CONTROL ENVIRONMENT AND STRUCTURE ΈCONT’DΉ
e) Policies and Procedures
Digi has set out core business policies and manuals containing key business principles and requirements for the aƩainment of goals and objecƟves on the subject areas. This includes, but is not
limited to, AccounƟng and Financial ReporƟng Policy, AnƟ CorrupƟon Policy, Brand Management Policy, Safety and Security Policy, People Policy, Supply Chain Sustainability, Sourcing Policy,
InformaƟon Management Policy, Privacy Policy, Whistle-blowing Policy, Technology Policy, Legal Policy, Treasury Policy, Tax Policy, Security Policy, Corporate CommunicaƟon Policy, Corporate
Responsibility Policy, Spectrum Policy, Customer Policy, Wholesale Roaming Policy, Financial Services Policy and Regulatory Policy. These policies and manuals are communicated Group-wide,
made available on the intranet for employees and revised periodically to meet changing business, operaƟonal and statutory reporƟng needs.
f) Revenue Assurance
The Revenue Assurance funcƟon carried out by the Risk and Revenue Management department, ensures that revenue leakage is minimised by implemenƟng adequate controls and processes
through opƟmal risk and revenue management framework. It covers the cycle of idenƟĮcaƟon, assessment, miƟgaƟon and monitoring. Digi has in place automated controls to ensure that
usage and proĮle integrity between the network, mediaƟon, raƟng and billing is assured and adequately controlled. Processes and controls within the revenue cycle are reviewed regularly
to ensure its eīecƟveness and eĸciency.
g) Fraud Management
The Fraud Management funcƟon is carried out by the Risk and Revenue Management department. The TelecommunicaƟon Fraud Management Policy provides the direcƟon and mandated
guidelines to manage and miƟgate the risk of relevant fraud and fraud losses. Close monitoring such as 24-hour surveillance of roaming and IDD traĸc usage are some of the key acƟviƟes that
are implemented with regular ongoing review of internal fraud controls. Measures and conƟnuous acƟons are taken to ensure telecommunicaƟon fraud is minimised and the requirement for
prevenƟve controls are embedded into the business processes.
h) Controls over Financial ReporƟng
Risk and Revenue Management department plays an important role in evaluaƟng and improving the eīecƟveness of key controls surrounding Digi’s Financial ReporƟng process to provide
reasonable assurance regarding the reliability of Įnancial reporƟng and preparaƟon of Įnancial statements. Review on Digi’s internal control over Įnancial reporƟng is performed in accordance
to Telenor Group’s Internal Control over Financial ReporƟng Framework, which requires the assessment of risk where a material weakness exists, and tesƟng and evaluaƟon of the design and
operaƟng eīecƟveness of internal control based on the assessed risk.
i) Legal and Compliance
The Legal Department is mandated to manage and address the Group’s legal aīairs and miƟgate legal risks in the performance of its daily business. It plays a key role in idenƟfying, evaluaƟng
and formulaƟng strategies on legal risks.
The Ethics & Compliance Oĸcer supports the CEO and Board of Directors in ensuring that:
•
The Code of Conduct reŇects good business pracƟces and relevant laws, regulaƟons and widely recognised treaƟes.
•
The Code of Conduct is implemented consistently and eīecƟvely through sharing of knowledge and measures for quality assurance.
•
Compliance incidents are consistently and eīecƟvely managed.
The Ethics & Compliance Oĸcer reports on material breaches of the Code of Conduct to the Audit & Risk CommiƩee on a quarterly basis.
STATEMENT ON RISK MANAGEMENT
AND INTERNAL CONTROL
62
