Corporate Governance Risk management and internal control system An important aspect of governance and management best practices is to strengthen internal controls and to ensure that organizational risks are identified, assessed and managed in a timely manner. The Institute’s risk management structure is as shown in diagram below. To maintain sound and effective internal control and risk management systems for the Institute, the management has established policies and procedures to ensure that procurement, payments and contracts are properly reviewed and authorized, assets and data are safeguarded as well as all company records are accurate and complete. Management meets regularly to review RISK MANAGEMENT STRUCTURE Overall oversight Make management decisions, consider reports and recommendations EXECUTIVE COMMITTEE Independently advise the Institute on its financial and risk management arrangements Design and implement internal control systems, policies and procedures Independent risk assessment and review internal control INTERNAL AUDIT COUNCIL AUDIT COMMITTEE MANAGEMENT the operation and to update the policies and procedures, controls and reporting to ensure that they remain in line with relevant standards, laws and regulations for sound corporate governance. The Audit Committee is appointed by the Council to assist the Council in fulfilling its governance and oversight responsibilities in relation to financial reporting and internal controls. The Audit Committee independently advises the Institute on its internal control system and relevant financial and risk management arrangements. The committee also considers the internal assessment of risks carried out by Internal Audit for determining the key areas of focus of the annual audit plan. This ensures the ongoing review of these controls is provided through the work of Internal Audit. Internal Audit provides the Audit Committee and management with independent and objective assurance on the effectiveness and adequacy of the internal controls under review. The annual internal risk assessments undertaken by Internal Audit are formulated for the purpose of determining the key areas of focus in drawing up the internal audit plan. A yearly internal audit plan is prepared for review and approval by the Audit Committee. The scope of work includes financial and operational review, recurring and unscheduled audit, investigation and compliance review. The Institute has a whistleblowing policy, which provides an independent reporting channel for employees and other parties to raise concerns (in confidence) about possible improprieties. 32
RkJQdWJsaXNoZXIy MTkzNjgzNg==