ANNUAL REPORT 2014
27
INTERNAL CONTROL
STATEMENT
In accordance with Paragraph 15.26(b) of the Listing Requirements of Bursa Malaysia Securities Berhad (“Bursa”), the
Board of Directors (“Board”) of listed company is required to include in its annual report, a statement about the state
of internal control of the listed issuer as a group. Further, the Malaysian Code on Corporate Governance stipulates
that the Board should establish a sound risk management framework and internal controls system to safeguard the
Group’s assets and shareholders’ investments. Accordingly, the Board is pleased to provide the Internal Control
Statement which outlines the nature and scope of internal control of APM and its subsidiaries (“the Group”) during the
financial year ended 31 December 2014.
BOARD’S RESPONSIBILITY
The Board is committed in maintaining a sound system of risk management system and internal control to safeguard
the shareholders’ investment and the Group’s assets. The Board acknowledges and affirms its responsibility
by reviewing the adequacy and integrity of the Group’s risk management and internal control system. Due to the
limitations inherent in any system of internal control, such a system is designed to manage rather than eliminate the
risk of failure to achieve business objectives. Accordingly, it can only provide reasonable and not absolute assurance
against material misstatement or loss.
The Board has established a process for identifying, evaluating and managing significant risks faced by the Group.
This is embedded in the Group’s Risk Management Framework (RMF) and the internal control system. These are
reviewed on a periodic basis to ensure their continued effectiveness, adequacy and integrity. The Audit Committee
which has oversight responsibility over risk management and internal control, assists the Board in reviewing the
adequacy and integrity of the system of risk management and internal control in the Group.
The membership of the Audit Committee, summary of its terms of reference and activities are set out on pages 30 to
33 of the Annual Report.
RISK MANAGEMENT
Risk management is an integral part of the Group’s business operations. The Group has implemented a risk
management framework and established a process for the identification, evaluation and reporting of the major risks
within the Group. The process established accords with the “Statement on Risk Management and Internal Control:
Guidelines for Directors of Listed Issuers”, a publication of Bursa.
The Group Risk Management Committee is responsible for creating risk-awareness and monitoring major risks whilst
the subsidiaries’ management is responsible for managing risks, developing, implementing and monitoring the system
of internal control. The Internal Audit department assists to review the progress of implementation of the subsidiaries’
risks response plans and the effectiveness of existing controls in managing the relevant risks. The results of the
reviews are presented in the Group Risk Management Committee meetings. In addition, Internal Audit department
also provides training support to subsidiaries upon request or where necessary, to ensure that the established risk
management process is carried out appropriately.
Continuous efforts are taken to monitor and re-assess the existing risk management framework in order to maintain a
proper system of managing risks as well as the related control activities.
The Group has in place a Fraud Prevention Policy (FPP) and a Special Complaints Policy (SCP) to mitigate the
risks of fraud, corruption and other irregularities. The policies establish a procedure that allow employees and
other stakeholders to report any wrongdoing by any person in the Group so that appropriate action can be taken
immediately. All concerns raised via the SCP channels will be addressed. The policies also include provisions to
safeguard the confidentiality of the informants, if he or she has acted in good faith, and measures to avoid abuse of
the policy for the purposes of making false or malicious allegations.
