Our Board recognises the importance of sound risk management and internal control system practices to good corporate governance with the objective of safeguarding the shareholder’s investment and the Group’s assets. Our Board also acknowledges overall responsibility for the Group’s risk management and internal controls. This includes the establishment of an appropriate control environment and framework, as well as the need to review the effectiveness, adequacy and integrity of this system. Our Group conducts periodic testing on the adequacy, effectiveness and integrity of the internal controls to ensure the achievement of objectives on the effectiveness and efficiency of operations, the reliability of financial reporting and compliance with applicable laws and regulations. Our Group has in place an on-going control structure and process for identifying, evaluating and managing the significant risks faced by the Group to the achievement of business objectives and strategies throughout the financial year under review. This process is regularly reviewed by our Board with the assistance from Audit Committee (“AC”) and the Management. The Board retains overall responsibility for implementing and monitoring the internal control and risk management process within the Group. Our Group’s system of internal control is designed to manage, rather than eliminate the risk which could arise from human error, the possibility of poor judgment in decision making, control process being deliberately circumvented by employees and others, Management overriding controls and the incidence of unforeseeable circumstances. Accordingly, it must be recognised that the system can only provide reasonable and not absolute assurance against misstatement, breaches of laws or regulations, fraud or losses. In addition, our Management also takes into consideration the expected cost and benefits to be derived from the implementation of the internal control system. Our statement is prepared in accordance with the Practice 9.0 of the MCCG 2017 and guided by the “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers”. This guideline set out the obligations of Management and the Board with respect to risk management and internal control. It also provides guidance on the key elements needed in maintaining a sound system of risk management and internal control and describes the process that should be considered in reviewing its effectiveness. The scope of the disclosure excludes associated company which is not under the control of the Group.


The Group recognises that it is obliged to systematically manage and regularly review its risk profile at a strategic, financial, compliance and operational level. Our Group’s ERM framework incorporates the principles and guidelines of the ISO 31000:2009 Risk Management. The framework defines our Group’s intention and commitment towards effective risk management and internal control practices. It also determines the responsibilities of the Group involves in ERM, outlines the risk management process and identifies tools for realising the Group’s objectives aside from supporting and sustaining risk management throughout the organisation. It supports our Group’s efforts to achieve the highest levels of corporate governance, including the creation of value in the short and long-term.

The key success factors of our Group’s risk management process are active contribution and communication at operational and strategic level. Our Group’s risks are managed on an integrated basis and their evaluation is incorporated into the Group’s decision-making process such as strategic planning and each project feasibility studies. The continuous practices and application at Group-wide will ensure our Board has sufficient and accurate information about the level of risk the Group wants to take and with that information, appropriate controls will be implemented to ensure the achievement of the established business objectives.

Our Board believes that the risk management framework is adequately overseen through the AC and assisted by the Management via formation of Risk Management and Compliance Committee (“RMCC”). The RMCC is represented by Senior Management from all business functions of the Group. The Committee met four (4) times in 2019. This Committee which is cross-functional in nature, was formed to assist the Board in implementing the processes for identifying, analysing, evaluating, monitoring and reporting of risks and internal controls and to ensure proper management of risks to which our Group is exposed and to take appropriate and timely actions to manage such risks. The AC which consists of members with diversity in the industry and business knowledge will periodically review the risk management report and provide an objective view on the risk identification, assessment and challenge the management on the adequacy of mitigating strategies.

A strong culture of ownership and accountability is further built through a clear identification of specific roles and responsibilities in our framework that is Board, Management Committee, RMCC, Risk Management and Compliance Department (“RMCD”), Risk Owner, Risk Co-Owner, Internal Audit Department and all staff. This has improved their understanding of the boundaries of their responsibilities and how their positions fit into the organisation’s overall risk and control structure as well as minimising the potential gaps in controls and unnecessary duplications of coverage.


During the year under review, our Group’s ERM approach which priorities risk according to their likelihood and impact goes through the following steps:

Board of Directors Review:

The Chairman of AC will bring to the Board’s attention, the significant risks as tabled and discussed in the AC meeting. The Board will then determines the final decision on the risk treatment options and risk action plans proposed by the Management.

Audit Committee Review:

The AC provides an objective view on the significant risks presented by the Group Chief Risk Officer. The AC will request and challenge risk information and its risk mitigation strategies implemented by the Group. The AC also acts as change catalyst in risk and control areas in the Group.

Compilation of Group Risk Profile:

All the endorsed top risks as tabled in RMCC will be extracted as the Group Risk Profile in accordance with the Group’s financial or non-financial risk parameter.

Presentation to the RMCC:

The RMCD will facilitate the Risk Owner during the risk assessment and risk action planning. Each risk will be evaluated in terms of the adequacy and effectiveness of the existing internal checks and balances controls, so as to provide a reasonable assurance that the likelihood and impact of the adverse event are within a manageable and acceptable level. The level of likelihood of a particular outcome actually occurring, including a consideration of the frequency of the event are determined using an approved likelihood parameter. The impact of an event is similarly evaluated using an approved financial or nonfinancial impact parameter. The RMCC will review, rank and debate the risk profile, its ratings, control effectiveness and risk treatment options plans identified by the Risk Owners

Department or Business Unit Risk Assessment:

The risk owner performs an exercise to identify and assess risk. The main sources of reference used at the identification phase are the business plans and budgets, financial and production performances, Board and annual reports, audit findings, market and sector research, compliance report and historical data. The exercise also covers a comprehensive occupational, safety and health risk assessment process through the Hazard Identification, Risk Assessment and Risk Control (“HIRAC”). The risk owner provides the RMCD with risk register updates on a quarterly basis. The risk level is determined according to their respective financial or non-financial risk parameter.
In ensuring our Group achieves its objectives, sustains the businesses and continues to add value to the stakeholders in the short, medium and long-term, our risk management process and approach is tailored to Group’s structure and its constantly changing environment to ensure that our Group can continuously monitor and review its risks and the effectiveness of its risk management over time. Based on the results of monitoring and reviews, decisions are made on how the risk management programme can be improved. These decisions should lead to improvements in our Group’s Management of risks and its risk management culture. A separate risk management function also exists within our Group’s listed subsidiary with the establishment of its own RMCC to assess and evaluate the risk management process of the company on a periodic basis. In essence, the Management of risks is treated as an interactive process. The benefits arising from effective risk management processes is the creation of awareness of risks among employees of different departments and business units.


The identification of our significant risks during the year was taking into consideration the internally and externally driven factors. The following represents our Group’s top strategic and operational risks that if we not effectively manage may create a significant or material adverse impact to the Group as well as impede the achievement of the established objectives and affect the Group’s ability to create value.

Risk Factors Mitigating Strategies
Economy-wide phenomena which affect the rate of industry growth, CPO and O&G prices, and increase operating costs.
  • Market intelligence and being up-to-date on market conditions;
  • Combination strategies of spot and forward contract for sales and procurement;
  • Creation of new revenue stream;
  • Enhance the productivity and efficiency through an innovative solution; and
  • Cost optimisation initiatives and prudent CAPEX and OPEX management.
New Investment’s Risks in respect of the industry, laws and egulations, politics, country and local risks
  • Continuously explore and secure new opportunities with innovative solutions;
  • Comprehensive due-diligence exercise and feasibility study for each new investment;
  • Putting in place workable internal control and monitoring framework including corporate and systems infrastructure;
  • Revisit and strengthen the strategy to ensure the success of the investment; and
  • Proactive engagement with business partners and local stakeholders.
Liquidity Risk on existing and future funding requirements in meeting its financial obligations.
  • Matching of inflows and outflows of cash and maintaining sufficient credit facilities;
  • Borrowings are created in a particular currency to match payments and receipts or liabilities and assets;
  • Capital restructuring; and
  • Monitor the agreed covenants with the lenders.


The Board and the Management are committed to establish a strong control environment through a robust and effective check and balance. The control environment comprises the integrity and ethical values, the parameters enabling the Board to carry out its governance oversight responsibilities, organisational structure and assignment of authority and responsibility and effective human capital management. The Group’s established objectives will be achieved through the commitment in continuously enhancing the design of the internal control environment through the adoption of various policies and procedures.


The Board and Management Committees are set up to promote corporate governance, transparency and accountability and to assist the Board in implementing and monitoring the system of internal controls within the Group with the aim of realising the vision, mission, strategies and objectives established for the Group. The Committees oversee the areas assigned according to their Terms of Reference (“TOR”) which are carefully developed to ensure that it is aligned with the Group’s objectives, short term and long-term strategic plans and to avoid overlapping activities and gaps in governance coverage. During the period under review, we have set a broader functions of Plantation Budget Review and subsequently was renamed as Group Budget Committee. The primary functions of the Group Budget Committee are to deliberate and approve the budget for forthcoming year for Plantation Operation in Malaysia and Indonesia, IV companies, Strategic Business Unit (“SBU”), Kulim Agrotech Centre (“KAC”) , Kulim Top Plant Sdn Bhd (“KTP”), Agrofood Business and Kulim Corporate Office. The approved budget later will be consolidated in the Kulim’s Group 5-year strategic planning. In addition, the function of the Audit and Inspectorate Coordination Committee has been expanded to monitor and coordinate the IV companies, non-listed subsidiaries/ unit as well as support services within the Kulim Group. The composition of members of the committee is continuously tailored to collectively have good knowledge of the industries, ability to understand fundamental financial indicators, including the knowledge of key business and financial risk, and internal control fundamentals. This arrangement shall improve the evaluation process, the least element of surprises and ultimately provides a greater chance of success to the proposed investment.


Management Committee
Name of CommitteePrimary Function
Management Committee(“MCM”) To review and evaluate the performance progress including the key policy and strategy implementations of the various divisions, subsidiaries and operating units of the Group. Where authorised, to formulate and approve matters relating to Group policy, objectives and business strategy and projects, and where necessary to evaluate and recommend for Board’s approval.
Board of Survey and Additional Capital and Revenue (“AF”)
  • To coordinate departmental roles and administrative matters in relation to the various divisional operations and to review, recommend and seek Management’s approval on any related proposals.
  • To coordinate departmental roles and administrative matters in relation to the various divisional operations and to review, recommend and seek Management’s approval on any related proposals.
  • To review all requests pertaining to capital and revenue spending and to recommended them for the satisfaction of the MCM.
Executive Committee (“EXCO”) To coordinate departmental roles and administrative matters in relation to the various divisional operations and to review, recommend and seek Management’s approval on any related proposals.
Management Committee – Budget and Tender (“MCM – Budget and Tender”)
  • To recommend to the MCM the award of contracts for purchases and projects to suppliers/contractors in accordance with the Contract Administration Guidelines and Procedures of the Company.
  • To review the budget on capital and revenue spending.
Sustainability and Initiatives Council To oversee and monitor the development, implementation, maintenance, compliance and effectiveness of all matters relevant to sustainability and quality initiatives of the Group as well as ensuring compliance with the principles and criteria of RSPO. Periodic assessment of legal compliance risk within the plantation division.
Risk Management and Compliance Committee To review, rank and debate the risk identified, its ratings, control effective and other option plans on a periodic basis to ensure that the Group is managing risks effectively. Periodic assessment and prioritisation of legal compliance risk areas and review the efficiency and effectiveness of Group-wide compliance activities.
Appraisal, KPI and Bonus Committee To deliberate on performance, KPIs, behavioural competencies and recommend appropriate increments, promotions and merit of all executives and staff.
Palm Oil Marketing Committee To review and decide on the appropriate selling arrangement, quantity and prices of the Group’s palm products.
Group Budget Committee To deliberate and approve the budget for forthcoming year for Plantation Operation in Malaysia and Indonesia, IV Companies, SBU, KAC, KTP, Agrofood Business and Kulim Corporate Office. The approved budget later will be consolidated in the Kulim’s Group 5-year strategic planning.
Project Risk Evaluation Committee To assess the viability of the projects for all investment proposals within Kulim Group in terms of its financing, marketing and technical issues, be it a new project, expansion of business or joint venture projects.
Audit and Inspectorate Coordination Committee To monitor and coordinate the IV companies, non-listed subsidiaries/ unit and support services within the Kulim Group.

Committees For Intrapreneur Venture
Name of CommitteePrimary Function
IV Monitoring and Executive Committee (“IV EXCO”)To monitor progress and development of all the IV companies with the objective of strengthening respective business and management capabilities by providing necessary business guidance and referrals.
Agreement Committee To ensure that material agreements are forwarded for Committee discussion and/ or approval. This is to ensure and safeguard the Group’s interest.
Central Credit Control Committee To appraise the IV companies on its financial health, performance and compliance to MFRS, Income Tax Act 1967 and internal controls of the IVs which are related to credit control.
GROUP POLICIES AND PROCEDURES Our Group policies and procedures are developed to ensure the effectiveness and efficiency of our operations, financial and non-financial reporting’s reliability, timeliness, accountability, transparency and adherence to the laws and regulations that our business is subject to.

These policies and procedures are approved by Management and the Board. Periodically, we review them to ensure they remain relevance and effective. The Group policies and procedures in place are, among others:

  • Accounting Policy and Procedures
  • Agriculture Manual
  • Contract and Purchasing Guideline Procedures
  • Environmental Policy
  • Forward Sales Policy
  • Halal Policy
  • Internet Access Policy
  • Occupational, Safety and Health Policy
  • People Policy
  • Quality Policy
  • Sustainability Policy
  • Corporate Responsibility Policy
  • Social Media Policy


Our Group acts in accordance with MFRS and the requirements of the Companies Act 2016. Review of our actual performance against budgets and performance in prior periods are also being carried out and appropriate mitigating and monitoring are continuously carried out.

Our AC together with Management reviews the Group’s quarterly financial performance and subsequently reported to the Board. The Group’s financial results and operational performance will be assessed by the AC which particularly focusing on changes in major accounting policy, any significant matters or unusual events or transaction, related party transactions and integrity of the Group financial information.

We have Financial Authority Limit which defines revenue and capital expenditure spending limits for each level of Management within the Group. These limits cover authority for cheques signatories, major capital and revenue expenditure spending limits, purchasing and contract procedures, and approval mechanism for a budget.

Our 5-year strategic planning exercise is conducted annually and approved by the Board. Our Group is guided by this 5-year strategic planning which specifically outlines the business objectives and strategies. In this challenging economic and business landscape, new opportunities and innovative strategies are continuously explored to create competitive advantage which ultimately will expand our business and investment portfolio. In this respect, we always improving and strengthening our core competencies strategies in our strategic planning exercise.


Our Group’s organisation structure delineates the line of authority, responsibility and accountability. Its formation is focusing on both performance delivery and business continuity through succession planning. It fosters and promotes the continual development of employees, and ensures that key positions maintain some measure of stability, thus enabling our Group to achieve business objectives.

The structure supports our Group’s ability to ensure that qualified and experienced management personnel which head the Group’s diverse operating units are always available and in place to carry out their job functions. Training analysis is conducted annually and various internal and external training programmes are in place to fulfill the actual skills and knowledge required. Their performance is measured against the established Balanced Scorecard which has been approved by the Board.


Our Group is committed to complying with applicable statutory and regulatory requirements and we are subject to regular inspections by the relevant authorities. Our compliance program starts in the year 2017 with a bi-monthly compliance reporting from each department and business units to RMCD and subsequently reported to RMCC and AC.

Our Group is aware and continuously considers any appropriate commitment towards the statutory and regulatory compliance. Significant efforts and changes during and subsequent to the reporting period with respect to the statutory and regulatory compliance, among others:

  • The Legal Tracking Working Group has conducted three (3) legal tracking exercises. To date, we have covered all the laws, regulations and guidelines that have significant impacts to the company’s operation and business activities.
  • Minimum Wages Order 2020 – The rate of monthly wages payable to the employee who works in a place of employment in any City Council or Municipal Council areas had increased from RM1,100 to RM1,200 and had come into force on 1 February 2020.
  • MSPO Certification – The certification was mandatory for all plantations and all of our plantations estates has obtained the certification in 2019.
  • Corporate Liability provision and the requirement of the “adequate procedures” under the Section 17A of the Malaysia Anti-Corruption Commission (Amendment) Act 2018 that will be inforce in June 2020. In response to this new provision, Kulim is voluntarily embarked on the ISO 37001:2016 ABMS. The ABMS was designed to establish, implement, maintain and improve an anti-bribery compliance programme which also includes a series of measures and controls that represent global anti-bribery good practices.


Our Group’s corporate integrity initiatives are crafted to aspires the conduct of our affairs is in an ethical, responsible and transparent manner.

We are committed to the highest standard of integrity, openness and accountability in the conduct of our businesses and operations.

A number of channels are available for our employees to report any non-compliance with the Code of Ethics or any unlawful activity. On annual basis, all employees are required to submit the Ethics Declaration Form which has been long established as a formal avenue for all employees to report directly to the Executive Director of any misconduct or unethical behaviour conducted by any employees within our Group.
Our Business Policy and Code of Ethics are the keys policies that govern and act as a guideline on the standards of conduct that are expected from Board, Management and employees and help them make the right decision in the course of performing their jobs to the highest standards of ethics, integrity and governance.
img-responsive Our Whistle-blowing Policy was introduced to ensure that a rocess is in place to allow stakeholders to report alleged improper or unlawful conduct without fear of retribution. It is an integral component of the Group’s zero tolerance policy on fraud and corruption.
img-responsive Apart from the Corporate Integrity Pledge, we have in place No Gift Policy and Conflict of Interest Policy which the primary objective is to avoid conflict of interest and to indicate our Group’s commitment to accord equal treatment to all individuals and organisations in their dealings with our Group.
Our Grievance Policy and Procedure, as well as Women OnWards (“WOW”), were introduced to allow employees to bring to the attention of the Management any dissatisfaction or feeling of injustice which may exist in respect of the workplace. The Management will attempt to resolve the grievance in a manner, which is acceptable to the employee concerned and the Group.

All the corporate integrity initiatives were designed with the aims of strengthening our Group’s integrity culture, infrastructure and further strengthen stakeholders’ confidence.


Our business continuity objectives are to identify any potential threats and disruptions to our Group-wide business and then build the capacity to deal with them to ensure we can continue to function with as little disruption as possible. Our approach covers both, the availability of an effective infrastructure and hedge against the potential risk of financial losses, through insurance coverage. The activities of reviewing and improving our business continuity plans have been conducted periodically to ensure the availability and its effectiveness. These activities cover the potential disruptions from flood, fire, Information Technology (“IT”) security and attack, supply chain failure and losing a key employee.