STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
The Board of Directors (“Board”) aĸrms its commitment to maintain a sound system of risk management and internal control in Digi.Com Berhad and its Group of Companies (“Digi” or “the Group”)
and is pleased to provide the following statement, which outlines the nature and scope of internal controls of the Group during the Įnancial year ended 31 December 2014.
Digi has established procedures of internal control that takes into account the guidelines to Directors as set out in the “Statement on Risk Management & Internal Control - Guidelines for Directors”
for the year under review. These procedures, which are subject to regular review by the Board, provide an ongoing process for idenƟfying, evaluaƟng and managing signiĮcant risks faced by Digi
that may aīect the achievement of its business objecƟves.
BOARD RESPONSIBILITY
The Board is responsible and accountable for Digi’s system of internal control, which includes the establishment of an appropriate control environment and framework, as well as reviewing
its eīecƟveness, adequacy and integrity on a regular basis. The system of internal control covers governance, risk management, Įnancial, organisaƟonal, operaƟonal and compliance controls.
The system of internal control is designed to idenƟfy, assess and manage risks that may impede the achievement of business objecƟves and strategies rather than to eliminate risks. It, therefore,
provides a reasonable and not absolute assurance against material misstatement of management, Įnancial informaƟon and records, or against Įnancial losses or fraud.
Management is required to apply good judgement in assessing the risks faced by the Group, idenƟfying Digi’s ability to reduce the incidence and impact of risks, and ensuring that the beneĮts
outweigh the costs of operaƟng the controls.
The Board, through the Audit & Risk CommiƩee, ensures that the risk management and internal control pracƟces are adequately implemented within Digi, and observes that measures are taken in
areas idenƟĮed for improvement, as part of management’s conƟnued eīorts to strengthen Digi’s risk management and internal control system.
RISK MANAGEMENT
Digi has implemented a Risk Management framework to idenƟfy, evaluate and manage signiĮcant risks that may aīect the achievement of Digi’s business objecƟves. The Board regards risk
management as an integral part of the Group’s business operaƟons. An established structured process has been set-up for managing all signiĮcant risks. These risks are reviewed and reported to
the Risk and Control Forum and Audit & Risk CommiƩee on a regular basis to ensure that adequate measures are taken to miƟgate weaknesses in a controlled environment on a Ɵmely basis.
The risk management process, and pracƟcal guidance on its applicaƟon, has been documented in the Risk Management Standard OperaƟng Policy and Procedures.
Digi Management Team (“DMT”), which comprises the Chief ExecuƟve Oĸcer (“CEO”), Chief Financial Oĸcer (“CFO”), Chief OperaƟng Oĸcer (“COO”), Chief MarkeƟng Oĸcer (“CMO”), Chief Sales
Oĸcer (“CSO”), Chief Corporate Aīairs Oĸcer (“CCAO”) and Chief Human Resource Oĸcer (“CHRO”), is responsible for ensuring key risks are idenƟĮed, evaluated and responses are developed
and implemented in a Ɵmely manner.
Risk management scope encompasses, inter alia, strategic, Įnancial, operaƟonal, network, informaƟon systems, health, safety, security and environment (HSSE), employees and regulatory maƩers.
60
