HOME

STATEMENT ON RISK MANAGEMENT GOVERNANCE FRAMEWORK AND INTERNAL CONTROL

INTRODUCTION

Our Board recognises the importance of sound risk management and internal control system practices to good corporate governance with the objective of safeguarding the shareholder’s investment and the Group’s assets.

Our Board also acknowledges overall responsibility for the Group’s risk management and internal controls. This includes the establishment of an appropriate control environment and framework, as well as the need to review the effectiveness, adequacy and integrity of this system.

Our Group conducts periodic testing on the adequacy, effectiveness and integrity of the internal controls to ensure the achievement of objectives on the effectiveness and efficiency of operations, the reliability of financial reporting and compliance with applicable laws and regulations. Our Group has in place an on-going control structure and process for identifying, evaluating and managing the significant risks faced by the Group to the achievement of business objectives and strategies throughout the financial year under review. This process is regularly reviewed by our Board with the assistance from Board Audit and Risk Committee (“BARC”) and the Management. The Board retains overall responsibility for implementing and monitoring the internal control and risk management process within the Group.

Our Group’s system of internal control is designed to manage, rather than eliminate the risk which could arise from human error, the possibility of poor judgment in decision making, control process being deliberately circumvented by employees and others, Management overriding controls and the incidence of unforeseeable circumstances. Accordingly, it must be recognised that the system can only provide reasonable and not absolute assurance against misstatement, breaches of laws or regulations, fraud or losses. In addition, our Management also takes into consideration the expected cost and benefits to be derived from the implementation of the internal control system.

Our statement is prepared in accordance with Practice 9.0 of the MCCG 2017 and guided by the “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers”. This guideline sets out the obligations of Management and the Board with respect to risk management and internal control. It also provides guidance on the key elements needed in maintaining a sound system of risk management and internal control and describes the process that should be considered in reviewing its effectiveness. The scope of the disclosure excludes associate company which is not under the control of the Group.


RISK MANAGEMENT FRAMEWORK

The Group recognises that it is obliged to systematically manage and regularly review its risk profile at a strategic, financial, compliance and operational level. Our Group’s ERM framework incorporates the principles and guidelines of the ISO 31000:2018 Risk Management. The framework defines our Group’s intention and commitment towards effective risk management and internal control practices. It also determines the responsibilities of the Group involves in ERM, outlines the risk management process and identifies tools for realising the Group’s objectives aside from supporting and sustaining risk management throughout the organisation. It supports our Group’s efforts to achieve the highest levels of corporate governance, including the creation of value in the short and long-term.

The ERM framework was reviewed according to the ISO 3100:2018 Risk Management and approved by the BARC members on 5 May 2021.

The key success factors of our Group’s risk management process are active contribution and communication at operational and strategic level. Our Group’s risks are managed on an integrated basis and their evaluation is incorporated into the Group’s decision making process such as strategic planning and project feasibility studies. The continuous practices and application at Group-wide will ensure our Board has sufficient and accurate information about the level of risk the Group wants to take and with that information, appropriate controls will be implemented to ensure the achievement of the established business objectives.

Our Board believes that the risk management framework is adequately overseen through the BARC and assisted by the Management via formation of the Governance Management Committee (“GMC”). The GMC is represented by Senior Management from all business functions of the Group. The Committee met four times in 2020. This Committee which is cross-functional in nature, was formed to assist the Board in implementing the processes for identifying, analysing, evaluating, monitoring and reporting of risks and internal controls and to ensure proper management of risks to which our Group is exposed and to take appropriate and timely actions to manage such risks. The BARC which consists of members with diversity in the industry and business knowledge will periodically review the risk management report and provide an objective view on the risk identification, assessment and challenge the management on the adequacy of mitigating strategies.

A strong culture of ownership and accountability is further built through a clear identification of specific roles and responsibilities in our framework that is Board, Management Committee, GMC, the Risk Management and Compliance Department (“RMCD”), Risk Owner, Risk Co-Owner, the Internal Audit Department and all staff. This has improved their understanding of the boundaries of their responsibilities and how their positions fit into the organisation’s overall risk and control structure as well as minimising the potential gaps in controls and unnecessary duplications of coverage.


RISK MANAGEMENT PROCESS

During the year under review, our Group’s ERM approach which prioritise risk according to their likelihood and impact goes through the following steps:


Board of Directors Review:

The Chairman of BARC will bring to the Board’s attention, the significant risks as tabled and discussed in the BARC meeting. The Board will then determines the final decision on the risk treatment options and risk action plans proposed by the Management.

Board Audit and Risk Committee Review:

The BARC provides an objective view on the significant risks presented by the Group Chief Risk Officer. The BARC will request and challenge risk information and its risk mitigation strategies implemented by the Group. The BARC also acts as change catalyst in risk and control areas in the Group.

Compilation of Group Risk Profile:

All the endorsed top risks as tabled in GMC will be extracted as the Group Risk Profile in accordance with the Group’s financial or non-financial risk parameter.

Presentation to the GMC:

RMCD will facilitate the Risk Owner during the risk assessment and risk action planning. Each risk will be evaluated in terms of the adequacy and effectiveness of the existing internal checks and balances controls, so as to provide a reasonable assurance that the likelihood and impact of the adverse event are within manageable and acceptable level. The level of likelihood of a particular outcome actually occurring, including a consideration of the frequency of the event are determined using an approved likelihood parameter. The impact of an event is similarly evaluated using an approved financial or non-financial impact parameter. The GMC will review, rank and debate the risk profile, its ratings, control effectiveness and risk treatment options plan identified by the Risk Owners.


Department, Subsidiary or Business Unit Risk Assessment:

The risk owner performs an exercise to identify and assess risk. The main sources of reference used at the identification phase are the business plans and budgets, financial and production performances, Board and integrated reports, audit findings, market and sector research, compliance report and historical data. The
exercise also covers a comprehensive occupational, safety and health risk assessment process through the Hazard Identification, Risk Assessment and Risk Control (“HIRAC”). The risk owner provides RMCD with risk register updates on a quarterly basis. The risk level is determined according to their respective financial or non-financial risk parameter.

In ensuring our Group achieves its objectives, sustains the businesses and continues to add value to the stakeholders in the short, medium and long-term run, our risk management process and approach is tailored to Group’s structure and its constantly changing environment, to ensure that our Group can continuously monitor and review its risks and the effectiveness of its risk management over time. Based on the results of monitoring and reviews, decisions are made on how the risk management programme can be improved. These decisions should lead to improvements in our Group’s management of risks and its risk management culture.

A separate risk management function also exists within our Group’s listed subsidiary with the establishment of its own GMC to assess and evaluate the risk management process of the company on a periodic basis.

In essence, the management of risks is treated as an interactive process. The benefits arising from effective risk management processes is the creation of awareness of risks among employees
of different departments, subsidiaries and business units.


UNDERSTANDING OUR SIGNIFICANT RISKS – TOP FOUR GROUP RISKS

The identification of our significant risks during the year was taking into consideration the internally and externally driven factors. The following represents our Group’s top strategic and operational risks that if we do not effectively manage may create a significant or material adverse impact to the Group as well as impede the achievement of the established objectives and affect the Group’s ability to create value.

Risk Factors Mitigating Strategies

Adverse impact of Economy-wide phenomena towards business performance

  • Market intelligence and being up-to-date on market conditions;
  • Hedging through a mix of spot and forward contract sales;
  • Creation of new revenue stream;
  • Enhance the productivity and efficiency through an innovative solution;
  • Cost optimisation initiatives and prudent CAPEX and OPEX management;
  • Improve market opportunities through maintaining RSPO, MSPO, ISCC certifications; and
  • Constant monitoring of CPO and PK price.

New Investment’s Risks in respect of the industry, laws and regulations, politics, country and local risks

  • Continuously explore and secure new opportunities with innovative solutions;
  • Comprehensive due-diligence exercise and feasibility study for each new investment;
  • Putting in place workable internal control and monitoring framework including corporate and systems infrastructure;
  • Revisit and strengthen the strategy to ensure the success of the investment;
  • Proactive engagement with business partners and local stakeholders; and
  • Established the Board Investment Committee to review the significant matters relating to existing and potential investments.

Liquidity Risk on existing and future funding requirements in meeting its financial obligations

  • Matching of inflows and outflows of cash and maintaining sufficient credit facilities;
  • Borrowings are created in a particular currency to match payments and receipts or liabilities and assets;
  • Capital restructuring; and
  • Monitor the agreed covenants with the lenders.

High dependency on foreign workers in plantation operation

  • Reviewing the remuneration package for workers from time to time;
  • Enhancement of mechanisation, automation and technology to reduce labour usage;
  • Joint collaboration with agricultural/labour authorities to increase the participation of local labours in the plantation sector; and
  • Uplifting living conditions and amenities of workers through upgrading the quarters as well as providing crèche, mosque and medical facilities.

CONTROL ENVIRONMENT AND CONTROL ACTIVITIES

The Board and the Management are committed to establish a strong control environment through a robust and effective check and balance. The control environment comprises the integrity and ethical values, the parameters enabling the Board to carry out its governance oversight responsibilities, organisational structure and assignment of authority and responsibility, and effective human capital management. The Group’s established objectives will be achieved through its commitment to continuously enhance the design of the internal control environment through the adoption of various policies and procedures.


BOARD AND MANAGEMENT

The Board and Management Committees are set up to promote a high level of corporate governance, transparency and accountability and to assist the Board in implementing and monitoring the system of internal controls within the Group with the aim of realising the vision, mission, strategies and objectives established for the Group. The Committees oversee the areas assigned according to their Terms of Reference (“TOR”) which are carefully developed to ensure that it is aligned with the Group’s objectives, short-term and long-term strategic plans and to avoid overlapping activities and gaps in governance coverage.

On 25 March 2021, the Management Committee of Kulim had revised its internal committee in order to streamline and strengthen the existing committee portfolio with an explicit goal of improving efficiency, reducing complexity and providing the management with better information for decision-making process.

The composition of members of the committee is continuously tailored to collectively have good knowledge of the industries, ability to understand fundamental financial indicators, including the knowledge of key business and financial risk, and internal control fundamentals. This arrangement shall improve the evaluation process, the least element of surprises and ultimately provides a greater chance of success to the proposed investment.


Function of the New Committee
Committee Function

1. Management Committee (“MCM”)

  • To review and evaluate the performance progress including the key policy and strategy implementations of various divisions, subsidiaries and operating units of the Group.
  • Where authorised to, formulate and approve matters relating to Group policy, objectives and business strategy and projects, and where necessary to evaluate and recommend for Board’s approval.

2. Management Tender Committee (“MTC”)

  • To recommend to the BTC the award of contracts for purchases and projects to suppliers/contractors in accordance with the Contract Administration Guideline and Procedures of the Company.
  • To discuss and deliberate on the tender to be awarded (budgeted).

3. Performance Talent Management Committee

  • To discuss and deliberate performance, achievement, behavioural competencies, and manpower planning, among the Heads of Division and the Human Resource Department.

4. Plantation Performance Committee (“PPC”)

  • A platform for plantation division to discuss and ensure that estates are being run, coordinated and managed at the best possible standards to meet the Company’s requirements and target.

5. Group Budget Committee (“GBC”)

  • To deliberate, challenge and approve the Group’s budget for the forthcoming year. The approved budget will be consolidated in Kulim Group’s 5-year strategic plan.
  • To review all requests pertaining to unbudgeted capital and revenue spending (AF) and to recommend them for the satisfaction of MCM.

6. Anti-Bribery Management System (“ABMS”) Committee

  • To ensure appropriate and smooth process towards Kulim’s achievement of ISO 37001:2016 ABMS and that ABMS remains suitable, adequate and effective.

7. Governance Management Committee (“GMC”)

  • A platform to discuss audit issues related to IV Companies, subsidiary companies, business units and support services within Kulim Group, and advising the management in fulfilling its corporate governance and responsibilities in relation to the Group’s management of risk, compliance and governance structure, prior to being tabled to BARC.
  • Also acts as a forum for coordinating internal audit activities with that of other insurance provider i.e: Plantation Inspectorate; and a forum to discuss and coordinate matters relating to policies and procedures within Kulim.

8. Palm Oil Marketing Committee (“POMC”)

  • To supervise and monitor the sales of the Palm Products (CPO and PK), strategies and sales planning as the main income contributor to the Group.
  • To discuss matters relevant to quality and operations related to the Palm Products, i.e.: outside crop purchase (“OCP”).

9. Environmental Social and Governance (“ESG”) Committee

  • A platform to discuss environmental issues relating to mills and plantation.
  • To ensure occupational safety and health issues, implementation programs, and dissemination of decisions at Kulim Group are adequately dealt with and executed.
  • To be responsible in obtaining/maintaining certification of sustainability and quality initiative, 5Ps sustainability development goals (People, Planet, Prosperity, Peace and Partnership), HALAL certification for mills and MPC Quality Enviroment Management System (5S).
  • To be responsible in the internal and external audit process for HALAL certification and conducting HALAL awareness.
  • To ensure 5S system is implemented to achieve the required standards by MPC.

10. Indonesian Operation MCM

  • Acts as a bridge to monitor Indonesian plantation operations due to accessibility issue and geographical distance.

11. Corporate Responsibility (“CR”) Committee

  • To supervise and plan Group’s CR initiatives.

12. Project Performance Committee

  • A platform for Engineering Division to discuss and ensure that mills, new business, and renewable energy activities are being run, coordinated and managed at the best possible standards to meet the Company’s requirements and target.


GROUP POLICIES AND PROCEDURES

Our Group policies and procedures are developed to ensure the effectiveness and efficiency of our operations, financial and nonfinancial reporting’s reliability, timeliness, accountability, transparency and adherence to the laws and regulations that our business is subjected to.

These policies and procedures were approved by the Management and the Board. Periodically, we will review them to ensure they remain relevant and effective. The Group policies and procedures
in place are, among others:

  • Accounting Policy and Procedures
  • Agriculture Manual
  • Contract Administration Guideline and Procedures
  • Purchasing Guidelines and Procedures
  • Environmental Policy
  • Forward Selling Policy
  • HALAL Policy
  • Policies and Procedures Manual – Information Communication
  • Technology
  • Occupational, Safety and Health Policy
  • People Policy
  • Quality Policy
  • Sustainability Policy
  • Corporate Responsibility Policy


FINANCIAL AND OPERATION CONTROL FRAMEWORK

Our Group acts in accordance with MFRS and the requirements of the Companies Act 2016. Review of our actual performance against budget and performance in prior periods are also being carried out, and appropriate mitigating and monitoring are continuously carried out.

BARC, together with the Management, reviews the Group’s quarterly financial performance and subsequently reports to the Board. The Group’s financial results and operational performance will be
assessed by the BARC which particularly focused on changes in major accounting policy, any significant matters or unusual events or transaction, related party transactions and integrity of the Group
financial information.

We have Financial Authority Limit which defines revenue and capital expenditure spending limits for each level of Management within the Group. These limits cover authority for cheques signatories, major capital and revenue expenditure spending limits, purchasing and contract procedures, and approval mechanism for budgets.

Our 5-year strategic planning exercise is conducted annually and approved by the Board. Our Group is guided by this 5-year strategic planning which specifically outlines the business objectives and strategies. In this challenging economic and business landscape, new opportunities and innovative strategies are continuously explored to create competitive advantage which ultimately will expand our business and investment portfolio. In this respect, we are always improving and strengthening our core competencies strategies in our strategic planning exercise.


HUMAN CAPITAL MANAGEMENT

Our Group’s organisation structure delineates the line of authority, responsibility and accountability. Its formation is focusing on both performance delivery and business continuity through succession planning. It fosters and promotes the continual development of employees, and ensures that key positions maintain some measure of stability, thus enabling our Group to achieve business objectives. 

The structure supports our Group’s ability to ensure that qualified and experienced management personnel which head the Group’s diverse operating units are always available and in place to carry out their job functions. Training analysis is conducted annually, and various internal and external training programmes are in place to fulfil the actual skills and knowledge required. Their performance is measured against the established Balanced Scorecard which has been approved by the Board.


STATUTORY AND REGULATORY COMPLIANCE

Our Group is committed to comply with applicable statutory and regulatory requirements and we are subjected to regular inspections by relevant authorities. Several initiatives are underway to monitor our level of compliance with applicable laws and requirements, which include:

  • Bi-monthly compliance report from each department, subsidiary and business unit to identify any non-compliance matter that needs to be addressed together with the corrective action plan. 
  • Monitor the implementation and evaluate the effectiveness of the corrective action plan.
  •  Conduct compliance identification and assessment on every new business, projects and investment proposals. 
  • Periodical compliance assessment visit on selected departments, subsidiaries and business units.

Our Group is aware of and continuously considers any appropriate commitment towards the statutory and regulatory compliance. Significant efforts and changes during and subsequent to the reporting period with respect to the statutory and regulatory compliance, among others:

  • Minimum Wages Order 2020 – The rate of monthly wages payable to the employee who works in a place of employment in any City Council or Municipal Council areas had increased from RM1,100 to RM1,200 and had come into force on 1 February 2020.
  • Corporate Liability provision and requirement of “adequate procedures” under the Section 17A of the Malaysia Anti-Corruption Commission (Amendment) Act 2018 that had already been enforced since June 2020. In response to this new provision, Kulim had voluntarily initiated the ISO 37001:2016 Anti Bribery Management System (“ABMS”). The ABMS was designed to establish, implement, maintain and improve the anti-bribery compliance programme which also includes a series of measures and controls that represent global anti-bribery good practices.


CORPORATE INTEGRITY

Our Group’s corporate integrity initiatives are crafted to aspires the conduct of our affairs is in an ethical, responsible and transparent manner.

We are committed to the highest standard of integrity, openness and accountability in the conduct of our businesses and operations.

  • A number of channels are available for our employees to report any non-compliance with the Code of Ethics or any unlawful activity. On annual basis, all employees are required to submit the Ethics Declaration Form which has been long established as a formal avenue for all employees to report directly to the Managing Director of any misconduct or unethical behaviour conducted by any employees within our Group.
  • Declaration of all assets within Malaysia and abroad by all employees is a part of the Code of Ethics as specified in the Scheme of Services. This is to ensure the highest level of ethics, integrity and governance to prevent any corruption and illicit enrichment.
  • Our Business Policy and Code of Ethics are the key policies that govern and act as a guidance on the standards of conduct that are expected from the Board, Management and employees, and help them make the right decision in the course of performing their jobs to the highest standards of ethics, integrity and governance.
  • Our Whistle-blowing Policy was introduced to ensure that a process is in place to allow stakeholders to report alleged improper or unlawful conduct without fear of retribution. It is an integral component of the Group’s zero tolerance policy on fraud and corruption.
  • Apart from the Corporate Integrity Pledge, we have in place the Gift and Entertainment Policy and the Conflict of Interest Policy which the primary objective is to avoid conflict of interest and to indicate our Group’s commitment to accord equal treatment to all individuals and organisations in their dealings with our Group.
  • Our Grievance Policy and Procedure as well as Women OnWards (“WOW”) were introduced to allow employees to bring to the attention of the Management any dissatisfaction or feeling of injustice which may exist in respect of the workplace. The Management will attempt to resolve the grievance in a manner, which is acceptable to the employee concerned and the Group.

All the corporate integrity initiatives were designed with the aims of strengthening our Group’s integrity culture, infrastructure and to further strengthen our stakeholders’ confidence.


BUSINESS CONTINUITY MANAGEMENT

Our business continuity objectives are to identify any potential threats and disruptions to our Group-wide business and then build the capacity to deal with them to ensure we can continue to function with as little disruption as possible. Our approach covers both, the availability of an effective infrastructure and hedge against the potential risk of financial losses, through insurance coverage.

The activities of reviewing and improving our business continuity plans have been conducted periodically to ensure the availability and its effectiveness. These activities cover the potential disruptions from flood, fire, Information Technology (“IT”) security and attack, supply chain failure and losing a key employee.