Bursa Malaysia Annual Report 2014

GOVERNANCE

Bursa Malaysia

•

Annual Report 2014

The revised Post-Implementation Review (PIR) Framework was presented

to the AC for approval on 14 April 2014.The main purposes of the PIR are to

assess the performance and internal control of key projects undertaken by

Bursa Malaysia and include:

• Ascertaining the achievement of the projects’ intended objectives;

• Reviewing the performance of project management activities;

• Capturing learning points for future improvements; and

• Examining the outputs delivered against the actual needs of the

projects.

On 14 July 2014, GIA presented to the AC the half-yearly updates on its

activities comprising the progress of the 2014 Annual Audit Plan, ad-hoc

assignments and project assurance reviews, GIA manpower planning, GIA’s

key initiatives for 2014, revision of GIA’s organisation chart and its Auditors’

Profile.

A quality assessment review, required at least once every five years, was

carried out on GIA by an external qualified independent assessor, namely

the Institute of Internal Auditors Malaysia (IIAM). The IIAM presented their

External Quality Assessment Report to the AC on 16 October 2014, showing

that GIA achieved the ‘Generally Conforms’ rating for the key elements

of the International Professional Practice Framework promulgated by the

global Institute of Internal Auditors (IIA), out of the three ratings which are

‘Generally Conforms’, ‘Partially Conforms’ and ‘Does Not Conform’.

m. At the same meeting, theAC deliberated and approved the GIA’s 2014-2016

Strategic Plan, which details the expected value drivers to be delivered for

the three years, with a focus on four key strategic areas. International,

professionally-recognised benchmarks i.e. IIA’s IA Capability Model and

the IIA Global Competency Frameworks were also used as references in

preparing the GIA’s 2014-2016 Strategic Plan.

At the meeting on 20 November 2014, the AC considered the adequacy of

scope and coverage of the Group’s activities and approved the GIA’s Annual

Audit Plan for 2015.

On 20 November 2014 and 26 January 2015, the AC reviewed the annual

Statement on Internal Control and Risk Management for publication in the

2014 Annual Report.

The AC on 20 November 2014 reviewed the verification of share grants

under Bursa Malaysia's Share Grant Plan (SGP), which comprises two

components: the Restricted Share Plan (RSP) for employees at Grade E7

and above, and the Performance Share Plan (PSP) for key management

personnel in addition to their RSP. The AC concurred that the award

of shares under the SGP complied with the criteria approved by the

Nomination and Remuneration Committee pursuant to Paragraph 8.17(2)

of the MMLR, which included the following:

• The award of Bursa Malaysia Plan Shares to eligible employees of

the Group on 1 July 2014 for the 2014 RSP Grant based on their job

grades and performance ratings for 2013;

• The vesting of Plan Shares for the 2011, 2012 and 2013 RSP Grants

on 16 July 2014; and

AUDIT COMMITTEE REPORT

• The award of Plan Shares to selected executives of the Group on 1

July 2014 for the 2014 PSP Grant based on performance targets for

the period 2014 to 2016.

INTERNAL AUDIT FUNCTION

GIA’s vision is to become a provider of leading internal audit, risk management and

governance services as well as a strategic business partner to the organisation.

Its mission is to provide independent, objective assurance and consulting services

designed to add value and improve Bursa Malaysia’s operations. By creating value

through its services, GIA can become a partner to business and actively facilitate

transformational change.

The IA functions include providing the Board, through the AC, reasonable assurance of

the effectiveness of the Group’s risk management, control and governance processes.

GIA, which reported functionally to the AC and administratively to the CEO during the

financial year 2014, was led by the Head of GIA.

The GIA comprises four departments: Strategic and Operational Audit, Compliance and

Project Audit, IT Audit and Audit Strategic Planning. To ensure that the responsibilities

of GIA are fully discharged, the AC reviews the adequacy of the scope, functions and

resources of the IA function as well as the competency of the Internal Auditors.

The InternalAuditors also highlighted to theManagement Risk andAudit Committee the

audit findings which required follow-up actions by Management as well as outstanding

audit issues which required corrective actions to ensure an adequate and effective

internal control system within the Group.

The IA activities were carried out based on a risk-based audit plan approved by the AC.

The audit plan took into consideration the Corporate and Divisional Risk Profiles and

input from Senior Management and the AC members. Further, GIA engaged with the

Heads of the Strategic Business Units/Support Functional Units in the development of

the 2014 risk-based audit plan.

The results of the audits in the IA reports were reviewed by the AC. The relevant

Management members were made responsible for ensuring that corrective actions

on reported weaknesses were taken within the required timeframes. GIA conducted

follow-up audits to ensure the corrective actions were implemented appropriately. In

this respect, the IA has added value by improving the control processes within the

Group.

The GIA also leverages on reports received annually from the Chicago Mercantile

Exchange Group's (CME) Independent Service Auditor's Report (McGladery LLP) -

Service Organisation Control 1, on Controls Placed in Operation and Tests of Operating

Effectiveness relevant to the CME Globex Trading, CME Clearport and CME Clearing

Services. These reports are received due to the listing of all of Bursa Malaysia

Derivatives' (BMD) products on CME's Globex Trading Platform. The CME’s auditors

examine and express their opinion on CME’s description of its trade matching and

clearing services system for processing transactions for user entities and the suitability

of the design and operating effectiveness of controls in achieving the related control

objectives. GIA communicates with CME’s auditor for further information if necessary.

The total costs incurred by GIA in discharging its functions and responsibilities in 2014

amounted to RM2,798,842 against RM2,780,624 in 2013.