GOVERNANCE

STATEMENT ON INTERNAL CONTROL AND RISK MANAGEMENT

BOARD’S RESPONSIBILITY

The Board affirms its overall responsibility for the Group’s system of internal control and risk management and for reviewing the adequacy and integrity of the system. The system of internal control covers governance, risk management, financial, strategy, organisational, operational, regulatory and compliance control matters. The Board recognises that this system is designed to manage, rather than eliminate, the risks of not adhering to the Group’s policies and achieving goals and objectives within the risk tolerance established by the Board and Management. Therefore, the system provides reasonable, but not absolute, assurance against the occurrence of any material misstatement, loss or fraud.

In 2014, the adequacy and effectiveness of internal controls were reviewed by the Audit Committee (AC) in relation to the internal audits conducted by Group Internal Audit (GIA) during the year. Audit issues and actions taken by Management to address the issues tabled by GIA were deliberated during the AC meetings. Minutes of the AC meetings which recorded these deliberations were presented to the Board.

A Risk Management Committee (RMC) was established and maintained in accordance with Section 22 of the Capital Markets and Services Act 2007 (CMSA) to provide risk oversight and ensure prudent risk management of Bursa Malaysia’s business and operations. At its meetings in 2014, the RMC reviewed, deliberated and provided advice on matters pertaining to the key corporate risks, risk assessment of projects and programmes, operational risks and mitigation measures, as well as enterprise risk management (ERM) activities.

Internal control and risk-related matters which warranted the attention of the Board were recommended by the AC and RMC to the Board for its approval and matters or decisions made within the AC and RMC’s purview were updated to the Board for its notation.