INTERNAL CONTROL SYSTEMS The key elements of the internal control systems established by the Board that provide effective governance and oversight of internal controls include: Policies and Operating Procedures Policies and operating procedures are in place to ensure compliance with internal controls and the prescribed laws and regulations. These policies and procedures provide guidance and direction for proper management and governance of operations and business activities. The documents are reviewed annually and published in the Compliance portal which is available to all employees. Profitability Assurance This function minimises revenue leakage by implementing adequate controls and processes through an optimal revenue management framework. It covers the cycle of identification, assessment, mitigation and monitoring. Digi has in place automated controls to ensure that usage and profile integrity between the network,mediation, rating and billing are assured and adequately controlled. Key issues and mitigation actions are reported to Management monthly. The effectiveness and efficiency of processes and controls within the revenue cycle are reviewed regularly. In addition to assure minimal revenue leakage, the team also works on automation and dashboards for efficient business monitoring. Security Digi is committed to reduce the impact of service disruptions by ensuring its infrastructure is protected and services are not interrupted, thereby enabling continuous services to its customers. The Cyber Security and Physical Security functions are responsible for ensuring confidentiality, integrity and availability of information and information processing facilities, including telecommunication systems and infrastructure and to protect against cyber-attacks, fraudulent activities, information loss and other security risks and threats arising internally and externally. The Fraud Management function manages and mitigates the risk of relevant fraud and related losses. Some of its key activities involve developing and designing internal fraud controls which are regularly reviewed to ensure relevance andeffectiveness.Fraudawareness activities,measures and continuous actions are taken to ensure telecommunication fraud is minimised and the requirement for preventive controls are embedded into business processes. Security Assurance and Maturity Assessment activities in accordance with Information Security Forum standards are performed to ensure network security protection. This includes conducting security awareness sessions, running vulnerability management and security posture assessments, and continuous security monitoring and governance in security compliance audits and risk management. Digi complies with the ISO 27001:2013 – Information Security Management System. Periodic meetings are held with the Digi Management Team and Chief Technology Officer to discuss and approve security initiatives, activities, policies and projects driven by the Security department. Business Continuity Management (BCM) Digi recognises the importance of providing uninterrupted mission critical and time sensitive products and services to its customers. Hence, disruptive incidents are handled and responded to effectively to ensure a structural recovery that safeguards the interests of its stakeholders, as well as to protect the credibility and reputation of Digi. Digi complies with ISO 22301: Business Continuity Management. The Management continuously leads the drive to enhance Digi’s Business Continuity processes which encompass emergency response, crisis management, crisis communication, business continuity and Network and IT disaster recovery. In addition, Digi has an annual BCM programme which includes awareness, training, review and validation on the efficiencies and effectiveness of BCM. Statement on Risk Management and Internal Control 122 Digi.Com Berhad At A Glance Message To Shareholders How We Create Value Strategies To Create Value
RkJQdWJsaXNoZXIy ODU0MjU5