLR). This meets the requirements of paragraph 15.09(1)(b) of the MMLR. The AC members and their attendance records are provided in the Corporate Governance Statement.

The AC Chairman, Tan Sri Datuk Dr. Abdul Samad bin Haji Alias, is a Fellow of the Institute of Chartered Accountants, Australia, a member of the Malaysian Institute of Accountants (MIA) and a member of the Malaysian Institute of Certified Public Accountants (MICPA). Accordingly, Bursa Malaysia complies with paragraph 15.09(1)(c)(i) of the MMLR.

The Board reviews annually the terms of office of the AC members. The Board also assesses the performance of the AC and its members through an annual Board Committee effectiveness evaluation and is satisfied that they are able to discharge their functions, duties and responsibilities in accordance with the Terms of Reference (TOR) of the AC which are available on Bursa Malaysia's website, thereby supporting the Board in ensuring appropriate Corporate Governance (CG) standards within the Group.
 
MEETINGS

The AC held five meetings in 2012 without the presence of other Directors and employees, except when their attendance were requested by the AC. The CEO was invited to all AC meetings to facilitate direct communication and to provide clarification on audit issues and the operations of the Group. The Chief Internal Auditor (CIA) and Departmental Heads of the respective Group Internal Audit (GIA) functions were present at all AC meetings to table the respective Internal Audit (IA) reports. Relevant Management of the audit subjects were invited to brief the AC on specific issues arising from relevant audit reports.

As part of the AC's efforts to ensure reliability of Bursa Malaysia's quarterly financial statements and compliance with applicable Financial Reporting Standards (FRS), External Auditors were engaged to conduct a limited review of Bursa Malaysia's quarterly financial statements before these were presented to the AC for review and recommendation for the Board's approval and adoption. In this respect, the lead audit engagement partner of the External Auditors responsible for the Group attended four AC meetings in 2012 to present the auditors' report on the annual audited financial statements for 2011 as well as the auditors' review reports on the unaudited quarterly financial statements together with the cumulative quarters for 2012.

The AC met with the External Auditors once in 2012 without the presence of the CEO/Executive Director, Management or Internal Auditors. At this meeting, the AC enquired about Management's cooperation with the External Auditors, sharing of information and proficiency and adequacy of resources in financial reporting functions, particularly in relation to the applicable FRS. During the AC meetings, the External Auditors were invited to raise any matter they considered important for the AC's attention. The AC Chairman obtained confirmation from the External Auditors that the Management had given its full support and unrestricted access to information as required by the External Auditors to perform their duties.

In addition to the meeting held between the AC and the External Auditors without the presence of Management, the AC members also gave unrestricted access to the External Auditors to contact them at any time should they become aware of incidents or matters in the course of their audits or reviews.

Deliberations during the AC meetings, including the issues tabled and rationale adopted for decisions, were recorded. Minutes of the AC meetings were tabled for confirmation at the following AC meeting and subsequently presented to the Board for notation. In 2012, the AC Chairman presented the recommendations of the Committee to the Board for approval of the annual and quarterly financial statements as well as declaration of dividends. The AC Chairman also conveyed to the Board matters of significant concern as and when raised by the External Auditors or Internal Auditors.
 
SUMMARY OF ACTIVITIES

The AC's activities during 2012 encompassed the following:

  1. Financial Reporting

    1. In overseeing Bursa Malaysia's financial reporting, the AC reviewed the quarterly financial statements for the fourth quarter of 2011 and the annual audited financial statements of 2011 at its meeting on 3 February 2012. The quarterly financial statements for the first, second and third quarters of 2012 which were prepared in compliance with the Malaysian Financial Reporting Standards (MFRS) 134: Interim Financial Reporting, International Accounting Standards (IAS) 34: Interim Financial Reporting and paragraph 9.22, including Appendix 9B of the MMLR, were reviewed at the AC meetings on 17 April 2012, 16 July 2012 and 16 October 2012 respectively. On 29 January 2013, the AC reviewed the quarterly financial statements for the fourth quarter of 2012 and the annual audited financial statements for 2012. The AC's recommendations were presented at the respective Board meetings held subsequently for approval.

    2. To safeguard the integrity of information, the CFO had, on 13 April 2012, 12 July 2012, 12 October 2012 and 21 January 2013, given assurance to the AC that adequate processes and controls were in place for an effective and efficient financial statements close process in the preparation of the quarterly financial statements of 2012, and that appropriate accounting policies had been adopted and applied consistently to give a true and fair view of the state of affairs of the Group.

    3. On 3 February 2012, the CFO presented for the AC's approval the proposed audit and non-audit services to be provided by the External Auditors for 2012 (Annual Plan 2012) in accordance with the Auditor Independence Policy.

    4. The CFO also presented to the AC for its review the impact of the proposed changes and options available arising from the one-off transition from the FRS framework to the MFRS framework for annual periods beginning on or after 1 January 2012.

  2. External Audit

    1. The AC deliberated the External Auditors' report at its meeting on 3 February 2012 with regard to the relevant disclosures in the annual audited financial statements for 2011. The AC also considered suggestions for improvement in the accounting procedures and internal control measures.

    2. On 3 February 2012, the AC reviewed the list of services in the Annual Plan 2012 which comprises non-recurring and recurring non-audit services that may be provided by the External Auditors, such as ad-hoc tax advisory in the course of undertaking business initiatives, tax compliance and limited review of quarterly financial statements, and was satisfied that they will not impair the independence of the External Auditors. The non-recurring non-audit services provided by the External Auditors in 2012 were tax estimation.

    3. Bursa Malaysia has in place the Auditor Independence Policy which requires the lead and concurring audit engagement partners of Bursa Malaysia Group to be subject to a five-year cooling-off period. Mr. Chan Hooi Lam became the lead audit engagement partner in 2010 and would be rotated in 2015, whilst Ms. Gloria Goh became the concurring audit engagement partner in 2011 and would be rotated in 2016.

      4. In this respect, the AC carries out an annual review of the performance of the External Auditors, including assessment of their independence in the performance of their obligations as External Auditors. For 2012, the AC was satisfied with the External Auditors' technical competency and independence, based on its annual evaluation of their performance, and with the reasonableness of their audit fees. With that, the AC further recommended for the Board's approval the reappointment of the External Auditors in respect of 2012.

    4. On 16 October 2012, the AC reviewed the External Auditors' 2012 Audit Plan outlining their scope of work and proposed fees for the statutory audit and review of the Internal Control Statement for 2012. The AC further resolved to recommend the proposed fees to the Board for approval.

    5. On 29 January 2013, the performance of the external audit function was reviewed and assessed by the AC. Feedback on the conduct of the external audit was obtained from the Management.

      The External Auditors had provided written assurance on 29 Jan 2013 to the AC that they were and had been, independent throughout the conduct of the audit engagement for 2012 in accordance with terms of all relevant professional and regulatory requirements.

      Being satisfied with the performance of the External Auditors, the AC recommended their reappointment for 2013.

  3. Internal Audit

    1. The GIA conducted the audit activities as planned in the 2012 Audit Plan approved by the AC on 21 November 2011. The CIA presented the GIA's reports at every AC meeting during the year which reports on the status and progress of IA assignments, including summaries of the audit reports issued, audit recommendations provided by the Internal Auditors and Management's response to those recommendations. Also presented were the evaluation of system readiness on system development projects, post-implementation reviews of projects, tender evaluations and the monitoring of employees' dealings in securities with reference to the Securities Transaction Policy.

      The CIA reported to the AC on 3 February 2012, 17 April 2012, 12 July 2012 and 15 October 2012 whereas the Head, Support Services Audit and Head, Information Systems and Information Technology (IS/IT) Audit reported to the AC on 22 January 2013 that the controls of processes reviewed which supported the preparation of quarterly financial statements were operating effectively.

    2. At the meeting on 3 February 2012, the AC deliberated on the results of the GIA's 2011 Balanced Scorecard and Key Performance Indicators (KPIs). The GIA's 2012 Balanced Scorecard and KPIs were considered and approved on 17 April 2012.

    3. At the meeting on 17 April 2012, the AC reviewed the results of the GIA's Customer Satisfaction Survey for 2011, which included an analysis of IA's strengths and weaknesses and action plans to improve audit services to IA's customers. The results indicated that IA's customers were generally satisfied with the performance of the IA function.

    4. On 17 April 2012, the CIA presented the post-mortem report for the Annual IA Plan of 2011 which provided an overall indication of the adequacy and effectiveness of controls implemented within the Group to mitigate its key risks.

    5. At the same meeting on 17 April 2012, the AC approved the GIA's training plan for 2012 which was based on the training needs analysis conducted by the GIA. The training budget was also considered for its implementation to strengthen the development of GIA with the necessary knowledge, skills and expertise in the face of changes in technology, business and regulatory requirements.

    6. At the meeting on 26 November 2012, the AC considered the adequacy of scope and comprehensive coverage of the Group's activities and approved the IA's Annual Audit Plan for 2013.

    7. On 26 November 2012 and 29 January 2013, the AC reviewed the annual Internal Control Statement and the Risk Management Statement for publication in the 2012 Annual Report.

    8. The Share Grant Plan (SGP) of Bursa Malaysia comprises two components, namely the Restricted Share Plan (RSP) for employees of Grade 5 and above and the Performance Share Plan (PSP) for key Management personnel in addition to their RSP. At the meeting on 16 October 2012, the AC reviewed the verification exercise conducted by the GIA on the following:

      1. the award of shares in Bursa Malaysia (Plan Shares) to eligible employees of the Group on 2 July 2012 for the 2012 RSP Grant based on their job grades and performance ratings for 2011;

      2. the vesting of Plan Shares for the 2011 RSP Grant on 16 July 2012; and

      3. the award of Plan Shares to selected executives of the Group on 2 May 2012 for the 2011 and 2012 PSP Grants based on performance targets for the periods 2011 to 2013 and 2012 to 2014 respectively.

      This verification exercise is to ensure that the award of shares under the SGP complied with the criteria as approved by the Nomination and Remuneration Committee pursuant to paragraph 8.17 of the MMLR.
 
INTERNAL AUDIT FUNCTION

The purpose of the IA function is to provide the Board, through the AC, with reasonable assurance of the effectiveness of the system of internal control in the Group.

The GIA was led by the CIA, who reported directly to the AC during the financial year 2012. The GIA comprises four departments, i.e. Operations Audit, Support Services Audit, Information System and Information Technology (IS/IT) Audit and Project & Tender Review, with three Internal Auditors under each department, i.e. the Departmental Head and two auditors, totaling 12 auditors. To ensure that the responsibilities of the GIA are fully discharged, the AC reviews the adequacy of the scope, functions and resources of the IA function as well as the competency of the Internal Auditors. A new CIA will be appointed to replace the previous CIA, Dr. Badrul Hisham Mohd. Yusoff, who resigned with effect from 1 January 2013. The AC is satisfied with the qualification and experience of the Internal Auditors in carrying out the internal audit function for the Group as guided by the International Standards for the Professional Practice of Internal Auditing.

The Internal Auditors also highlighted to the Management Risk and Audit Committee (MRAC) audit findings which required follow-up action by Management as well as outstanding audit issues which required corrective action to ensure an adequate and effective internal control system within the Group. The MRAC, which is a management committee under the Group's Management Governance Framework, reviews reports from the Internal Auditors, External Auditors and Securities Commission for the purpose of assessing the adequacy and integrity of the system of internal control of the Group. The MRAC held four meetings in 2012.

The work of the IA function is carried out through a programme of regular reviews and assessments based on the Annual IA Plan. In 2012, a risk-based approach was adopted. The selection of audit assignments took into consideration the risk profiles of each division which were also mapped to the Corporate Risk Profile approved by the Board.
The main activities of the IA function include:
  1. Performing operational/support services audits on the following areas:

    1. Core Business and support services functions of the Group;

    2. Quarterly stock count of Central Depository System (CDS) scrip maintained by Bursa Malaysia Depository;

    3. System administration and support;

    4. Review of compliance with the Group's Guidelines for Handling Conflict of Interest (COI), where conflict may exist between the interest of the Group, and the proper performance of its regulatory duties; and

    5. Review of processes of the relevant business units/functional groups which have a bearing on the financial information of Bursa Malaysia and for the purpose of ensuring reliability and integrity of such information.

  2. Performing IS/IT audits on the following areas:

    1. Facilities management functions supporting the core application systems of the Group;

    2. IT project management of the Group;

    3. Systems development and maintenance of core application systems of the Group; and

    4. IT related functions supported by third party vendors.

  3. Providing assurance and performing compliance reviews for:

    1. Tenders and significant procurement exercises;

    2. System Readiness reviews on key system development projects and post-implementation of the projects;

    3. Monitoring employees' compliance with the Securities Transaction Policy; and

    4. Undertaking investigation into any suspicion of fraud or reported operational failures within the Group.

The results of the audits provided in the IA reports were reviewed by the AC. The relevant Management of the specific audit subject was made responsible for ensuring that corrective actions on reported weaknesses were taken within the required timeframe. The GIA conducted follow-up audits to ensure that Management's corrective action was implemented appropriately. In this respect, the IA has added value by improving the control processes within the Group.

All IA activities in 2012 were conducted by the in-house audit team. No area of the IA function was outsourced. The total costs incurred by GIA in discharging its functions and responsibilities in 2012 amounted to RM2,753,614 compared to RM2,553,045 in 2011.