multiple layers of protection across its IT infrastructure, including advanced firewall and network protection systems, email security controls to prevent spam and malware, and multi-factor authentication to enhance user access controls. These policies and procedures are readily accessible to all employees through the Group’s internal employee portal. Human Resource Management The Group’s Human Resource policies and procedures set out clear standards for recruitment, talent development and performance evaluation, with the objective of strengthening employee capabilities and supporting organisational effectiveness. These policies are communicated across the workforce to ensure consistent application throughout the Group. They are reviewed periodically to ensure they remain current and effective, while appropriate controls are in place to manage operational risks and maintain compliance with applicable regulatory requirements. Employees at all organisational levels can readily access these policies and procedures through the Group’s internal employee portal. The Group also plans and implements structured training and development programmes to equip employees with the skills and capabilities required to fulfill their roles, meet performance expectations, and reinforce the Group’s commitment to a culture of continuous learning. In addition, the Group operates a performance management framework that aligns employees, resources, and systems with the Group’s strategic objectives. Internal Audit The Group maintains an in-house Internal Audit function that provides independent and objective assurance, together with advisory support to enhance the effectiveness and efficiency of the Group’s operations. Through its work, the Internal Audit team evaluates the adequacy and effectiveness of the Group’s risk management, internal control and governance processes using a systematic and disciplined methodology, thereby supporting the Group in achieving its strategic and operational objectives. The Group Internal Audit function is independent and is adequately resourced with suitably qualified personnel to discharge its responsibilities effectively. The function is led by Ms. Shasha Muna Ahmad Kamaruddin, who holds a Bachelor’s Degree in Accounting, has over 17 years of internal audit experience, and is a member of the Malaysian Institute of Accountants and The Institute of Internal Auditors Malaysia. The Internal Audit function conducts its practices in accordance with the Global Internal Audit Standards issued by The Institute of Internal Auditors. The Audit Committee meets regularly to review and deliberate on internal audit findings and recommendations and reports the outcomes of these deliberations to the Board. To ensure comprehensive audit coverage, the Internal Audit team prioritises audit assignments based on the results of the Group’s risk assessments, the established audit cycle and consultations with Senior Management. The Annual Internal Audit Plan is also tabled to the Audit Committee for review and approval. REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS The External Auditors have performed a limited assurance engagement on this Statement on Risk Management and Internal Control in accordance with Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information, and Audit and Assurance Practice Guide (“AAPG”) 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control Included in the Annual Report, for inclusion in the Annual Report of the Group for the financial year ended 31 December 2025. The External Auditors have reported to the Board that nothing has come to their attention that causes them to believe that the Statement is not prepared, in all material respects, in accordance with the disclosures required by Section 7 of the SORMIC Guide 2025, nor is the Statement factually inaccurate. AAPG 3 does not require the External Auditors to consider whether the Directors’ Statement on Risk Management and Internal Control covers all risks and controls or to form an opinion on the adequacy and effectiveness of the Group’s risk management and internal control system, including the assessment and opinion by the Directors and Management thereon. AR 2025 | GOVERNANCE 224
RkJQdWJsaXNoZXIy NDgzMzc=