Bursa Malaysia Annual Report 2014

GOVERNANCE

Bursa Malaysia

•

Annual Report 2014

STATEMENT ON INTERNAL CONTROL

AND RISK MANAGEMENT

BOARD’S RESPONSIBILITY

The Board affirms its overall responsibility for the Group’s system of internal

control and risk management and for reviewing the adequacy and integrity of

the system. The system of internal control covers governance, risk management,

financial, strategy, organisational, operational, regulatory and compliance control

matters. The Board recognises that this system is designed to manage, rather

than eliminate, the risks of not adhering to the Group’s policies and achieving

goals and objectives within the risk tolerance established by the Board and

Management. Therefore, the system provides reasonable, but not absolute,

assurance against the occurrence of any material misstatement, loss or fraud.

In 2014, the adequacy and effectiveness of internal controls were reviewed

by the Audit Committee (AC) in relation to the internal audits conducted by

Group Internal Audit (GIA) during the year. Audit issues and actions taken by

Management to address the issues tabled by GIA were deliberated during the AC

meetings. Minutes of the AC meetings which recorded these deliberations were

presented to the Board.

A Risk Management Committee (RMC) was established and maintained in

accordance with Section 22 of the Capital Markets and Services Act 2007

(CMSA) to provide risk oversight and ensure prudent risk management of Bursa

Malaysia’s business and operations. At its meetings in 2014, the RMC reviewed,

deliberated and provided advice on matters pertaining to the key corporate risks,

risk assessment of projects and programmes, operational risks and mitigation

measures, as well as enterprise risk management (ERM) activities.

Internal control and risk-related matters which warranted the attention of the

Board were recommended by the AC and RMC to the Board for its approval and

matters or decisions made within the AC and RMC’s purview were updated to the

Board for its notation.

KEY INTERNAL CONTROL PROCESSES

The Group’s internal control system comprises the following key processes:

1. Separation of Commercial and Regulatory Functions

The Group’s commercial and regulatory functions are segregated to

ensure the proper discharge of Bursa Malaysia’s regulatory duties.

Both these functions operate independently of each other to ensure

that business units are not in a position to unduly influence any

regulatory decision made by the Regulation unit. It is Bursa Malaysia’s

statutory duty to always act in the best interest of the public, with

particular regard for the need to protect investors. Public Interest

Directors are appointed by the Minister of Finance to Bursa Malaysia’s

Board to ensure decisions are made in the public interest.

To this end, regulatory committees have been set up to deliberate

and decide on regulatory matters to ensure Bursa Malaysia upholds

its obligation to safeguard the public interest. These committees,

apart from Board members, comprise independent individuals with

significant and relevant industry experience.

b. Processes are established and set out in the Guidelines for Handling

Conflicts of Interest (COI) to deal with any possible COI which may

arise in the course of Bursa Malaysia performing its commercial or

regulatory role.

2. Authority and Responsibility

Certain responsibilities are delegated to Board Committees through

clearly defined Terms of Reference (ToR) which are reviewed annually.

b. The Authority Limits Document is reviewed periodically to reflect the

authority and authorisation limits of Management in all aspects of

Bursa Malaysia’s major business operations and regulatory functions.

The Group’s Management Governance Framework, comprising two

committees for the governance function and three committees for the

business operations function, has clearly defined ToR to enable good

business and regulatory governance.

3. Planning, Monitoring and Reporting

An annual planning and budgetary exercise is undertaken requiring all

divisions to prepare business plans and budgets for the forthcoming

year. These are deliberated and approved by the Board before

implementation.

b. The Board is updated on the Group’s performance at scheduled

meetings. The Group’s business plan and budget performance for

the year are reviewed and deliberated by the Board on a half-yearly

basis. Financial performance variances are presented to the Board on

a quarterly basis.

There is a regular and comprehensive flow of information to the

Board and Management on all aspects of the Group’s operations to

facilitate the monitoring of performance against the Group’s corporate

strategy, business and regulatory plans. The Board also reviews and

approves the Annual Regulatory Report, which informs the Securities

Commission (SC), under Section 16 of the CMSA, of the extent to which

Bursa Malaysia and its subsidiaries have complied with their duties

and obligations under Sections 11 and 21 of the CMSA.

The Board of Directors of Bursa Malaysia is committed to maintaining a sound internal control

and risk management system. Each business unit or functional group has implemented its own

control processes under the leadership of the Chief Executive Officer (CEO), who is responsible

for good business and regulatory governance. The following statement outlines the nature and

scope of the Group’s internal control and risk management in 2014.