BIMB Integrated Annual Report 2019

Based on the audit carried out in the financial year ended 31 December 2019, amongst the risk covered are non- compliance with regulatory requirements, non-compliance with procedures and policies, ineffective human resource management, deficiencies in procurement management, breach of cyber security and non-Shariah compliance. During the financial year under review, IAD issued a total of four (4) audit report of which two (2) for BHB (operations and IT) one (1) for BIMB Securities (H) Sdn. Bhd. and one (1) for Syarikat Al-Ijarah Sdn. Bhd. The scope of the Internal Audit reports covers improvement opportunities, audit findings, management responses and corrective actions in areas with significant risks and internal control deficiencies. All Internal Audit Reports on the Company and its wholly-owned subsidiaries were tabled to the BAEC for deliberation. The Management are present at the BAEC meetings to respond and provide feedback on the progress of business process improvement opportunities identified by IAD. The Minutes of the BAEC meetings are subsequently tabled to the Board for notification. As at 31 December 2019, a total of RM22,100.00 fees was payable to IAD, based on the staff strength of five (5) internal auditors with an estimated of 107 man-days. IAD Activities in 2019 The summary of the activities of the IAD for the year under review are as follows: a) Preparation of the Audit Plan for approval of the BAEC. The Audit Plan was developed based on assessment of the significant potential risk exposure of the auditable areas; b) Provide independent and objective assurance on the adequacy of internal controls implemented to mitigate risk exposures. Prepare audit report consist of observations, improvement opportunities, management responses, deadline and person in charge for implementation or corrective actions have been issued to the respective stakeholders; c) Follow-up on the Management corrective actions on audit issues raised by the IAD. Determine whether corrective actions taken had generally achieved the desired results; d) Report to the BAEC, the final audit report highlighted in the audit plan coverage, audit scope and risks covered, audit rating, significant audit findings, findings escalated for Management’s immediate action and status of corrective actions; e) Reported to the BAEC the adequacy, reliability, integrity and compliance of: • Risk management, internal controls and governance processes; • Information Technology, stress testing procedures and practices and the back-up system to cover for contingencies and disaster; • Regulatory reporting, accounting records, financial reports and management information; f) Review compliance with relevant legal, regulatory and internal policies as well as in compliance with Shariah rules and principles as determined by the Shariah Supervisory Council and Shariah Compliance Policy; and g) Provide an independent review on the related party transaction between Lembaga Tabung Haji, BHB and its subsidiaries. 146 Integrated Annual Report 2019 Group Overview Sustaining The Group Management Discussion & Analysis Group Governance Corporate Governance Overview Statement (Pursuant to Paragraph 15.25 (1) of the MMLR of Bursa Securities)