GOVERNANCE

STATEMENT ON INTERNAL CONTROL AND RISK MANAGEMENT

The Board of Bursa Malaysia is committed to maintaining a sound internal control and risk management system. Each business unit/functional group has implemented its own control processes under the leadership of the Chief Executive Officer (“CEO”), who is responsible for good business and regulatory governance. The following statement outlines the nature and scope of the Group’s internal control and risk management in 2015.

BOARD’S RESPONSIBILITY

The Board affirms its overall responsibility for the Group’s system of internal control and risk management and for reviewing the adequacy and integrity of the system. The system of internal control covers governance, risk management, financial, strategy, organisational, operational, regulatory and compliance control matters. The Board recognises that this system is designed to manage, rather than eliminate, the risks of not adhering to the Group’s policies, and achieving goals and objectives within the risk tolerance established by the Board and Management. Therefore, the system provides reasonable, but not absolute, assurance against the occurrence of any material misstatement, loss or fraud.

In 2015, the adequacy and effectiveness of internal controls were reviewed by the Audit Committee (“AC”) in relation to the internal audits conducted by the Group Internal Audit (“GIA”) during the year. Audit issues and actions taken by Management to address the issues tabled by GIA were deliberated on during the AC meetings. Minutes of the AC meetings which recorded these deliberations were presented to the Board.

The Risk Management Committee (“RMC”) provides oversight on risk management matters relating to the activities of Bursa Malaysia as an exchange holding company and of its subsidiaries in accordance with Section 22 of the Capital Markets and Services Act 2007 (“CMSA”), to ensure prudent risk management over Bursa Malaysia’s business and operations. At its scheduled meetings in 2015, the RMC had reviewed, appraised and assessed the efficacy of the controls and progress of action plans taken to mitigate, monitor and manage the overall risk exposure of the Group. The RMC also reviewed proposals for new products, monitored the progress and status of risk management activities, as well as raised issues of concern and provided feedback for Management’s action.

Internal control and risk-related matters which warranted the attention of the Board were recommended by the AC and RMC to the Board for its deliberation and approval and matters or decisions made within the AC’s and RMC’s purview were escalated to the Board for its notation.