GOVERNANCE

Bursa Malaysia

•

Annual Report 2014

77

Being satisfied with EY’s performance, technical competency and

audit independence as well as fulfilment of the criteria as set out in

the Auditor Independence Policy, the AC recommended to the Board

for approval of the appointment of EY as External Auditors for the

financial year ending 31 December 2015, with the rotation of the audit

engagement partner.

3. Internal Audit

a.

The GIA team conducted the audit activities as per the 2014 Risk-

Based Audit Plan approved by the AC on 19 November 2013. The

Head of GIA and departmental heads of the respective GIA functions

presented the GIA’s reports at every AC meeting during the year. The

reports contain:

• The status and progress of IA assignments including summaries

of the audit reports issued;

• Audit recommendations provided by the Internal Auditors; and

• Management’s responses to those recommendations.

b. During AC Meetings in 2014, GIA gave assurance to the AC via

Representation Letters that there was no material issue or major

deficiency noted that posed a high risk to the overall system of internal

control over derivatives clearing fees, brokers service fees, securities

clearing fees and listing fees.

c.

The 2014 Risk-Based Audit Plan is reviewed on a half-yearly basis or

as required to reflect the changing risk landscape of the organisation

and industry. A total of 46 audit engagements were completed in 2014,

categorised as follows:

i.

The nature of the categories of engagements was as follows:

• Strategic and Operational Audits – Audits of core operations and

support services within Bursa Malaysia;

• IT Audits – Information Security/Information Technology related

audits;

• Projects Assurance Reviews – System Readiness Reviews,

Implementation Reviews or Post Implementation Reviews;

• Advisory Services – Consulting services as agreed with

Management to add value and improve Bursa Malaysia’s

governance, risk management and control processes; and

• Compliance – Audits in relation to internal policies and

procedures, and external rules and regulations.

ii.

GIA’s scope of audit engagements is aligned with Bursa Malaysia’s

‘Top 10 risks’ in the Corporate Risk Profile 2014 and its key strategic

initiatives. The identified key audit areas/portfolios in 2014 covered

the following:

• Islamic and Alternative Markets

• Securities Market

• Regulation

• Market Operations

• Review on critical systems and their disaster recovery process –

Trading, Depository and Clearing

• IT Security

• Functional – Human Resources, Corporate Services, and

Compliance

d.

Effective January 2014, GIA incorporated a quantitative assessment to

assign audit ratings for audit reports. The methodology is based on the

Committee of Sponsoring Organizations of the Treadway Commission

(COSO)’s Internal Control framework to provide amore objective assignment

of audit ratings. The strengths of the controls are assessed against the

criteria set out in the five inter-related control elements of the COSO model.

e.

In the effort to establish rapport and partnership, GIA continuously engages

with ASEAN and Asia Pacific regional exchanges. These engagements are

undertaken for benchmarking and knowledge-sharing in governance, risk

management and controls. As part of the initiative, a knowledge-sharing

session was conducted in 2014 with the stock exchange of a developing

country in ASEAN.

f.

At the meeting on 27 January 2014, the AC deliberated the GIA's 2013

Balanced Scorecard and Key Performance Indicators (KPIs) which recorded

‘Exceed Target’ from the four categories of KPI measurement; while the

other three categories were ‘Minimum-on-Target’, ‘Target’ and ‘Stretch’.

The GIA’s 2014 Balanced Scorecard and KPIs were considered and

approved on 14 April 2014.

g.

At the meeting on 14 April 2014, the AC reviewed the results of GIA’s

Customer Satisfaction Survey for 2013, which included an analysis of

IA’s strengths, weaknesses and action plans to improve audit services to

GIA’s customers. The results indicated that GIA’s customers were generally

satisfied with the performance of the IA function.

h.

On 14 April 2014, GIA presented the Audit Activities Summary for the

2013 audits which indicated the adequacy and effectiveness of controls

implemented within the Group to mitigate its key risks.

i.

During the same meeting, the AC deliberated and approved GIA's proposals

to enhance the Audit Charter in line with the current standards for risk-

based Professional Practice of Internal Auditing and to reflect the changes

to the IA practice on auditing.

Strategic and

Operational Audits

IT Audits

Projects

Assurance Reviews

Advisory Services

Compliance

26% 9% 2%

30%

33%

AUDIT COMMITTEE REPORT