Bursa Malaysia • Annual Report 2013
65
Governance
Statement on Internal Control and
Risk Management
BOARD’S RESPONSIBILITY
The Board affirms its overall responsibility for the Group’s system of internal
control and risk management and for reviewing the adequacy and integrity of
the system. The system of internal control covers governance, risk management,
financial, strategy, organisational, operational, regulatory and compliance control
matters. The Board recognises that this system is designed to manage, rather
than eliminate, the risk of not adhering to Group’s policies and achieving goals
and objectives. Therefore, the system provides reasonable, but not absolute,
assurance against the occurrence of any material misstatement, loss or fraud.
In 2013, the adequacy and effectiveness of internal controls were reviewed by
the Audit Committee (AC) in relation to the internal audits conducted by Group
Internal Audit (GIA) during the year. Audit issues as well as actions taken by
Management to address the issues tabled by GIA were deliberated upon during
the AC meetings. Minutes of the AC meetings which recorded these deliberations
were presented to the Board.
A Risk Management Committee (RMC) was established and maintained in
accordance with Section 22 of the Capital Markets and Services Act 2007 (CMSA)
to provide risk oversight as well as ensure prudent risk management of Bursa
Malaysia’s business and operations. The RMC via its meetings held in 2013 had
reviewed, deliberated upon and provided advice on matters pertaining to the
key corporate risks, risk assessment of projects and programmes, operational
risks and mitigation measures, as well as enterprise risk management (ERM)
activities.
Internal control and risk-related matters which warrant the attention of the Board
were recommended by the AC and RMC to the Board for its approval and matters
or decisions made within the AC and RMC’s purview were updated to the Board
for its notation.
KEY INTERNAL CONTROL PROCESSES
The Group’s internal control system encompasses the following key processes:
1. Separation of Commercial and Regulatory Functions
a.
The Group’s commercial and regulatory functions are segregated to
ensure the proper discharge of Bursa Malaysia’s regulatory duties.
The Board of Bursa Malaysia is committed to maintaining a sound internal control and risk
management system. Each business unit/functional group has implemented its own control
processes under the leadership of the Chief Executive Officer (CEO), who is responsible
for good business and regulatory governance. The following statement outlines the nature
and scope of the Group’s internal control and risk management in 2013.
Both these functions operate independently of each other to ensure
that business units are not in a position to influence any regulatory
decision made by the Regulation unit. It is Bursa Malaysia’s statutory
duty to always act in the public’s best interest, having particular regard
for the need to protect investors. Public Interest Directors (PIDs) are
appointed by the Minister of Finance to Bursa Malaysia’s Board to
ensure decisions are made in the public interest.
Regulatory Committees which have been set up to deliberate and
decide on regulatory matters comprise independent individuals
with significant and relevant industry experience, apart from Board
members, to further ensure Bursa Malaysia upholds its obligation to
safeguard public interest.
b. Processes are established and set out in the Guidelines for Handling
Conflicts of Interest (COI) to deal with any possible COI which may
arise in the course of Bursa Malaysia performing its commercial or
regulatory role.
2. Authority and Responsibility
a.
Certain responsibilities are delegated to Board Committees through
clearly defined Terms of Reference (TOR) which are reviewed annually.
b. The Authority Limits Document is reviewed from time to time to reflect
the authority and authorisation limits of Management in all aspects of
Bursa Malaysia’s major business operations and regulatory functions.
c.
The Group’s Management Governance Framework, comprising two
committees for the governance function and three committees for the
business operations function, has clearly defined TOR to enable good
business and regulatory governance.
3. Planning, Monitoring and Reporting
a.
An annual planning and budgetary exercise is undertaken requiring all
divisions to prepare business plans and budgets for the forthcoming
year. These are deliberated upon and approved by the Board before
implementation.
