Our Board recognizes the importance of sound risk management and internal control system practices to good corporate governance with the objective of safeguarding the shareholder’s investment and the Group’s assets. 

Our Board also acknowledges overall responsibility for the Group’s risk management and internal controls. This includes the establishment of an appropriate control environment and framework, as well as the need to review the effectiveness,adequacy and integrity of this system.

Our Group conducts periodic testing on the adequacy, effectiveness and integrity of the internal controls to ensure the achievement of objectives on the effectiveness and efficiency of operations, the reliability of financial reporting and compliance with applicable laws and regulations.

Our Group has in place an ongoing control structure and process for identifying,evaluating and managing the significant risks faced by the Group to the achievement of business objectives and strategies throughout the financial year under review. This process is regularly reviewed by our Board with the assistance from Audit Committee (“AC”) and the management. The Board retains overall responsibility for implementing and monitoring the internal control and risk management process within the Group.

Our Group’s system of internal control is designed to manage, rather than eliminate the risk which could arise from human error, the possibility of poor judgment in decision making, control process being deliberately circumvented by employees and others, management overriding controls and the incidence of unforeseeable circumstances.

Accordingly,it must be recognised that the system can only provide reasonable and not absolute assurance against misstatement, breaches of laws or regulations, fraud or losses. In addition, our management also takes into consideration the expected cost and benefits to be derived from the implementation of the internal control system.

Our statement is prepared in accordance with the Practice 9.0 of the MCCG 2017 and guided by the “Statement On Risk Management and Internal Control: Guidelines For Directors Of Listed Issuers”. This guideline set out the obligations of management and the Board with respect to risk management and internal control.It also provides guidance on the key elements needed in maintaining a sound system of risk management and internal control and describes the process that should be considered in reviewing its effectiveness. The scope of the disclosure excludes associated company which is not under the control of the Group.


The Group recognises that it is obliged to systematically manage and regularly review its risk profile at a strategic, financial, compliance and operational level. Our Group’s Enterprise Risk Management (“ERM”) framework incorporates the principles and guidelines of ISO 31000:2009 Risk Management. The framework defines our Group’s intention and commitment towards effective risk management and internal control practices. It also determines the responsibilities of the Group involves in ERM, outlines the risk management process and identifies tools for realising the Group’s objectives aside from supporting and sustaining risk management throughout the organisation. It supports our Group’s efforts to achieve the highest levels of corporate governance, including the creation of value in the short and long-term.

The key success factors of our Group’s risk management process are active contribution and communication at operational and strategic level. Our Group’s risks are managed on an integrated basis and their evaluation is incorporated into the Group’s decision-making process such as strategic planning and each project feasibility studies. The continuous practices and application at Group-wide will ensure our Board has sufficient and accurate information about the level of risk the Group wants to take and with that information,appropriate controls will be implemented to ensure the achievement of the established business objectives.

Our Board believes that the risk management framework is adequately overseen through the AC and assisted by the management via formation of Risk Management and Compliance Committee (“RMCC”). The RMCC is represented by senior management from all business functions of the Group. The Committee met three (3) times in 2017. This Committee which is cross-functional in nature, was formed to assist the Board in implementing the processes for identifying, analysing, evaluating,monitoring and reporting of risks and internal controls and to ensure proper management of risks to which our Group is exposed and to take appropriate and timely actions to manage such risks. The AC which consists of members with diversity in the industry and business knowledge will periodically review the risk management report and provides an objective view on the risk identification, assessment and challenge the management on the adequacy of mitigating strategies.

A strong culture of ownership and accountability is further built through a clear identification of specific roles and responsibilities in our framework that is Board, Management Committee, RMCC, Risk Management and Compliance Department, Risk Owner, Risk Co- Owner, Internal Audit Department and all staff. This has improved their understanding of the boundaries of their responsibilities and how their positions fit into the organisation’s overall risk and control structure as well as minimising the potential gaps in controls and unnecessary duplications of coverage.


During the year under review, our Group’s ERM approach which priorities risk according to their likelihood and impact goes through the following steps :

Department or Business Unit Risk Assessment:

The risk owner performs an exercise to identify and assess risk. The main sources of reference used at the identification phase are the business plans and budgets, financial and production performances, board and annual reports, audit findings, market and sector research, compliance report and historical data. The exercise also covers a comprehensive occupational health and safety risk assessment process through the Hazard Identification, Risk Assessment and Risk Control (“HIRAC”). The risk owner provides the Risk Management and Compliance Department (“RMCD”) with risk register updates on a quarterly basis. The risk level is determined according to their respective financial or non financial risk parameter.


Presentation to the RMCC:

The RMCD will facilitate the Risk Owner during the risk assessment and risk action planning. Each risk will be evaluated in terms of the adequacy and effectiveness of the existing internal checks and balances controls, so as to provide a reasonable assurance that the likelihood and impact of the adverse event are within a manageable and acceptable level. The level of likelihood of a particular outcome actually occurring, including a consideration of the frequency of the event are determined using an approved likelihood parameter. The impact of an event is similarly evaluated using an approved financial or non-financial impact parameter. The RMCC will review, rank and debate the risk profile, its ratings, control effectiveness and risk treatment options plans identified by the Risk Owners.






Compilation of Group Risk Profile:

The Group Chief Risk Officer extracts all the endorsed top risk as tabled in RMCC as the Group Risk Profile in accordance with the Group’s financial or non-financial risk parameter.






Audit Committee Review:

The AC provides an objective view on the significant risks presented by the Group Chief Risk Officer. The AC will requests and challenges risk information and its risk mitigation strategies implemented by the Group. The AC also acts as change catalyst in risk and control areas in the Group.






Board of Directors Review:

The Chairman of AC will bring to the Board’s attention, the significant risks as tabled and discussed in the AC meeting. The Board will then determines the final decision on the risk treatment options and risk action plans proposed by the management.

In ensuring our Group achieves its objectives, sustains the businesses and continues to add value to the stakeholders in the short, medium and long-term,our risk management process and approach is tailored to Group’s structure and its constantly changing environment to ensure that our Group can continuously monitor and review its risks and the effectiveness of its risk management overtime. Based on the results of monitoring and reviews, decisions are made on how the risk management program can be improved. These decisions should lead to improvements in our Group’s management of risks and its risk management culture.

A separate risk management function also exists within our Group’s listed subsidiary with the establishment of its own RMCC to assess and evaluate the risk management process of the company on a periodic basis.

In essence, the management of risks is treated as an iterative process. The benefits arising from effective risk management processes is the creation of awareness of risks among employees of different departments and business units.



The identification of our significant risks during the year was taking into consideration the internally and externally driven factors. The following represents our Group’s top strategic and operational risks that if we not effectively manage may create a significant or material adverse impact to the Group as well as impede the achievement of the established objectives and affect the Group’s ability to create value.



Economy-wide phenomena which affect the rate of industry growth, CPO, O&G prices and increase operating costs.

• Market intelligence and being up-to-date on market conditions.

• Combination strategies of spot and forward contract for sales and procurement.

• Creation of new revenue stream.

• Enhance the productivity and efficiency through an innovative solution.

• Cost optimisation initiatives and prudent CAPEX and OPEX management.

Replacement of Investment is critical in ensuring growth and business continuity.

• Continuously explore and secure new opportunities with innovative solutions.

• Comprehensive assessment and feasibility study for each new investment.

• Incorporate good governance and internal controls practices.

New Investment’s Risks with regards to the industry, laws and regulations, politics, country, and local risks.

• Revisit and strengthen the strategy to ensure the success of the investment.

• Putting in place workable internal control and monitoring framework including corporate and systems infrastructure.

• Proactive engagement with business partners and local stakeholders.

Liquidity Risk on existing and future funding requirements in meeting its financial obligations.

• Matching of inflows and outflows of cash and maintaining sufficient credit facilities.

• Borrowings are created in a particular currency to match payments and receipts or liabilities and assets.

• Capital restructuring.

• Monitor the agreed covenants with the lenders.

Safety, Health and Environment (‘SHE”) commitment towards building a fair, ethical and responsible company.

• Ensuring that SHE’s related issues are preventable; establish a workable and consistent approach to ensure no repetitive occurrences.

• Embraces the principles of sustainable development in respect of People, Planet and Profit.

• Embarks on various initiatives in achieving the emissions reduction targets.



The Board and the management committed in establish a strong control environment through a robust and effective check and balance. The control environment comprises the integrity and ethical values, the parameters enabling the Board to carry out its governance oversight responsibilities, organisational structure and assignment of authority and responsibility and effective human capital management. The Group’s established objectives will be achieved through the commitment in continuously enhancing the design of the internal control environment through the adoption of various policies and procedures.


The Board and Management Committees are set up to promote corporate governance,transparency and accountability and to assist the Board in implementing and monitoring the system of internal controls within the Group with the aim of realising the vision, mission, strategies and objectives established for the Group.

The Committees oversee the areas assigned according to their Terms of Reference (“TOR”) which are carefully developed to ensure that it is aligned with the Group’s objectives, short-term and long-term strategic plans and to avoid overlapping activities and gaps in governance coverage.




Management Committee (“MCM)

To review and evaluate the performance progress including the key policy and strategy implementations of the various divisions, subsidiaries and operating units of the Group.  Where authorised, to formulate and approve matters relating to Group policy, objectives and business strategy and projects, and where necessary to evaluate and recommend for Board’s approval.

Board of Survey

To review all requests pertaining to write-off or write-back on fixed assets, debtors, stocks and creditors and recommend them for the ratification of the MCM.

Executive Committee (“EXCO”)

To coordinate departmental roles and administrative matters in relation to the various divisional operations and to review, recommend and seek Management’s approval on any related proposals.

Management Committee – Budget, Tender and Additional Capital & Revenue Expenditure (“MCM – Budget AF & Tender”)

To recommend to the MCM the award of contracts for purchases and projects to suppliers/ contractors in accordance with the Contract Administration Guidelines and Procedures of the Company.

To review the budget and all requests pertaining to capital and revenue spending and to recommend them for the ratification of the MCM.

Sustainability and Initiatives Council

To oversee and monitor the development, implementation, maintenance, compliance and effectiveness of all matters relevant to sustainability and quality initiatives of the Group as well as ensuring compliance with the principles and criteria of RSPO. Periodic assessment and prioritisation of legal compliance risk areas and review the efficiency and effectiveness of Group-wide compliance activities.

Risk Management and Compliance

To review, rank and debate the risk identified, its ratings, control effective and other option plans on a periodic basis to ensure that the Group is managing risks effectively.

Periodic assessment and prioritisation of legal compliance risk areas and review the efficiency and effectiveness of Group-wide compliance activities.

Appraisal, KPI and Bonus Committee

To deliberate on performance, KPIs, behavioral competencies and recommend appropriate increments, promotions and merit of all executives and corporate office staff.

Palm Oil Marketing Committee

To review and decide on the appropriate selling arrangement, quantity and prices of the Group’s palm products.

Plantation Performance Committee

To ensure that estates and mills owned and managed by the Group operate in accordance with Group’s requirements and at the best possible standards.

Plantation Budget Review

To ensure that the Plantation Operation budget is prepared with the objective of maximizing the long-term profitability of the Group’s oil palm plantations, and at the same time, maintaining their sustainability

OSH Committee

To foster cooperation and consultation between the management and workers in identifying, evaluating and controlling hazards at workplaces.

The Company has also established committees to ensure the effective management and supervision of the Intrapreneur Ventures (“IV”) companies.




IV Monitoring and Executive Committee (“IV EXCO”)

To monitor progress and development of all the IV companies with the objective of strengthening respective business and management capabilities by providing necessary business guidance and referrals.

To evaluate the viability of projects, proposals, funding, capital expenditure or capital adequacy of the IV companies.

Audit and Inspectorate Coordination Committee

To monitor the internal control system and recommend improvement of the internal control system and practices to achieve the Company’s objectives.

To ensure that the operations of IV companies are in compliance with laws and regulations and the Group’s Code of Conduct and Business Ethics and that the IV companies are being managed in line with the aspiration and expectations of Kulim.

Agreement Committee

To ensure that material agreements are forwarded for Committee discussion and/or approval. This is to ensure and safeguard the Group’s interest.

Central Credit Control Committee

To appraise the IV companies on its financial health, performance and compliance to Malaysian Financial Reporting Standards (“MFRS”), Income Tax Act 1967 and internal controls of the IVs which are related to credit control.

Project Risk Evaluation Committee

To ensure that IV companies/projects are being run, coordinated and managed at the best possible standards and in compliance with the Group’s requirements and risk management policies.


Our Group policies and procedures are developed to ensure the effectiveness and efficiency of our operations, financial and non financial reporting’s reliability, timeliness, transparency as set forth by regulators and adherence to the laws and regulations that our business is subject to.

These policies and procedures are approved by management and the Board. Periodically, we review them to ensure it stay relevance and effective. Among others, the Group policies and procedures in place are:

• Accounting Policy & Procedures

• Agriculture Manual

• Contract and Purchasing Guideline Procedures

• Environmental Policy

• Forward Sales Policy

• Halal Policy

• Internet Access Policy

• Occupational, Safety & Health Policy

• People Policy

• Quality Policy

• Sustainability Policy


Our Group acts in accordance with Malaysian Financial Reporting Standards and the requirements of the Companies Act 2016. Review of our actual performance against budgets and performance in prior periods are also being carried out and appropriate mitigating and monitoring are continuously carried out.

Our AC together with management reviews the Group’s quarterly financial performance and then subsequently reported to the Board. The Group’s financial results and operational performance will be assessed by the AC which particularly focusing on changes in major accounting policy, any significant matters or unusual events or transaction, related party transactions and integrity of the Group financial information.

We have Financial Authority Limit which defines revenue and capital expenditure spending limits for each level of management within the Group. These limits cover authority for cheques signatories, major capital and revenue expenditure spending limits, purchasing and contract procedures and approval mechanism for a budget.

Our 5-years strategic planning exercise is conducted annually and approved by the Board. Our Group is guided by this 5-years strategic planning which specifically outlines the business objectives and strategies. In this challenging economic and business landscape, new opportunities and innovative strategies are continuously explored to create competitive advantage which ultimately will expand our business and investment portfolio. In this respect, we have commenced our Blue Ocean Strategy Framework in our 2017 strategic planning exercise.


Our Group’s organisation structure delineates the line of authority, responsibility and accountability. Its formation is focusing on both performance delivery and business continuity through succession planning. It fosters and promotes the continual development of employees, and ensures that key positions maintain some measure of stability, thus enabling our Group to achieve business objectives.

The structure supports our Group’s ability to ensure that qualified and experienced management personnel which head the Group’s diverse operating units are always available and in place to carry out their job functions. Training analysis is conducted annually and various internal and external training programs are in place to fulfill the actual skills and knowledge required. Their performance is measured against the established Balanced Scorecard which has been approved by the Board.


Our Group is committed to complying with all statutory and regulatory requirements and we are subject to regular inspections by the relevant authorities. Our compliance program starts in the year 2017 with a bi-monthly compliance reporting from each department and business units to RMCD and subsequently reported to RMCC and AC.


Our Group’s corporate integrity initiatives are crafted to aspires the conduct of our affairs is in an ethical, responsible and transparent manner.  We are committed to the highest standard of integrity, openess and accountability in the conduct of our businesses and operations.


A number of channels are available for our employees to report any non-compliance with the Code of Ethics or any unlawful activity. On annual basis, all employees are required to submit the Ethics Declaration Form which has been long established as a formal avenue for all employees to report directly to the Executive Director of any misconduct or unethical behaviour conducted by any employees within our Group.


Our Business Policy and Code of Ethics are the keys policies that govern and act as a guideline on the standards of conduct that are expected from Board, management and employees and help them make the right decision in the course of performing their jobs to the highest standards of ethics, integrity and governance.


Our Whistleblowing Policy was introduced to ensure that a process is in place to allow stakeholders to report alleged improper or unlawful conduct without fear of retribution. It is an integral component of the Group’s zero tolerance policy on fraud and corruption.


Apart from the Corporate Integrity Pledge, we have in place No Gift Policy and Conflict of Interest Policy which the primary objective is to avoid conflict of interest and to indicate our Group’s commitment to accord equal treatment to all individuals and organisations in their dealings with our Group.


Our Grievance Policy and Procedure, as well as Women OnWards, were introduced to allow employees to bring to the attention of the management any dissatisfaction or feeling of injustice which may exist in respect of the workplace. The management will attempt to resolve the grievance in a manner, which is acceptable to the employee concerned and the Group.

All the corporate integrity initiatives were designed with the aims of strengthening our Group’s integrity culture, infrastructure and further strengthen stakeholder confidence.


Our Business Continuity Management system aims to identify potential threats and disruptions to our Group-wide business and build the capacity to deal with them. Our system covers both, the availability of an effective infrastructure and hedge against the potential risk of financial losses through insurance coverage.

The activities of reviewing and testing our recovery plans have been conducted continuously to ensure the availability and its effectiveness. These activities include fire drill,Information Technology (“IT”) system recovery test and knowledge enhancement to our OSH committee members, Emergency Response Team members, IT Team and employees.