Statement on Internal Control and Risk Management

The Board of Bursa Malaysia is committed to maintaining a sound internal control and risk management system. Each business unit/functional group has implemented its own control processes under the leadership of the Chief Executive Officer (CEO), who is responsible for good business and regulatory governance. The following statement outlines the nature and scope of the Group’s internal control and risk management in 2013.

BOaRD’S RESPOnSIBILItY

The Board affirms its overall responsibility for the Group’s system of internal control and risk management and for reviewing the adequacy and integrity of the system. The system of internal control covers governance, risk management, financial, strategy, organisational, operational, regulatory and compliance control matters. The Board recognises that this system is designed to manage, rather than eliminate, the risk of not adhering to Group’s policies and achieving goals and objectives. Therefore, the system provides reasonable, but not absolute, assurance against the occurrence of any material misstatement, loss or fraud.

In 2013, the adequacy and effectiveness of internal controls were reviewed by the Audit Committee (AC) in relation to the internal audits conducted by Group Internal Audit (GIA) during the year. Audit issues as well as actions taken by Management to address the issues tabled by GIA were deliberated upon during the AC meetings. Minutes of the AC meetings which recorded these deliberations were presented to the Board.

A Risk Management Committee (RMC) was established and maintained in accordance with Section 22 of the Capital Markets and Services Act 2007 (CMSA) to provide risk oversight as well as ensure prudent risk management of Bursa Malaysia’s business and operations. The RMC via its meetings held in 2013 had reviewed, deliberated upon and provided advice on matters pertaining to the key corporate risks, risk assessment of projects and programmes, operational risks and mitigation measures, as well as enterprise risk management (ERM) activities.

Internal control and risk-related matters which warrant the attention of the Board were recommended by the AC and RMC to the Board for its approval and matters or decisions made within the AC and RMC’s purview were updated to the Board for its notation.

View Pdf