THONG GUAN INDUSTRIES BERHAD
STATEMENT ON INTERNAL CONTROLS Introduction
The Board acknowledges its responsibility for the Group’s system of internal control, which includes the establishment of an appropriate control environment and framework, as well as reviewing its adequacy and integrity. In consideration of the limitations that are inherent in any system of internal control, the internal control system is designed to manage rather than to eliminate the risks that may impede the achievement of the Group’s objectives. The system of internal control can therefore only provide reasonable and not absolute assurance against material misstatements and loss.The system of internal control covers risk management and financial, organizational, operational and compliance controls.
Risk Management Framework
In the prior year, the Board appointed a firm of consultants to assist it in establishing a risk management framework for the Group. Besides strengthening risk management functions, the Enterprise Risk Management project was carried out to educate all employees within the Group more strongly to risk identification, evaluation, control, ongoing monitoring and reporting.
Although there was no structured risk management update conducted during the year,the Executive Directors,being hands on managers of the Group’s operations, continue to identify, evaluate and adopt risk mitigation measures on an on-going basis.The Group Financial Controller had circulated a copy of Risk Assessment Report which summarises the top 5 business risks of the Group to the Audit Committee. Accordingly, adequate Management action plans have been formulated to address these risks.
Internal Audit Function
The Group ceased to outsource its internal audit function to external consultants however internal audit functions previously identified were continued during the financial year ended 31 December 2007.
In certain areas where there are no formalized set of internal controls, compensating factors are in place such as direct involvement of Executive Directors. Ongoing reviews during Board and Management meetings are carried out to ensure the effectiveness and adequacy of the Groups’ internal control system in safeguarding the shareholders’ investment and the Group’s assets.
Other Risk and Control Processes
The Board has put in place the following pertinent measures to provide a certain level of assurance as to the operation and validity of the system on internal control as it relates to critical issues faced by the Group:
Monitoring and review
The Managing Director reports to the Board on significant changes in the business and external
environment, which affect the operations of the Group at large with the close involvement of Executive Directors, who are hands-on in the operations of the Group;
Regular reviews of the financial performance, business development and operational issues, especially on
areas of vulnerability are conducted and chaired by the Managing Director during management meeting; and
The Board as a whole will consider areas of improvements in the system considering the recommendations
made by the Audit Committee and the Management.
Standardisation of limits and processes
The Group has defined procedures and controls including information system control to ensure the
reporting of complete and accurate financial information. Quarterly financial results and reports are evaluated for unusual variances noted and reviewed by the Board and Audit Committee;
An organisational structure with formally defined lines of responsibility and delegation of authority has been
put in place.A process of hierarchical reporting has been established which provides for a documented and auditable trail of accountability.The procedures include the establishment of limits of authority and policies on various operational areas.These procedures are relevant across the Group to provide for continuous assurances and responsibilities at increasingly higher levels of management and, finally to the Board;
The Group has in place a proper control environment that emphasises on quality and performance of the
Group’s employees through the development and implementation of human resources policies and programmers that are designed to enhance the effectiveness and efficiency of the individual and the organisation; and
Operating policies and procedures of major subsidiary companies incorporate requirements prescribed and
guided by the ISO quality management documentation, which provide some level of assurance on the system of
internal control on operations.