MONITORING ACTIVITIES
The key processes that have been established in monitoring and reviewing the adequacy and eīecƟveness of the system of internal controls include the following:
a) Board and Management CommiƩees
•
DMT meeƟngs are held on a weekly basis to monitor and address key issues in a Ɵmely manner.
•
SigniĮcant changes in the business and the external environment are reported by the DMT to the Board on an ongoing basis and/or during Board meeƟngs.
•
Digi’s performance management model provides a comprehensive review of business performance, which includes a review of actual performance against targets.
•
Quarterly Įnancial results and other informaƟon are provided to the Audit & Risk CommiƩee to enable the Board to monitor and evaluate business performance.
•
The Audit & Risk CommiƩee monitors major internal and external audit issues to ensure they are promptly addressed and resolved.
•
The Regulatory Steering CommiƩee monitors compliance on regulatory or industry related projects and/or topics, and tracks the progress of acƟon plans. The Regulatory Steering
CommiƩee meets monthly.
•
Risk and Control Forum meeƟngs are held on a monthly basis to monitor miƟgaƟon of key risks to ensure that robust miƟgaƟon acƟons are implemented in a Ɵmely manner by
Management.
b) Internal Audit FuncƟon
The internal audit funcƟon carried out by the Assurance Department, assists both the Board and the Audit & Risk CommiƩee by conducƟng appropriate reviews of key business processes
to assess the adequacy and eīecƟveness of internal control and risk management, compliance with regulaƟons, and the Group’s policies and procedures. To ensure independence from
Management, the Head of Assurance reports directly to the Audit & Risk CommiƩee. The Assurance Department’s pracƟces and conduct are governed by the Assurance Charter, which is
subject to review and approval on an annual basis by the Audit & Risk CommiƩee.
The Audit Plan is developed based on a risk-based approach and is approved by the Audit & Risk CommiƩee annually. The status of the Audit Plan is presented to the Audit & Risk
CommiƩee on a quarterly basis.
The audit reports, including signiĮcant Įndings and recommendaƟons for improvements, and management’s responses to the recommendaƟons are highlighted to DMT and, on a
quarterly basis reported to the Audit & Risk CommiƩee. Adequate measures and acƟons by management to address improvement areas highlighted are followed-up and reviewed on a
quarterly basis.
The Assurance Department also maintains a quality assurance and improvement programme and conƟnuously monitors its overall eīecƟveness. The Assurance Department underwent a
Quality Assurance Review by the InsƟtute of Internal Auditors Malaysia and was judged to have fully met the requirements set by the internaƟonal InsƟtute of Internal Auditors.
The Board has also received assurance from the CEO and CFO that Digi’s risk management and internal control is operaƟng adequately and eīecƟvely, in all material aspects, based on
Digi’s risk management and internal control system.
REVIEW OF THIS STATEMENT BY EXTERNAL AUDITORS
Pursuant to paragraph 15.23 of the Main Market LisƟng Requirements of Bursa SecuriƟes, the external auditors have reviewed this Statement in accordance with Recommended PracƟce Guide 5,
Guidance for Auditors on the Review of Directors’ Statement on Internal Control, for inclusion in the Annual Report and have reported to the Board that nothing has come to their aƩenƟon that
causes them to believe that this Statement is inconsistent with their understanding of the process adopted by the Board in reviewing the adequacy and integrity of the system of internal control
of Digi.
CONCLUSION
The system of risk management and internal control are embedded into the operaƟons of Digi, and acƟons taken to miƟgate any weaknesses are carefully monitored.
The Board is of the view that the system of risk management and internal control in place for the year under review and up to the date of this report, is sound and suĸcient to safeguard the share-
holders’ investment, the interests of customers, regulators and employees, and Digi’s assets.
63
