TERMS OF REFERENCE OF THE AUDIT AND RISK MANAGEMENT COMMITTEE
The Committee shall be appointed from amongst the Board and shall comprise at least three (3) members, all must be Non-Executive Directors with a majority of whom shall be Independent Directors.
At least one member of the audit and risk committee:-
(i) must be a member of the Malaysian Institute of Accountants; or
(ii) if he/she is not a member of the Malaysia Institute of Accountants, he must have at least 3 years’ working experience and-
- he/she must have passed the examinations specified in Part I of the First Schedule of the Accountants Act 1967; or
- he/she must be a member of one of the associations of accountants specified in Part II of the First Schedule of the Accountants Act 1967; or
(iii) fulfils such other requirements as prescribed or approved by Bursa Malaysia Securities Berhad (“Bursa Securities”).
No Alternate Director shall be appointed as a member of the Committee. In the event of any vacancy with the result that the number of members is reduced to below three, the vacancy must be filled within 3 months.
The Board of Director must review the term of office and performance of the Audit and Risk Management Committee and each of its members at least once every 3 years to determine whether the Audit and Risk Management Committee and members have carried out their duties in accordance with the terms of reference.
The Chairman, who shall be elected by the Audit and Risk Management Committee, must be an Independent Non-Executive Director appointed by the Board. In the absence of the Chairman, the members present shall elect a Chairman for the meeting from amongst themselves.
The Company Secretary shall be the Secretary of the Committee and shall be responsible, in conjunction with the Chairman, for drawing up the agenda and circulating it prior to each meeting.
The Secretary shall also be responsible for keeping the minutes of meetings of the Committee and circulating them to the Committee Members.
Meetings shall be held not less than four (4) times a year. The quorum for a meeting shall be two (2) members, provided that the majority of members present at the meeting shall be Independent Directors.
The Committee may conduct its meeting to include participation thereat by any member or invitee via video or teleconferencing or any other means of audio or audio – visual communications.
All resolutions of the Committee shall be adopted by a simple majority vote, each member having one vote. In case of equality of votes, the Chairman of the meeting shall have a second or casting vote.
The meeting shall normally be attended by invitation of the committee by the Executive in charge of Finance and Internal Audit.
The external auditors have the right to appear at any meeting of the Audit and Risk Management Committee and shall appear before the Committee when required to do so by the Committee. The external auditors may also request a meeting if they consider it necessary. However, at least twice a year, the Committee shall meet with the external and/or internal auditors without any Executive Board members and employees present.
A resolution in writing, signed by all the members of the Committee, shall be as effectual as if it has been passed at a meeting of the Committee duly convened and held. Any such resolution may consist of several documents in like form, each signed by one or more Committee members.
The Audit and Risk Management Committee shall:
- have explicit authority to investigate any matter within its terms of reference;
- have to resources which it needs to perform its duties;
- have full and unrestricted access to any information which it requires in the course of performing its duties;
- have unrestricted access to the chief executive officer and the chide financial officer;
- have direct communication channels with the external auditors and internal auditors (if any);
- be to obtain independent professional or other advice in the performance of its duties at the cost of the Company; and
- be able to invite outsiders with relevant experience to attend its meetings if necessary.
The duties and responsibilities of the Audit Committee shall include the following:
Financial Reporting and Compliance
6.1 Review Financial Statements:
6.1.1 Monitor and review with appropriate officers of the Group and the external auditors, the annual, interim and any other related formal financial statements and announcements of the Group prior to approval of the Board and public release thereof, focusing on:
- the quality and integrity of the financial statements, including but not limited to the clarity and completeness of the financial disclosures therein;
- significant financial reporting issues and decisions requiring an element of judgment;
- the extent to which financial statements are affected by any unusual transactions;
- changes in accounting policies and practices, and implementation of such changes;
- compliance with applicable approved accounting standards and regulatory requirements;
- significant adjustments resulting from the audit;
- major judgmental areas;
- the going concern assumptions; and
- the Board’s statement on internal control systems, where applicable and the policies and procedures for identifying and assessing business risks and the management of those risks by the Group.
6.1.2 Discuss among the Committee members, without the presence of the Management or the external auditors if deemed necessary, the financial information obtained.
6.1.3 Discuss the impact of any proposed changes in accounting principles on future financial statements.
6.2 Review Other Accounting, Audit and Financial Matters:
Review such other matters in relation to the accounting, auditing and financial reporting practices and procedures of the Group as the Committee may, at its own discretion, deem desirable in connection with the review functions described above.
6.3 Review Related Party Transactions, if any:
Review material related party transaction and conflict of interest situations that may arise within the Group including transaction, procedure or cause of conduct that raises question of management integrity and recurrent related party transactions, entered into by the Group to ensure:
6.3.1 that the transactions have been conducted on the Group’s normal commercial terms on an arm’s length basis, on terms which are not more favourable to the related party than those generally available to the public;
6.3.2 that the internal control procedures relating to such transactions are sufficient and have been complied with; and
6.3.3 compliance with the Listing Requirements and Practice Notes of Bursa Securities that are in force from time to time.
6.4 Review Other Matters:
6.4.1 to review compliance with relevant laws and regulations, generally and reporting matters that are not satisfactorily resolved, that results in a breach of requirements;
6.4.2 to execute the request by the Board to conduct investigations into any issue pertaining to the management of the Company;
6.4.3 to review sensitive payments, if any, made by the Company;
6.4.4 to implement other necessary duties as mutually agreed by the committee and the Board or any other authorities which is empowered by law or regulated by any government authority; and
6.4.5 to review and update the terms of reference of the Committee from time to time.
Risk Management and Internal Control
6.5 Review Systems of Risk Management:
Review with members of senior management of the Group, the external auditors and, where necessary, any other relevant persons, the adequacy and effectiveness of the risk management process to identify key organisational risks and the systems or processes in place to monitor and manage these risks.
6.6 Review Systems of Internal Controls:
Review with members of senior management of the Group, the external auditors, and, where necessary, any other relevant persons, the effectiveness, adequacy and integrity of the Group’s internal controls including information technology security and control, the Group’s financial, auditing and accounting organisations and personnel and the Group’s policies and compliance procedures with respect to business practices and to assist management in setting up the appropriate procedures and internal controls.
6.7 Review Systems and/or Processes to manage fraud:
Review with members of senior management of the Group, the external auditors and, where necessary any other relevant persons, the procedures in place by management to prevent and detect fraud including cyber fraud.
6.8 Review Statement on Internal Control:
Review with the external auditors, the Group’s Statement on Internal Control for inclusion in the Annual Report, where applicable.
6.9 Review of the Internal Audit Function:
Review the internal audit department to ensure its activities are performed independently and with impartiality, proficiency and due professional care. The Committee should recommend to the Board the appointment of key personnel of the Group’s internal audit function, the authority and the areas of responsibility of the internal audit function. The Committee should also review any appraisal, determine or access the remit of the internal audit function, as well as evaluating the competencies and capabilities of the Group internal audit’s personnel in performing their duties taking into account the qualification and experience of the auditor, level of independence with the auditee, and the ability to freely communicate between the head internal auditor and senior management.
6.10 Review Internal Audit Plans:
Review, evaluate and approve the plans for and adequacy of the scope of their audit activities/programmes including the adequacy of competency and resources to carry out its function and to monitor the implementation of the internal audit activities/programmes to ensure sufficient scope is covered during the audit.
6.11 Review Internal Audit Reports:
Review with members of senior management of the Group, any periodic reports of the audit activities, key findings and recommendations including its investigations as well as the recommended course of actions to be taken by the management, management’s response to the recommendations and ensure that appropriate action is taken on their recommendations. This would include the extent of assistance and cooperation given by the Group’s management to support the activities of the internal audit function, as well as endorsing the disciplinary action to be taken against any employee involved in any misconduct as reported by the internal audit.
6.12 Review Internal Audit Function:
Monitor effectiveness and review the performance of members of the internal audit function and provide appraisals of their performance including compliance with the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing, to management and, where appropriate, the Board.
6.13 Approve the appointment or termination of key personnel or senior Internal Audit members:
Recommend to the Board to approve the appointment or termination of key personnel of the Group internal audit function and take cognisance of resignations of senior members as well as to provide the resigning staff an opportunity to submit his/her reason for resigning.
6.14 Nomination, Resignation and Dismissal of External Auditors:
Recommend to the Board annually and at other appropriate times, and through the Chairman, to the shareholders for approval at the annual general meeting, the firm to be retained or re-appointed as the Group’s external auditors, the terms of engagement and remuneration to be paid to the external auditors in respect of the audit services provided. This would include an annual review of the effectiveness and competence of the external auditor, the qualifications, expertise and the adequacy of staffing/resources provided by the external auditor.
The Committee will review and report to the Board and subsequently to the shareholders, any proposed resignation (including letter of resignation from the external auditors) or dismissal of the external auditors and whether there is reason (supported by grounds) to believe that the external auditor is not suitable for reappointment together with the Committee’s recommendation, including the payment of external auditors fees, termination of service of the external auditor and enquiring into staffing and competence of the external auditor in performing their work. Where the external auditor is removed from office or has issued a notice of their intention to do so, the Committee shall concurrently forward to Bursa Securities and the Registrar of Companies, a copy of any written representations or written explanations of the resignation made by the external auditors.
6.15 Review suitability and Independence of External Auditors:
Review the information provided by management and the external auditors relating to the independence of such firm, including, among other things :
6.15.1 external audit firm’s compliance with Malaysian regulations and ethical guidance relating to rotation of audit partner , the level of fees that the Group pays in proportion to the overall fee income of the firm, office and partner and other related regulatory requirements;
6.15.2 assurance that representatives of the external audit firm have no family, financial, employment, investment or any other business relationship with the Group, other than that in the normal course of business;
6.15.3 the employment of former employees of the external audit firm in key management positions within the Group; and/or
6.15.4 relationship between the Group and the external audit firm including the non-audit services which was provided, and expected to be provided by the external auditors.
The Committee is responsible for (1) ensuring that the external auditor submits on a periodic basis to the Committee a formal written statement delineating all relationships between the auditor and the Group, consistent with Independence Standards Board Standard No. 1 as attached in Appendix 1, modified as appropriate based on Malaysian guidelines for auditors independence, (2) actively engaging in dialogue with the external auditor with respect to any disclosed relationship or services that may impact the objectivity and independence of the external auditor and (3) taking, or recommending that the Board take, appropriate action, to oversee the independence of the external auditor.
6.16 The Committee shall ensure that the provision of non-audit services by the external auditor comply with the policy on the provision of non-audit services by the external auditor to ensure that the objectivity and independence of the audit firm are not impaired: The policy provides guidance, but not limited to, the following:
6.16.1 The scope of the non-audit services, e.g.:
- The external auditor audits its own firm’s work
- The external auditor is put in a role of an advocate for the Group
- The external auditor makes management decisions for the Group
- A mutuality of interest is created
- Any other ethical considerations deemed relevant
6.16.2 The non-audit fees charged in context with the audit fees
6.17 Review External Audit Plans:
Review, in consultation with the external auditors their plans for, and the scope and cost effectiveness of their annual audit and other examinations, prior to the commencement of such activities. This should include the evaluation of the financial and audit reports, systems of internal accounting controls and risk management processes, to the extent performed as part of the external audit.
6.18 Conduct of External Audits:
Review the assistance given by the Group and the Group’s employees to the external auditors and ensure co-ordination where more than one (1) audit firm is involved and between the external and internal auditors.
6.19 Review the External Auditors’ representations on their Quality Control Procedures and steps taken by the auditor to respond to changes in regulatory and other requisite requirements.
6.20 Review External Audit Results:
Review with the external auditors, their findings and the report of their annual audit, or proposed report of their annual audit, the accompanying management letter and response, the report of their reviews of the Group’s interim financials, and the problems and reservations arising, including significant audit adjustments, if any. The scope here will also include the reports on the results of such other examinations outside the course of the external auditors’ normal audit procedures that the external auditors may from time to time undertake.
6.21 Review Recommendations of External Audit:
Review with the members of senior management of the Group, recommendations made by the external auditors and such other matters including recommending the appropriate course of action to be taken by the management and monitoring the implementation of the course of action, as such persons or other officers of the Group may desire to bring to the attention of the Committee.
6.22 Verify shares and/or share options allocated:
Review the verification performed by the [insert name of department] on the allocation of shares or share options to the Group’s eligible employees and eligible executives in accordance with allocation criteria established pursuant to the by-laws governing the relevant share scheme, on a quarterly basis, where applicable.
6.23 Review the procedures that the Group has implemented to address allegations made by whistleblowers, to ensure that there is proportionate and independent investigation of such allegations and that appropriate follow-up action is taken and brought to the attention of the Committee, where necessary.
6.24 Ensure appropriate coordination between the audit plans of the Company’s external auditors and the scope of the Group’s internal audit programme.
6.25 Review the management’s remediation plans on the inadequacies highlighted in the internal and external audit reports.