• Largest thermoforming company in Malaysia
  • ir@@scgmbhd.com

Statement On Risk Management And Internal Control

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

The Board of Directors (“the Board”) of SCGM Bhd (“the Company”) (collectively with its subsidiary, “the Group”) is pleased to provide the following Statement on Risk Management and Internal Control on the state of the risk management and internal controls of the Group for the financial year under review and up to the date of approval of this statement, which is made pursuant to paragraph 15.26(b) and Practice Note 9 of the Bursa Malaysia Securities Berhad Main Market Listing Requirements, the Malaysian Code on Corporate Governance and guided by the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers (“Guidelines”). The scope of this Statement includes the Company and its operating subsidiary.

 

RESPONSIBILITY

 

The Board recognises the importance of a sound system of internal control and effective risk management practices to good corporate governance. During the financial year, the Board continues to enhance the system of internal control and risk management to safeguard  shareholders’ investments and the assets of the Group.

 

The Board affirms its overall responsibility for maintaining sound systems of internal control within the Group covering financial control, operational control, compliance control and risk management, and reviewing the adequacy and effectiveness of such systems within the Group regularly. The Board, in the discharge of its stewardship responsibilities, is committed to establish risk appetite of the Group and to identify key risks in which companies within the Group are exposed and will introduce appropriate systems progressively to manage such risks.

 

The Board delegates the duty of identification, assessment and management of key business risks to the Risk Management Committee (“RMC”). The Board delegates its review role to the Audit Committee, through terms of reference approved by the Board, in order to provide assurance to the Board on the adequacy and effectiveness of governance, risk and control structures and processes of the Group.

 

Notwithstanding that, there are, however, limitations inherent in any system of internal control, and such system is designed to manage rather than eliminate the risk that may impede the achievement of business objectives. The system of risk management and internal control can only provide reasonable but not absolute assurance against material misstatement of management or financial information or financial losses or frauds.

 

The internal audit adopts a risk-based approach in developing its audit plan which addresses the core auditable areas of the Group. Scheduled internal audits shall be carried out by the internal audit function based on the audit plan presented to and approved by the Audit Committee to provide independent and objective reports on the state of internal control of the operating units.

 

The audit focuses on areas with higher risk as well as areas identified with inadequate controls to ensure the effectiveness of the controls in mitigating those risks. The internal audit function will follow up with the management in the implementation of action plans recommended to improve areas where control deficiencies identified during the internal audits.

 

The Board affirms that it is ultimately responsible for the adequacy and integrity of the Group’s systems of risk management and internal control, which includes the establishment of an appropriate control environment and reporting framework.

 

INTERNAL CONTROL STRUCTURE

 

a) Control Environment

 

The control environment sets the tones for the Group by providing fundamental discipline and structure. Key elements of the Group include:

  • Integrity and ethical values

The Board and Senior Management set the tone at the top on corporate behaviour and corporate governance. The tone from the top on integrity and ethical value are enshrined in formal Code of Ethics and Conduct established and approved by the Board. This formal code forms the foundation of integrity and ethical value for the Group. All employees of the Group shall adhere to the policies and guidelines which set out the principles to guide employees in carrying out their duties and responsibilities when dealing with external parties.

Integrity and ethical value expected from the employees are incorporated in the Employee Handbook whereby the ethical behaviours expected with the customers, suppliers, employees, society and environment are stated. Codes of conduct expected from employees to carry out their duties and responsibilities assigned are also established and formalised in Employee Handbook.

  • Board Committees (ie. Audit Committee, Remuneration Committee and Nominating Committee)

Clear roles of the Board are stated under the Corporate Governance Overview Statement section of this Annual Report. The “hands on” management style by the Executive Directors contributed to timely identification and rectification of risks and issues arising from business operations and other related issues. Meetings of Board of Directors and respective Board Committees are scheduled on timely basis to review the performance of the Group, from financial and operational perspective.

  • Organisation Structure and Authorisation Procedures

An organisational structure with defined line of responsibilities, proper segregation of duties and delegation of authority limits are in place.A process of hierarchical reporting has been established, which provides for a documented and auditable trail of accountability. The procedures include the establishment of relevant limits of authority across the Group’s operations and provide for continuous assurance at increasingly higher levels of management, and finally to the Board.Management is committed to employ suitable qualified staff to ensure operation efficiency.Operation meetings are formal platforms for Management to set its tone on control culture and emphasise on Group’s strategic directions as agreed upon by the Board.

  • Food Safety, Policy and Procedure

The Group has documented policies and procedures that are periodically reviewed andupdated to ensure its relevance to regulate key operations in compliance with its International Organisation for Standardisation (“ISO”) Quality Standards, Food Safety System Certification, SIRIM Eco-Label Licence as well as internal control requirements.

  • Human Resource Policy

Guidelines on the human resource management are in place to ensure the Group’s ability to operate in an effective and efficient manner by employing and retaining adequate competent employees possessing necessary knowledge, skill and experience in order to carry out their duties and responsibilities assigned effectively and efficiently.Performance evaluations are carried out for all levels of staff to identify performance gaps, for training needs identification and talent development.

  • Training and Development

Trainings are conducted at all levels of employees so that all employees will be able to perform well in their present jobs and also to develop employees who have potential to perform duties with wider responsibilities. Management ensure that employees receive continuous training in various areas of work such as knowledge, compliances of rules and regulations, health and safety, technical training, leadership and new product development.

 

b) Risk Assessment

 

The Board and RMC are aware of its overall responsibility in managing the Group’s risk management policy. The risk identification process is done on an ongoing-basis and entails all key factors within the Group’s business operations.

Identifying, evaluating and managing any significant risks faced by the Group is undertaken byvarious parties, such as, RMC, Management as risk owners, internal audit function, external auditors and Audit Committee, which assesses and analyses any findings of the internal audit function and external auditors and reports to the Board.

At operational level, the Board’s function within the risk management policy is exercised and managed primarily by Executive Directors through their participation in the operations and regular meetings with managerial levels to ensure the efficiency of the system of internal control and risk management. The process of identifying and evaluating the significant risks affecting the business is carried out by all heads of departments on a continuous basis, and the controls and procedures by which these risks are managed accordingly.

At the strategic level, business plans, business strategies and investment proposals with risks consideration are formulated by the Executive Directors and presented to the Board for review and deliberation to ensure that the proposed plans and strategies are in line with the Group’s risk appetite. In addition, specific strategic and key operational risks are highlighted and deliberated by the Audit Committee and the Board during the review of the financial performance of the Group in the scheduled meetings.

The Group’s financial risk management policy seeks to ensure that adequate resources are available to mitigate risks including foreign currency risk, interest rate risk, credit risk and liquidity risk. The Board assumes overall responsibility for the Group’s risk management policy and formulates policies and procedures for the management of these risks.

 

c) Control Activities

 

Processes are continuously reviewed for relevance to the business processes and activities as well as for uniformity and standardisation of practices across the Group.

Periodic and annual audit reviews by internal and external quality auditors were conducted to ensure compliance with and continuous improvement of the ISO Quality Standards certification as assurance to the quality standards of products and services provided by the Group.

Budgets are prepared to evaluate the feasibility and viability of the Group’s business and to ensure that the Group’s business plan is in line.

The Group’s financial performance is also reported to the Board on quarterly basis to highlight significant variances. The financial results are reviewed by the Board to enable them to gauge the Group’s overall performance and compare it to the prior periods.

 

d) Information and Communication

 

Management promotes good working relationship at all levels of employees by ensuring information and communication channels are open and sinuous. Relevant information is shared both downwards (from Management to employees) and upwards (from employees to Management) for proper attention and further action. The Group has in place effective and efficient information and communication infrastructures and channels, i.e. computerized enterprise resources planning systems, secured electronic mail system and modern telecommunication, so that operation data and management information can be communicated timely and securely to dedicated personnel within the Group for decision making and for communication with relevant external stakeholders for execution and information collection.

Regular management meetings are conducted by all heads of departments to discuss and resolve issues or challenges faced with regard to operational and administrative matters. The proceedings of these meetings are minuted for further action and reference.

The Board recognises the needs of communication across the Group and investors. Going forward, more dialogues with investors and analysts as well as with the media will be held. Investor relations activities are held at least on a quarterly basis.

 

e) Monitoring

 

Management maintains close monitoring of the Group’s operations through submission of monthly reports and constant communication or regular meetings with the heads of departments. Management also constantly monitors the highlighted issues through the conduct of follow-up audits which show its commitment to improve on current processes and internal controls.During the financial year, the Board and Audit Committee have diligently continued in its oversight role of internal controls and monitors performances of the Group’s quarterly financial results.Internal audit function acts as an ongoing monitoring process, which provides a degree of assurance as to validity of the system of internal control. Planned corrective actions are independently monitored for timely completion.

 

RISK MANAGEMENT POLICY

 

The Board recognises the need for an effective risk management practice and to maintain a sound system of internal control as all areas of the business activities of the Group involve certain risks. Hence, the Board has formalised and established the risk management policy, as an approach to identifying, assessing, reporting and monitoring risks faced by the Group.

The objectives of the risk management policy are:

  • To systemise a continuous process for identifying, evaluating and managing the significant risks faced by the Group;
  • To provide a platform for communication, of risk and control profiles and the management action plans to manage the risks, between Senior Management and the Board;
  • To nominate key management personnel to prepare action plans to address any risk and control issues;
  • To inculcate an organisation-wide culture of risk awareness and management and embed internal controls and risk management further into the operations of the Group’s business; and
  • To establish a documented process of control monitoring and improvement plans.

The Board has assigned the Group’s risk management function to Risk Management Committee (“RMC”), which comprises of Senior Management and Head of Departments of the Group. RMC is primarily responsible to identify, evaluate, and manage significant risks faced by the Group as well as report to the Board on a regular basis.

The following depicts the key parties and their principal risk management roles and responsibilities:

 

a) Board of Directors

  • Maintains a sound system of risk management and internal control;
  • Evaluate the adequacy of the system of risk management and internal control; and
  • Approve risk management policy and governance structure.

b) Risk Management Committee

  • RMC discuss and meet regularly to identify and manage risks to a manageable level;
  • Identify and evaluate the significant risks faced by the Group;
  • Assist the Board in implementing the objectives outlined in the risk management policy;
  • Establish, formulate, recommend and manage sound and best practice risk management programs for the Group;
  • Continuously monitor and execute appropriate actions to address any change in existing risks or new risks identified as part of an on-going proactive control measure;
  • Report to the Board on any major changes to the identified risk requiring immediate attention/ notification;
  • Inculcates risk awareness within the Group.

c) Head of Departments

  • Primarily responsible for managing risk on a day-to-day basis; and
  • Promote risk awareness within their operations and introduce risk management objectives
    into the business and operations.

 

The Board recognise that risk management can become a strategic competitive advantage if it is used to identify specific actions that enhance performance and optimise risk. It can also influence business strategy by identifying potential adjustments related to previously unidentified opportunities and risks. As much as risks give rise to the need for controls, we consciously look out for opportunities for improvement arising from risks and uncertainties. Risk management has been adopted also as a strategic tool in strategy formulation, investment and resource allocation.

 

During the financial year under review, the Board has identified, evaluated and managed the significant risks faced by the Group through monitoring of the Group’s operational efficiency and performance at its Board Meeting. The Board has assigned to the Audit Committee the duty of reviewing and monitoring the effectiveness of the Group’s risk management processes. At operation levels, risks were discussed on ad hoc basis during the periodic management operations meetings.

 

INTERNAL AUDIT FUNCTION

 

The Board recognises the need for an internal audit function, and has engaged the services of an independent professional firm, Messrs Needsbridge Advisory Sdn Bhd (“NASB”) to review the efficiency and effectiveness as well as the adequacy and integrity of the Group’s internal control and risk management processes implemented by the management to manage key business risks and internal control system.

 

The outsourced internal audit function is reporting to the Audit Committee directly and the engagement director, Mr. Pang Nam Ming, is a Certified Internal Auditor accredited by the Institute of Internal Auditors Global and a professional member of the Institute of Internal Auditors Malaysia. The internal audits are carried out, in material aspects, in accordance with the International Professional Practices Framework established by the Institute of Internal Auditors Global. The outsourced internal audit function is manned by one (1) engagement director, three (3) managers/assistant manager and five (5) senior consultants/consultants during the financial year under review.

 

The audit engagement of the outsourced internal audit function is governed by the engagement letter with key terms include purpose and scope of works, accountability, independence, the outsourced internal audit function’s responsibilities, the management’s responsibilities, the authority accorded to the outsourced internal audit function, limitation of scope of works, confidentiality, proposed fees and engagement team. The appointment and resignation of the internal audit function as well as the proposed audit fees are subject to review and approval by the Audit Committee for its reporting to the Board for ultimate approval.

 

In addition, the oversight of the internal audit functions by the Audit Committee is enhanced by the review by the Audit Committee of resources of the outsourced internal audit function in term of qualification and experience/exposure and continuous professional development of the employees of the outsourced internal audit function tabled by the outsourced internal audit function during the financial year under review. To preserve the independence and objectivity, the outsourced internal audit function is not permitted to act on behalf of Management, decide and implement management action plan, perform on-going internal control monitoring activities (except for follow up on progress of action plan implementation), authorize and execute transactions, prepare source documents on transactions, have custody of assets or act in any capacity equivalent to a member of the Management or the employee.

 

The outsourced internal audit function is accorded unrestricted access to all functions, records, property, personnel, Audit Committee and other specialized services from within or outside the Group and necessary assistance of personnel in units of the Group where they perform audits.

 

Risk-based internal audit plan in respect of financial year ended 30 April 2018 was drafted by the outsourced internal audit function, after taking into consideration existing and emergent key business risks identified in the key risk profile of the Group, the management’s assessment of business processes and risks and previous internal audits performed, and was reviewed and approved by the Audit Committee prior to execution. The internal audit plan, which reflects the risk profile of the Group’s major business sectors is routinely reviewed and approved by the Audit Committee if amendment to the internal audit plan is required. The scope of internal audit function covers the audit and review of governance, risk assessment, compliance, operational and financial control across all business units.

 

The outsourced internal audit function provides the Audit Committee with an independent assessment of the effectiveness, efficiency and adequacy of the internal control systems of the Group. This is achieved by reviewing and reporting on any material deviations and non-compliances of policies and control procedures implemented by the Management and the Board based on the approved internal audit plan. During the financial year ended 30 April 2018, in accordance to the internal audit plan approved by the Audit Committee, the outsourced internal audit function conducted review for human resource, payroll processing, sales and marketing,credit control and user access management for its key operating subsidiary in Malaysia.

 

As third-line-of-defence, the internal control review procedures performed by the outsourced internal audit function are designed to understand, document and evaluate risks and related controls to determine the adequacy and effectiveness of governance, risk and control structures and processes and to formulate recommendations for improvement thereon. The internal audit procedures applied principally consisted of process evaluations through interviews with relevant personnel involved in the process under review, review of the Standard Operating Procedures and/or process flows provided and observations of the functioning of processes in compliance with results of interviews and/or documented Standard Operating Procedures and/or process flows. Thereafter, testing of controls for the respective audit areas through the review of the samples selected based on sample sizes calculated in accordance to predetermined formulation, subject to the nature of testing and verification of the samples.

 

Upon completion of the internal audit review based on detailed audit program, the internal audit report is presented to Audit Committee for review and consideration. The internal audit report includes the audit findings and internal auditors’ recommendations as well as management responses and action plans for improvement and to resolve any issue arises. In assessing the adequacy and effectiveness of the system of internal controls and risk management processes of the Group, the Audit Committee reports to the Board on its activities, significant audit results or findings and the necessary recommendations or actions needed to be taken by management to rectify those issues. Update on the status of action plans as identified in the previous internal audit reports are presented at subsequent Audit Committee meeting for review and deliberation.

 

The cost incurred in maintaining the outsourced internal audit function for the financial year ended 30 April 2018 amounted to RM30,000.00.

 

During the financial year under review, the Audit Committee met once with the outsourced internal audit function without the presence of the Executive Directors and Management where they are given the opportunity to raise any concern or professional opinion and thus, to be able to exert its functions independently.

 

Based on the review of the works performed and deliverables by the outsourced internal audit function during the financial year, the Audit Committee and the Board are satisfied:

  • that the outsourced internal audit function is free from any relationships or conflicts of interest which could impair their objectivity and independence;
  • with the scope of the outsourced internal audit function;
  • that the outsourced internal audit function possesses relevant experience, knowledge, competency and authority to discharge its functions effectively, possesses sufficient resources and has unrestricted access to employees and information for the internal audit activities; and
  • with the internal audit plan, processes, the results of the internal audit plan, processes or investigation undertaken.

 

ASSURANCE PROVIDED BY THE MANAGING DIRECTOR AND GROUP FINANCIAL CONTROLLER

 

In accordance with the Guidelines, the Managing Director, being the highest-ranking executive in the Company and the Group Financial Controller being the person primarily responsible for the management of the financial affairs of the Company have provided assurance to the Board that the Group’s risk management and internal control system operated adequately and effectively, in all material aspects, to meet the Group’s objectives during the financial year under review.

 

OPINION AND CONCLUSION

 

Based on the review of the risk management results and process, results of the internal audit activities, monitoring and review mechanism stipulated above coupled with the assurance provided by the Managing Director and the Chief Financial Officer, the Board is of the opinion that the systems of risk management and internal controls is operating adequately and effectively, in all material aspects and have not resulted in material losses, contingencies or uncertainties that would require separate disclosure in the annual report during the year under review and up to the date of approval of this statement for inclusion in the annual report. The monitoring, review and reporting arrangements are in place to give reasonable assurance that the structure and operation of controls are appropriate for the Group. The Board is of the view that the process of risk management and internal control system is sound and sufficient to safeguard the interest of shareholders and the Group’s assets.

REVIEW OF THE STATEMENT BY THE EXTERNAL AUDITORS

 

As required by paragraph 15.23 of the Bursa Malaysia Securities Berhad Main Market Listing Requirements, the external auditors have reviewed this Statement on Risk Management and Internal Control pursuant to the scope set out in Recommended Practice Guide (“RPG”) 5 (Revised), Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants (“MIA”) for inclusion in the annual report of the Group for the financial year ended 30 April 2018.

 

Based on their review, the external auditors have reported to the Board that nothing had come to their attention that causes them to believe that this statement is inconsistent with their understanding of the risk management and internal control process implemented by the Group.

 

This statement has been approved by the Board of SCGM Bhd on 22 June 2018.

Over 35 years experience and knowledge of international manufacturing standards, we are dedicated to provide the best and economical solutions to our valued customers. Serving more than 30 countries, we strive to provide the most competitive pricing with highest quality.

Latest News

04 December 2018
04 December 2018
04 December 2018
04 December 2018
04 December 2018

Contact us

  •  

    PTD109444 Jalan Sengkang,
    Kulai Johor 81000 Malaysia.

  •  

    (+60) 7 652 2288

  •  

    ir@scgmbhd.com

  •  

    Mon - Fri   : 08:00 – 17:30

    Saturday   : 08:00 - 13:30
    Sunday     : Holiday