Governance Statement
Digital annual report 2016
Statement on Risk Management and Internal Control
The board of directors of Kulim (Malaysia) Berhad (“The Board”) is pleased to provide the statement on risk management and internal control pursuant to the revised Malaysian code on Corporate Governance 2012 (“MCCG 2012”) in reporting the state of its internal control and establishing a sound risk management framework and internal control system.

The statement is prepared in accordance with the “Statement On Risk Management and Internal Control: Guidelines for Directors of Listed Issuers”. These guidelines set out the obligations of management and the board with respect to risk management and internal control. It also provides guidance on the key elements needed in maintaining a sound system of risk management and internal control and describes the process that should be considered in reviewing its effectiveness.

The Board acknowledges overall responsibility for the Group’s risk management and internal controls. This includes the establishment of an appropriate control environment and framework, as well as reviewing the effectiveness, adequacy and integrity of this system.

The Board recognises the importance of sound risk management and internal control system practices to good corporate governance with the objective of safeguarding the shareholder’ investment and the Group’s assets. Good corporate governance practices contribute towards enhancing business prosperity and corporate accountability with the ultimate objective realising long-term shareholders’ value, whilst taking into account the interests of other stakeholders.



To ensure that effective corporate governance is practised throughout the Group, the Group adopts an Enterprise Risk Management (“ERM”) framework which incorporates the principles and guidelines of ISO 31000:2009 Risk Management. The framework determines the process and identifies tools for realising the Group’s objectives aside from supporting and sustaining risk management throughout the organisation. It supports the Group’s efforts to achieve the highest levels of corporate governance, including the creation of value in the short and long-term.

The Group recognises that it is obliged to systematically manage and regularly review its risk profile at a strategic, financial, compliance and operational level. The Three (3) Lines of Defense make a distinction among three (3) groups involved in effective risk management. As the first line of defense the management owns and manages risks. They are also responsible for implementing corrective actions to address process and control deficiencies.

The second line of defense ensures that the first line of defense is properly designed, in place, and operating as intended. As oversight functions, they may intervene directly in modifying and developing the internal control and risk systems.

On the third line of defense, internal audit provides assurance on the effectiveness of governance, risk management and internal controls, including the manner in which the first and second lines of defense achieve risk management and control objectives.

The Risk and Issues Management Committee (“RIMC”) is represented by senior management from all functions of the Group. The Committee met three (3) times in 2016. This Committee, which is cross-functional in nature, was formed to assist the Board in implementing the processes for identifying, analysing, evaluating, monitoring and reporting of risks and internal control and to ensure proper management of risks to which the Group is exposed and to take appropriate and timely actions to manage such risks.

On an annual basis, the Internal Audit function assists the Board in reviewing the effectiveness of risk management and internal controls and providing an independent view on specific risks and control issues, the state of internal controls, trends and/or events.

The ERM risk reporting structure; risk management and internal controls are intertwined within the Group’s activities at a strategic and operational level.

The structure of the ERM risk reporting promotes the active participation of executive management in all of the operational and strategic decisions affecting their business units. A strong culture of ownership and accountability is built through a clear identification of specific roles and responsibilities of the Board, Management Committee, RIMC, Risk Management and Compliance Department, Risk Owner, Risk Co-Owner, Internal Audit Department and all Staff.

The unambiguous identification of roles and responsibilities among these groups promotes improved accountability so that there are neither gaps in controls nor unnecessary duplications of coverage. This has also improved the control owner’s understanding of the boundaries of their responsibilities and how their positions fit into the organisation’s overall risk and control structure.

The key success factors of the Group’s risk management process are active contribution and communication at operational or strategic level. Group’s risks are managed on an integrated basis and their evaluation is incorporated into the Group’s decision-making process such as strategic planning and project feasibility studies. This will ensure the Group has reliable information and appropriate plans to handle the changing environment.

The Group’s ERM approach which prioritises risks according to their likelihood and impact goes through the following steps:

In ensuring the Group achieves its objectives, sustains the businesses and continues to add value to the stakeholders in the short, medium and long-term, the risk management process and approach is tailored to Kulim’s structure and its constantly changing environment to ensure that the Group can continuously monitor and review its risks and the effectiveness of its risk management over time. Based on the results of monitoring and reviews, decisions are made on how the risk management programme can be improved. These decisions should lead to improvements in the Group’s management of risks and its risk management culture.

A separate risk management function also exists within the Group’s listed subsidiary with the establishment of its own RIMC to assess and evaluate the risk management process of the company on a periodic basis.

In essence, the management of risks is treated as an iterative process. The benefits arising from effective risk management processes is the creation of awareness of risks among employees of different departments. This significantly enhances the Risk Ownership factor across the Group.

The following represents the Group’s top strategic and operational risks that may create a significant or material adverse impact to the Group as well as impede the achievement of the established objectives and affect the Group’s ability to create value over the short, medium and long-term.


Key to the Group’s Internal Control and Risk Management process is its Control Self-Assessment (“CSA”) process. The process is a recognised and flexible management tool for acquiring information about business process risks, while empowering the risk owners to undertake responsibility for managing those risks. Risk assessment and evaluation form an integral part of the annual strategic cycle. The Board, as part of the annual strategic review, considers and approves the Group’s risk structure. The Board has adopted a control framework for ensuring the achievement of the Group’s established objectives and that the Group’s business operations are effectively managed. The key elements of the Group’s system of internal control are as follows:
Board and Management Committees are set up to promote corporate governance, transparency and accountability and to assist the Board in implementing and monitoring the system of internal controls within the Group with the aim of realising the vision, mission, strategies and objectives established for the Group. The Committees oversee the areas assigned according to their Terms of Reference (“TOR”) which are carefully developed to ensure that it is aligned with the Group’s objectives, short-term and long-term strategic plans and to avoid overlapping activities and gaps in governance coverage.

The company has also established committees to ensure the effective management and supervision of the Intrapreneur Ventures (“IV”) companies.

The Board has established a formal organisation structure for the Group with delineated lines of authority, responsibility and accountability. The organisation structure is formed by focusing both on performance delivery and business continuity through succession planning. It fosters and promotes the continual development of employees, and ensures that key positions maintain some measure of stability, thus enabling the Group to achieve business objectives. The structure supports the Group’s ability to ensure that qualified and experienced management personnel which head the Group’s diverse operating units are always available and in place to carry out their job functions. Their performance is measured against Key Performance Indicators which have been approved by the Board.

Apart from the committees and parties mentioned in the Corporate Governance Statement, the Audit Committee Report and sections above, the other elements of the Group’s Internal Controls are as follows:
The Financial Authority Limit defines revenue and capital expenditure spending limits for each level of management within the Group. These limits cover authority for cheques signatories, major capital and revenue expenditure spending limits, purchasing and contract procedures and approval mechanism for budget.
Budget is an important control mechanism used by the Group to ensure an efficient allocation of Group’s resources and that the operational managers have sufficient guidance in making business decisions. Budgets are generated annually at each subsidiary and operating unit. For the plantation units, budgets will be reviewed by the Regional Controllers followed by their presentation to the Plantation Budget Review Committee for further deliberation. Significant subsidiaries will have their budgets reviewed by their own budget committee. All budgets will then be presented for deliberation at the MCM - Budget, Tender and AF Committee, and subsequently will be tabled to MCM for approval and endorsement. Finally the budgets will be presented to the Board for final review and approval.
A centralised and coordinated procurement function is established at each of the Group’s key business division which enables the Group to leverage on economies of scale and ensures adherence to authority limits, policies and procedures. Major contracts and supply works of both capital and revenue in nature exceeding the defined threshold amounts in the relevant contract procedure are required to be tendered out. Eligible bidders for contract works will need to attend a contract interview with the Contract Interview Committee, which is made up of representatives from several departments at the divisional headquarter including the acquiring unit’s Manager. The Contract Interview Committee will then forward the recommendations to the MCM - Budget, Tender and AF Committee for further review and approval.
The Group has reference manuals covering agricultural practices, procurement, financial operating system and financial policies and procedures. These will assist and guide employees on purchasing and contract awards, preparing of financial statements, observing the various internal control policies and procedures, as well as maintaining good management practices to ensure cost efficiencies, integrity of financial records and to safeguard the Group’s assets. The Board believes that all these control measures will significantly enhance the internal control of the Group.
The Group has in place a forward sales policy for its palm products which has been approved by the Board. For Malaysian palm oil products, the Group adopts a forward policy covering a maximum of six (6) months and 90% of the Group’s own fruits.
The Group is committed to complying with all statutory and regulatory requirement and is subject to regular inspections by the relevant government authorities.
The Group is committed to the highest standard of integrity, openness and accountability in the conduct of its businesses and operations. It aspires to conduct its affairs in an ethical, responsible and transparent manner. This Policy was introduced to ensure that a process is in place to allow stakeholders to report alleged improper or unlawful conduct without fear of retribution. It is an integral component of Kulim’s zero tolerance policy on fraud and corruption. The Group views seriously any detrimental action taken against a whistleblower or any person related to or associated with the whistleblower in reprisal for a disclosure of improper conduct and will treat such action as gross misconduct. This Policy aims to: encourage stakeholders to feel confident in raising serious concerns and to question and act upon concerns; provide avenues to raise those concerns and receive feedback on any action taken; ensure that whistleblowers receive a response and are aware of how to pursue further action if they are not satisfied; and provide reassurance that whistleblower will be protected from possible retaliation. The Group has also established a Grievance Policy and Procedure as well as Women OnWards so as to allow employees to bring to the attention of the management of Kulim any dissatisfaction or feeling of injustice which may exist in respect of the workplace. The management will attempt to resolve the grievance in a manner, which is acceptable to the employee concerned and the Group.
The No Gift Policy was established as part of the Group’s continuous effort to uphold the Anti-Corruption Principles through the Corporate Integrity Pledge. All employees and directors are required to demonstrate commitment to treating all people and organisations impartially, with unbiased professionalism and nondiscriminatory actions in relation to all suppliers, customers, contractors, employees, potential suppliers, potential employees, and any other individual or organisation. The Group will work towards creating a business environment that is free from corruption, protect the interests of the shareholders and will uphold the above principles in the conduct of its business.
This Code of Ethics defines the standards of conduct that are expected of employees to help them make the right decision in the course of performing their jobs to the highest standards of ethic, integrity and governance. Among others, the Code also requires the employees to ensure the following : maintaining full and accurate company records; all assets and property of the company will be used only for the benefit of the company; always dealing with customers and suppliers based on merit and fairness; engage competitors in a fair manner and not to engage in any unfair or illegal practice in order to gain an unfair advantage; always act to ensure a workplace environment that is free from harassment and discrimination; and deal with all team members with respect, courtesy and fairness. All employees are required to adhere to the Group’s Code of Ethics and to submit the Ethics Declaration Form annually.
Sustainability is a core value of the Group. Kulim has established its sustainability credentials by attaining RSPO certification. Safeguarding this reputation is critical to the organisation and the Group has put in place control measures in the form of appropriate policies, monitoring systems and procedures so as to minimise, if not prevent the risks of non-compliance with the requirements of RSPO. Among the key measures are:
  • Site follow-up visits and inspections are conducted on periodic basis to review the status of compliance, weaknesses and gaps in the implementations of various programs, which is also in line with the requirements of Principle 8 of RSPO on Continuous Improvement;
  • Key Performance Indicators (“KPI”) affecting key aspects of the certification requirements are developed to complement the economic indicators, which are subject to regular monitoring on their achievement progress;
  • RSPO trainings and briefings are conducted regularly to ensure changes and updates on RSPO requirements are communicated to all affected employees;
  • In relation to the requirements of laws regulation in the areas of safety and health, Kulim regularly collaborates with suppliers and contractors towards ensuring both parties’ responsibilities in complying with the relevant legislations;
  • Proper documentation and reference systems are established. These include Kulim Sustainability Handbook that sets out all relevant policies to guide employees. All system documentation are monitored and controlled through the Document Annual Review; and
  • In relation to the social impact of the business on the various levels of stakeholders, internal social impact assesments, guided by the SA8000 Standard are conducted on all Operating Units to identify shortcomings which are monitored through the Social Register.
Click For More Information...

Download This Section Download Full Report