BIMB Integrated Annual Report 2019

KEY INTERNAL CONTROL STRUCTURE The Board has established the following key processes to review the adequacy and effectiveness of the system of internal controls, including: • Risk Management Framework The Board has established an organisational structure and charter with clearly defined lines of responsibility, authority limits and accountability in association with the Group’s business and operational requirements in order to maintain a sound control environment. The organisational structure is as follows: Each key operating subsidiary has appointed its own qualified risk officer who is responsible for monitoring, assessing and managing the risks associated with its business and operations. The RMD of each subsidiary is tabled at the GRMC, and where relevant, subsequently tabled at BHB’s BRC. The BRC or the BAEC/BARC (as the case may be) of the key operating subsidiaries will update their respective Boards on any new regulatory or statutory requirement that could impact the internal control and the risk management principles, policies, procedures and practices of the Companies and its subsidiaries. • Risk Appetite The BRC, through the Group’s key operating subsidiaries, establishes the risk appetite and risk tolerance for the relevant entities. The defined risk appetite and risk tolerance are periodically reviewed by the respective Management and the respective Boards in line with the Group’s business strategies and operating environment. Such review includes identifying and setting new risk appetite metrics for the business entity or removal of risk appetite metrics that are no longer applicable and updates on the risk appetite thresholds to be in line with the Group’s business strategy and risk posture. The main business and operations inherent risks that were considered in the risk appetite review include regulatory compliance risk, credit risk, market and liquidity. • Board Audit and Examination Committee (“BAEC”) The BAEC of BHB reviews the adequacy of internal controls within the company based on the assessment performed by the internal auditors. Similarly, the BAEC of the key operating subsidiaries reviews relevant matters pertaining to its internal accounting controls on quarterly basis. In addition, the BAEC of BHB and its key operating subsidiaries also review and assess the adequacy of the scope and effectiveness of the internal and external audit functions. The BAEC assesses the independence and the quality of the external auditors’ resources. All significant findings by the internal auditors, external auditors and regulators are reported to the BAEC for review and deliberation. The BAEC reviews and ascertains that mitigation plans are implemented by Management to safeguard the interests of the Group and upkeep proper governance. The risk responses and internal controls that the Management has initiated are documented and recorded in the BAEC meeting minutes. Pursuant to Paragraph 15.17(f) of the Listing Requirements of Bursa Malaysia Securities Berhad, three (3) separate meetings with the external auditors were conducted with the BAECof BHBwithout the presence of theManagement, to discuss on any issues relating to the Group during the financial year ended 31 December 2019. BRC GMC BAEC GRMC INTERNAL AUDIT & SHARIAH AUDIT EXTERNAL AUDIT Compliance Shariah Supervisory BOARD OF DIRECTORS Risk management is considered an integral part of the Group’s day-to-day operations to facilitate BHB in achieving its objectives and to protect its shareholders and stakeholders’ interest. Risk management is embedded in the Group’s key processes and monitored through a Risk Management Dashboard (“ RMD ”) report. The Group’s key operating subsidiaries report their risks via the RMD at their BRC six (6) times a year. BIMB Securities reports its risks via the RMD at its BARC on quarterly basis. The Group’s risk management framework is in place to ensure that there is an effective on-going process in place to manage risk across the Group. This process is regularly reviewed by the Board through the BRC which provides oversight over the risk management activities for the Group. The BRC also assists the Board to review the Group’s overall risk management philosophy, frameworks, policies and models. In discharging its overall duties and responsibilities, the BRC is supported by the GRMC which monitors and evaluates the effectiveness of the Group’s risk management system on an on-going basis. In addition to the risk management framework, the Group’s key operating subsidiaries, namely Bank Islam and Takaful Malaysia have implemented the Internal Capital Adequacy Assessment Process (“ ICAAP ”) framework to ensure that the Group maintains adequate capital levels consistent with the risk profiles including capital buffers to support the Group’s current and projected demand for capital under existing and stressed conditions. 156 Integrated Annual Report 2019 Group Overview Sustaining The Group Management Discussion & Analysis Group Governance STATEMENT OF RISK MANAGEMENT AND INTERNAL CONTROL