TERMS OF REFERENCE



AUDIT AND RISK MANAGEMENT COMMITTEE


PURPOSE


The Audit and Risk Management Committee is established as a committee of the Board of Directors ("Board"). The primary objectives of the Audit and Risk Management Committee are to:

  1. provide assistance to the Board in fulfilling its statutory and fiduciary responsibilities relating to corporate accounting, financial reporting practices, system of risk management and internal control, the audit processes of the Group, and in monitoring the Group’s management of business/financial risk processes and accounting and financial reporting practices;
  2. determine that the Group has adequate administrative, operational and internal accounting controls and that the Group is operating in accordance with its prescribed procedures, codes of conduct and applicable legal and regulatory requirements;
  3. serve as an independent and objective party in the review of the financial information presented by management for distribution to shareholders and the general public;
  4. ensure that the Company’s financial statements complies with applicable financial reporting standards;
  5. provide direction, counsel and oversight over the internal audit function and the external auditors to enhance their independence from management;
  6. provide assistance to the Board in setting and overseeing the Risk Management Framework of the Group and regularly assessing such Risk Management Framework to ascertain its adequacy and effectiveness; and
  7. provide assistance to the Board to meet its oversight responsibilities in relation to the Company’s sustainability policies and practices.

MEMBERSHIP


The Audit and Risk Management Committee shall have at least three members. All the members must be non-executive independent directors and financially literate and are able to understand matters under the purview of the Audit and Risk Management Committee including the financial reporting process (Practices 8.4, 8.5 and 9.3, MCCG 2017). The chairperson of the Audit and Risk Management Committee shall be an independent non-executive director and who is not the Chairman of the Board. (Practice 8.1, MCCG 2017). A former key audit partner is to observe a cooling-off period of at least two years before being appointed as a member of the Audit and Risk Management Committee (Practice 8.2, MCCG 2017).

At least one member of the Audit and Risk Management Committee must meet the criteria set by the Listing Requirements (Paragraph 15.09(1) (c)).

The Audit and Risk Management Committee members and the chairperson shall be appointed by the Board based on the recommendations of the Nomination Committee. No alternate directors shall be appointed to the Audit and Risk Management Committee.

If a member of the Audit and Risk Management Committee resigns, dies or for any reason ceases to be a member resulting in non-compliance with the above paragraphs, the Board shall, within three months of that event, appoint such number of new members as may be required.

The Audit and Risk Management Committee shall have no executive powers.

AUTHORITY


The Audit and Risk Management Committee shall, wherever necessary and reasonable, for the performance of its duties and in accordance with the procedures determined by the Board and at the cost of the Group:

  1. Have authority to investigate any matter within its terms of reference;
  2. Have the resources which are required to perform its duties;
  3. Have full and unrestricted access to any information and documents pertaining to the Company and the Group as well as to the senior management and employees of the Group;
  4. Have direct communication channels with the external auditors and person(s) carrying out the internal audit function or activity;
  5. Obtain independent professional advice or other advice;
  6. Be able to convene meetings with the external auditors, the internal auditors or both, excluding the attendance of other directors and employees of the Company, whenever deemed necessary;
  7. Have authority to instruct the Risk Management Exco Committee ("RMEC") and Risk Management Working Group ("RMWG") to perform duties as are necessary to support the Audit and Risk Management Committee in discharging its duties; and
  8. Where the Audit and Risk Management Committee is of the view that a matter reported by it to the Board has not been satisfactorily resolved resulting in a breach of these requirements, the Audit and Risk Management Committee must promptly report such matters to Bursa Securities.

MEETINGS


The Audit and Risk Management Committee shall meet at least four times each year. Additional meetings shall be scheduled as considered necessary by the Audit and Risk Management Committee or chairperson. The Audit and Risk Management Committee may establish any procedures from time to time to govern its meetings, keeping of minutes and its administration.

The Audit and Risk Management Committee may request other directors, members of management, counsels, internal auditors and external auditors, as applicable to participate in the Audit and Risk Management Committee meetings, as necessary, to carry out the Audit and Risk Management Committee’s responsibilities.

It shall be understood that either internal or external auditors, may, at any time, request a meeting with the Audit and Risk Management Committee with or without management attendance. The external auditors shall be given notice of meetings and shall have the right to attend and speak.

The Secretary of the Audit and Risk Management Committee shall be appointed by the Committee from time to time. Committee meeting agendas shall be the responsibility of the Audit and Risk Management Committee chairperson with input from Committee members. The chairperson may also ask management to participate in this process.

The agenda for each meeting shall be circulated at least five business days before each meeting to the Audit and Risk Management Committee members, the external auditors and all those who are required to attend the meeting. Written materials including information requested by the Audit and Risk Management Committee from management, internal audit and external auditors shall be received together with the agenda for the meetings (Practice 1.5, MCCG 2017).

The quorum for the Audit and Risk Management Committee meeting shall be the majority of members present members shall constitute a quorum.

Attendance at a meeting may be by being present in person or by participating in the meeting via video or teleconference.

Questions arising at any meeting of the Audit and Risk Management Committee shall be decided by a majority of votes of the members present, and in the case of equality of votes, the Chairman of the Audit and Risk Management Committee shall have a second or casting vote.

The Audit and Risk Management Committee shall cause minutes to be duly entered in the books provided for the purpose of all resolutions and proceedings of all meetings of the Audit and Risk Management Committee. Such minutes shall be signed by the chairperson of the meeting at which the proceedings were held or by the chairperson of the next succeeding meeting and if so signed, shall be conclusive evidence without any further proof of the facts thereon stated. Minutes of each meeting shall also be distributed to all attendees (members) of the Audit and Risk Management Committee meeting and external auditors.

The Audit and Risk Management Committee, through its chairperson, shall report to the Board after each meeting. The minutes of the Audit and Risk Management Committee meeting shall be available to all Board members.

The Audit and Risk Management Committee may deal with matters by way of a circular resolution in writing, in lieu of convening a formal meeting. The circular resolution shall be as valid and effectual as if it has been passed by a meeting of the Audit and Risk Management Committee duly convened. Circular Resolutions signed by all the members shall be valid and effective as if it had been passed at a meeting of the Audit and Risk Management Committee.

DUTIES AND RESPONSIBILITIES


The duties and responsibilities of the Audit and Risk Management Committee shall include the following:

External Audit

  1. To nominate and recommend to the Board, the appointment of the external auditors having regard to the adequacy of the experience, resources, audit fee and independence of the external auditors;
  2. To discuss with the external auditors before the audit commences, the nature, scope and plan of the audit, and ensure co-ordination where more than one audit firm is involved;
  3. To review with the external auditors, their evaluation of the system of internal controls and his audit report including any significant suggestions for improvements and management’s response;
  4. To review the assistance given by the employees of the Group to the external auditors;
  5. To discuss problems and reservations, if any, arising from the interim and final audits, and any matter which the external auditors wish to discuss in the absence of the management, where necessary;
  6. To discuss and review the external auditors’ management letter and management response, if any;
  7. To annually assess and consider the performance, suitability and independence of the external auditors including their fees, and consider any questions of resignation or dismissal including whether there is reason (supported by grounds) to believe that the external auditors are not suitable for re-appointment. The assessment is to be based on established policies and procedures that consider, among others (Practice 8.3, MCCG 2017):

    • the competence, audit quality and resource capacity of the external auditors in relation to the audit;
    • the ability of the external auditors to meet deadlines in providing services and responding to issues in a timely manner as contemplated in the external audit plan;
    • the nature and extent of the non-audit services provided by the external auditors and appropriateness of the level of fees paid for such services relative to the audit fee; and
    • obtaining written assurance from the external auditors confirming that they are, and have been, independent throughout the conduct of the audit engagement in accordance with the terms of all relevant professional and regulatory requirements.

  8. To review any letter of resignation from the external auditors and report the same to the Board.

FINANCIAL REPORTING


  1. To review in depth the quarterly and year-end financial statements, focusing particularly on:-

    • any change in and implementation of major accounting policies and practices;
    • significant adjustments arising from the audit;
    • the going concern assumption;
    • compliance with accounting standards and other statutory requirements; and
    • to ensure a true and fair view of the financial position and performance of the Group and of the Company is presented after taking into consideration any accounting issue arising in respect of the Group and of the Company’s affairs, and recommending the quarterly and year-end financial statements to the Board for its approval;

  2. To assess the appropriateness of the management’s selection of accounting policies and disclosures in compliance with approved accounting standards;
  3. To ensure timely submission of financial statements by the management;
  4. To review significant or unusual transactions and accounting estimates; and
  5. To review with the Group’s counsels, any legal matters that could have a significant impact on the Group’s financial statements;

INTERNAL AUDIT (Practices 9.1, 9.2 and 10.1, MCCG 2017)


  1. To do the following, in relation to the internal audit function:-

    • review the adequacy of the scope, functions, resources and competency of the internal audit function, and that it has the necessary authority to carry out its work;
    • ensure the internal audit function is independent of the activities it audits the internal audit activities should be free from interference in determining the scope of internal audit, performing work and communicating results; and the internal audit function reports directly to the Audit and Risk Management Committee;
    • review the internal audit programme, processes, the results of the internal audit programme and processes, and whether or not appropriate actions are taken on the recommendations of the internal audit function;
    • review the assistance and co-operation given by the employees of the Group to the internal auditors;
    • review any appraisal or assessment of the performance of the internal auditors;
    • approve any appointment or termination of the internal auditors; and
    • take cognizance of the resignation of the internal auditors and its reasons for resigning.

  2. To discuss and review the major findings of internal investigations and the management’s response;
  3. To review the major findings of internal investigations and management’s response;
  4. To review management’s monitoring of compliance with the Group’s code of corporate conduct;
  5. To verify at the end of each financial year, the allocation of options under a share issuance scheme and share grant scheme for employees, if any, to ensure compliance with the allocation criteria determined by the Remuneration Committee and in accordance with the Bye-Laws of the relevant Option Scheme. A statement by the Audit and Risk Management Committee verifying such allocation shall be included in the annual report; and
  6. To review the findings of any examinations by regulatory authorities.

RISK MANAGEMENT (Practices 9.1 and 9.2, MCCG 2017)


  1. To provide oversight, direction and counsel to the Group’s risk management process which includes the following:

    • recommend for the Board’s approval, the establishment of the Group’s risk management framework, policies, strategies, and any proposed changes thereto arising from any review;
    • to conduct an annual review and periodic testing of the Group’s risk management framework and assess the resources and knowledge of the management and employees involved in the risk management process;
    • to monitor the Group’s and Department’s level of risk exposures and management of the significant financial and non-financial risks identified;
    • to review and recommend the Group’s level of risk tolerance and actively identify, assess and monitor key business risks to safeguard shareholders’ investments and the Group’s assets;
    • to review the Group’s risk profile and ensure that significant risks that are outside tolerable ranges are being responded with appropriate actions taken in a timely manner;
    • to evaluate new risks identified by the RMEC and RMWG including the likelihood of the emerging risks happening in the future and consider the need to put in place the appropriate controls;
    • to review the status of the implementation of management action plans in mitigating significant risks identified;

  2. To establish and periodically review the Group’s risk management guidelines and policies and ensure implementation of the objectives outlined in the policies and compliance with them;
  3. To evaluate the effectiveness of the RMEC and RMWG’s structure, risk management processes and support system to identify, assess, monitor and manage the Group’s key risks; and
  4. To review the Statement on Risk Management and Internal Control in the Group’s annual report to ensure that relevant information as prescribed in the MMLR of Bursa Securities are disclosed. Disclosure in the annual report should include a discussion on how key risk areas such as finance, operations, regulatory compliance, reputation, cyber security and sustainability were evaluated and the controls in place for the Group to mitigate and manage those risks.

RELATED PARTY TRANSACTION


  1. To consider any related party transactions and conflict of interest situation that may arise within the Company or the Group including any transaction, procedure or course of conduct that raises questions of management integrity.

SUSTAINABILITY


  1. To review the strategies, policies, management, initiatives, targets and performance of the Group as a whole, as appropriate, in the following areas to ensure the Company’s business is conducted in a responsible manner:
    • Health and safety
    • Environment
    • Community Relations
    • Security
    • Governance

RELATIONSHIPS AND COMMUNICATION WITH BOARD, AUDITORS AND MANAGEMENT


  1. To report its findings on the financial and management performance, risk assessment results and other material matters to the Board;
  2. To perform other oversight functions as requested by the Board; and
  3. To consider and examine such other matters as the Audit and Risk Management Committee considers appropriate.

REVISION OF THE TERMS OF REFERENCE


Any revision or amendment to the Terms of Reference, as proposed by the Audit and Risk Management Committee or the Nominating Committee or any third party, shall be presented to the Board for its approval.

Upon the Board’s approval, the said revision or amendment shall form part of this Terms of Reference and this Terms of Reference shall be considered duly revised or amended.



NOMINATION COMMITTEE
REMUNERATION COMMITTEE
SUSTAINABILITY COMMITTEE