The Board recognises its overall responsibility in reviewing and maintaining a sound system of internal control and risk management practices to ensure good corporate governance. Both elements are designed to manage and mitigate risks within acceptable risk tolerance levels whilst in compliance with established policies, objectives and statutory mandate of KWAP.
Statement on Internal Control
The Board also recognises the existence of an on-going process to evaluate the effectiveness and integrity of the system of internal control via identification, assessment and management of risks faced by KWAP. In view of the inherent limitations in any system of internal control, the system is designed to manage rather than eliminate the risk of failure in the achievement of goals and objectives of KWAP, and therefore only provide reasonable but not absolute assurance against material misstatement, mismanagement or loss.
The system of internal control is reviewed and updated from time to time, to align with the dynamic changes in the business environment or the risk profiles faced by KWAP. The Board has acknowledged that its Management team responsibly implements the Board policies, procedures and processes on risks and controls.
The role of Management includes:-
• Identify and evaluate the relevant risks in achieving KWAP’s objectives and strategies;
• Formulate relevant policies and procedures to manage these risks;
• Design, implement and monitor a sound system of internal control; and
• Report in a timely manner to the Board any changes to the risks and corrective actions taken.
Key Internal Control Processes
The key processes that the Board has established in reviewing the adequacy and effectiveness of the risk management and internal control system include the following:-
• Audit Committee
It is a Board level committee tasked to ensure the formulation, adequacy and integrity of the system of internal control, provides
oversight of the financial statements of KWAP as well as the execution of management responsibilities.
All significant findings raised by the internal auditors, external auditors and third party assurance providers are reported to the
Audit Committee for review and deliberation. The Audit Committee continually reviews and ensure the implementation of Management’s action plans to address those findings raised.
• Risk Committees
Board level Risk Management Committee is established to assist the Board in the discharge of its risk management functions as well as formulation and execution of the risk management strategies and policies. These policies and guidelines serve as a foundation for the risk management activities within KWAP. Amongst the key responsibilities are to assess and approve proposal on risk management policies and procedures and determine the risk appetite, tolerance and parameters to the Board for adoption.
At Management level, the Enterprise Risk Management Committee is established to assist the Board Risk Management Committee in deliberating risk management strategies, policies and guidelines prior to its approval. Among its functions are to review and assess KWAP’s risk exposure and decision making on the most appropriate mitigating controls. The Enterprise Risk Management Committee is also responsible to ensure availability of infrastructure, resources and systems for effective risk management.
• Executive Committee
The Executive Committee (EXCO) is primarily responsible for the execution and evaluation as well as the effective communication of key operational and management decisions throughout KWAP.
• Information Technology Management Framework
The Information Technology (IT) Management Framework, approved by the Board is established to provide stakeholders assurance that KWAP’s business is able to leverage on IT to deliver optimal benefits, control is exercised over information and IT resources, IT related risks and Compliance managed.
• Internal Policies and Procedures
Policies, procedures and processes are recorded in operation manuals and guidelines and reviewed on a periodic basis. These documents are used to determine adherence to the system of internal control.
• Human Resource
Proper guidelines for the employment and termination of employees, avoidance of conflict of interest, declaration of assets and liabilities, semi-annual and annual performance appraisals as well as training programs are formulated in assuring competency, capabilities and performance of employees in executing their professional responsibilities.
• Performance Review
The annual business plan and annual budget of KWAP are prepared and tabled to the Board for review and approval. In addition, the actual performance of KWAP is assessed against the approved business plan and budget by the Board on a monthly basis whereby significant variances, if any, are explained by Management to the Board.