GOVERNANCE

84

Bursa Malaysia •

Annual Report 2015

STATEMENT ON INTERNAL CONTROL

AND RISK MANAGEMENT

b. The Corporate Authority Manual is reviewed periodically to

reflect the authority and authorisation limits of Management in

all aspects of Bursa Malaysia’s major business operations and

regulatory functions.

c. The Group’s Management Governance Framework, comprising

two committees for the governance function and two committees

for the business operations function, has clearly defined TOR to

enable good business and regulatory governance.

3. Planning, Monitoring and Reporting

a. An annual planning and budgetary exercise is undertaken

requiring all divisions to prepare business plans and budgets for

the forthcoming year. These are deliberated on and approved by

the Board before their implementation.

b. The Board is updated on the Group’s performance at the

scheduled meetings. The Group’s business plan and actual vs

budget performance for the year are reviewed and deliberated

on by the Board on a half-yearly basis. Financial performance

variances are presented to the Board on a quarterly basis.

c. There is a regular and comprehensive flow of information to the

Board and Management on all aspects of the Group’s operations

to facilitate the monitoring of performance against the Group’s

corporate strategy, business and regulatory plans. The Board

also reviews and approves the Annual Regulatory Report, which

informs the Securities Commission (“SC”), under Section 16

of the CMSA, of the extent to which Bursa Malaysia and its

subsidiaries have complied with their duties and obligations

under Sections 11 and 21 of the CMSA.

d. The Director of Corporate Services, who is also the Chief

Financial Officer (“CFO”) is required to provide assurance

to the AC that appropriate accounting policies have been

adopted and applied consistently, the going concern basis

applied in the Annual Financial Statements and Condensed

Consolidated Financial Statements is appropriate, and that

prudent judgements and reasonable estimates have been made

in accordance with the requirements set out in the Malaysian

Financial Reporting Standards (“MFRSs”) and the International

Financial Reporting Standards (“IFRSs”). The CFO also assures

that adequate processes and controls are in place for effective

and efficient financial reporting and disclosure under the MFRSs,

IFRSs and Bursa Malaysia Securities Berhad Main Market

Listing Requirements (“MMLR”), and that the Annual Financial

Statements and the quarterly Condensed Consolidated Financial

Statements give a true and fair view of the financial position and

the financial performance of the Group and do not contain any

material misstatement.

4. Policies and Procedures

a. Clear, formalised and documented internal policies, standards

and procedures are in place to ensure compliance with internal

controls and relevant laws and regulations. A list of identified

laws and regulations applicable to Bursa Malaysia is documented

and maintained to facilitate compliance. Regular reviews are

performed to ensure that these documentations remain current

and relevant. Common Group policies are available on Bursa

Malaysia’s intranet for easy access by employees.

b. GIA conducts system readiness reviews to assess the progress of

project implementation according to the pre-determined timelines,

milestones and objectives of the projects and also to ensure that

due process has been complied with prior to the implementation

or launch of significant systems development and enhancement

projects. Post implementation reviews are also conducted after a

predefined period of time to assess the realised benefits of the

implemented significant systems and projects.

5. Audits

a. Audit engagements are carried out based on the annual audit

plan that is developed taking into consideration several key

factors that include corporate risk profiles, divisional risk profiles

and emerging risks.

At the engagement level, the divisional risks, existing control

design and its risk indicators’ performance are taken into

consideration during the risk profiling stage. After which,

key engagement areas are identified for the audit scope. GIA

assesses the internal controls and risk management practices

of the areas under the audit scope in regards to compliance/

conformance with the approved standard operating policies &

procedures, recognised standards/guidelines, laws & regulations

and/or best practices accordingly.

For any significant gaps identified in governance, risk

management and control during the engagement, GIA provides

recommendations to Management to improve their design and/

or effectiveness where applicable.

b. In addition, GIA assesses and reports on the adequacy and

effectiveness of the Group’s governance, internal control and

risk management system using the Committee of Sponsoring

Organisations of the Treadway Commission (“COSO”) Internal

Control - Integrated Framework.