Table of Contents Table of Contents
Previous Page  101 / 222 Next Page
Information
Show Menu
Previous Page 101 / 222 Next Page
Page Background

GOVERNANCE

93

Bursa Malaysia •

Annual Report 2015

j.

On 28 January 2016, the CFO reported that non-audit fees

incurred in 2015 amounted to RM430,200, constituting

approximately 49.9% of the total remuneration of RM862,000

to the External Auditors for the FY 2015. The non-recurring non-

audit services rendered in 2015 included the GST implementation

and its post-implementation review, as well as cyber security

assessment (“CSA”), amounting to RM314,000, which constituted

approximately 36.4% of the total remuneration.

The CSA was procured via a tender process in which evaluations

were conducted based on technical and financial criteria. The

AC’s approval for the engagement of EY to conduct the CSA as

recommended by the Minor Tender Committee (“MTC”) in line

with Bursa Malaysia’s Auditor Independence Policy as it was an

unplanned non-audit service was sought at its third meeting

held on 14 July 2015. The AC was satisfied in its review that the

provision of this non-audit service in CSA by EY would not impair

its audit independence as External Auditors of Bursa Malaysia,

based on the rationale that CSA is a special project, not recurring

in nature and unlikely to create a conflict of interest. The EY team

conducting the CSA was separate from the external audit team

and was neither involved in any form of system implementation

at Bursa Malaysia nor involved in the statutory audit work of EY

as External Auditors of Bursa Malaysia Group.

k. The External Auditors provided written assurance on 28 January

2016 to the AC that, in accordance with the terms of all relevant

professional and regulatory requirements, they had been

independent throughout the audit engagement for 2015.

3. Internal Audit

a. The GIA team conducted the audit activities as per the 2015 Risk-

Based Audit Plan approved by the AC on 20 November 2014.

The Head of GIA and departmental heads of the respective GIA

functions presented the GIA’s reports at each of the AC meetings

during the year. The 2015 Risk-Based Audit Plan was reviewed

on a half-yearly basis or as required to reflect the changing risk

landscape of the organisation and industry. A total of 55 audit

engagements were completed in 2015.

b. GIA’s scope of audit engagements was developed taking into

consideration Bursa Malaysia’s Corporate Risk Profile 2015,

Divisional Risk Profiles as well as its key strategic initiatives. The

identified key audit areas or portfolios in 2015 were as follows:

THE IDENTIFIED KEY AUDIT AREAS/PORTFOLIOS IN 2015

i.

SECURITIES MARKET

ii.

BURSA MALAYSIA DERIVATIVES

iii.

ISLAMIC CAPITAL MARKET

iv.

REGULATION

v.

MARKET OPERATIONS

vi.

TECHNOLOGY & SYSTEMS

vii.

CORPORATE RISK MANAGEMENT

viii.

THEMATIC AREAS – SOCIAL MEDIA, CLEARING.

CYBER ATTACK, GOVERNANCE

ix.

REVIEW OF CRITICAL SYSTEMS AND THEIR

DISASTER RECOVERY PROCESS

x.

FUNCTIONAL GROUPS – HUMAN RESOURCES,

CORPORATE SERVICES AND COMPLIANCE

c. Co-sourcing arrangements were introduced with external service

firms namely KPMG and EY to provide assurance in specialised

and highly technical areas, particularly on clearing risk

management and cyber security. It is part of GIA’s commitment to

broaden its skills and coverage by leveraging on the knowledge

of the subject matter experts.

As part of GIA’s advisory services, pilot implementation for

Control Self Assessment was facilitated by GIA in collaboration

with the strategic business units and functional units. Control Self

Assessment is a process through which Management examines

and assesses the adequacy and effectiveness of internal controls

in mitigating related risks and thereby provides reasonable

assurance that the business and/or operational objectives will

be met.

d. Further, in its advisory capacity, GIA reviewed the Group’s

compliance and enterprise risk management functions via the

benchmarking exercise with peer exchanges and best practices.

In addition, GIA in collaboration with Group Human Resources

(“GHR”) conducted a benchmark exercise on the Securities

Transaction Policy (“STP”) to ensure that the Group’s practices

were at par with other exchanges.

e. As for the 2015 GIA’s Scorecard which was earlier approved

at the fifth AC meeting held on 20 November 2014, the AC in

January 2015 endorsed the revisions to the 2015 GIA’s Scorecard

to adopt a five-point scale Key Performance Indicator (“KPI”)

measurement in alignment with the 2015 Corporate Scorecard

as approved by the Board of Directors in December 2014.

AUDIT COMMITTEE

REPORT

1 96 97 98 99 100 101 102 103 104 105 106 107 222  FlippingBook