Maybank Logo
  • LEADING ASIA MAYBANK ANNUAL REPORT 2013
Maybank Financial Statemen 2013
Financial Statements Maybank 2013
View Now
Annual Report 2012

Annual Report 2012
Corporate
Financial Statements

Annual Report 2012

Six Months Report 2011
View

Annual Report 2012

Annual Report 2011
View

Annual Report 2012

Annual Report 2010
View

Statement on Risk Management &
Internal Control
financial year ended 31 December 2013
Introduction

This Statement on Risk Management & Internal Control is made pursuant to Bursa Malaysia Securities Berhad Listing Requirements which requires the Board of Directors (Board) to include in its Company Annual Report a statement about the state of its internal control. The revised Malaysian Code on Corporate Governance requires all listed companies to establish a sound risk management framework and internal control system to manage risk and safeguard shareholders’ investment and the company’s assets.


Accordingly, the Board is pleased to provide the Statement on Risk Management & Internal Control that was prepared in accordance with the “Statement on Risk Management & Internal Control – Guidelines for Directors of Listed Issuers” endorsed by Bursa Malaysia Securities Berhad. This guideline outlines the processes to be adopted by the Board in reviewing the adequacy and effectiveness of the risk management and internal control system of the Group.

Responsibility

The Board acknowledges its overall responsibility in establishing a sound risk management framework and internal control system as well as reviewing its adequacy and effectiveness. The Board is of the view that the risk management framework and internal control system are designed to manage the Group’srisks within the acceptable risk appetite, rather than to eliminate the risk of failure to achieve the business goals and objectives. It can therefore only provide reasonable, rather than absolute assurance against material misstatement, fraud or loss.

The Board has established appropriate control structure and process for identifying, evaluating, monitoring, managing and responding to significant risks faced by the Group in its achievement of the business goals and objectives. The control structure and process which have been instituted throughout the Group are reviewed and updated from time to time in response to the changes in the business environment, and this on-going process has been in place for the whole financial year under review and up to the date of approval of the Statement on Risk Management & Internal Control for inclusion in the Annual Report.

The role of Management includes:

  • Identifying and evaluating the risks faced, and the achievement of business objectives and strategies;
  • Formulating relevant policies and procedures to manage these risks;
  • Designing, implementing and monitoring the effective implementation of risk management framework and internal control system;
  • Implementing the policies approved by the Board; and
  • Reporting in a timely manner to the Board any changes to the risks and the corrective actions taken.

Internal Control Structure

The key processes that the Board has established in reviewing the adequacy and effectiveness of the risk management framework and internal control system include the following:

Risk Management Framework

  • The Board has established an organisation structure with clearly defined lines of responsibility, authority limits, and accountability aligned to business and operations requirements which support the maintenance of a strong control environment. It has extended the responsibilities of the Audit Committee of the Board (ACB) to include the assessment of internal controls through the Internal Audit function.
  • The Board has also delegated the responsibility of reviewing the effectiveness of risk management to the Risk Management Committee (RMC). The effectiveness of the risk management system is monitored and evaluated by the Group Risk Management function, on an on-going basis. The RMC assists the Board to review and oversee the effectiveness of the risk management of the Bank, wherein the Group Risk Management function would facilitate the continuous monitoring and evaluating of the Group’s risk management system. Any approved policy and framework formulated to identify measure and monitor various risk components would be reviewed and recommended by the RMC to the Board. Additionally, the RMC reviews and assesses the adequacy of these risk management policies and ensures infrastructure, resources and systems are emplaced for risk management.
  • The risk governance structure is aligned across all the business units, overseas units, and subsidiaries of the Group. These are aligned through the streamlining of the risk frameworks, policies and organisational structures in order to embed and enhance our risk management and risk culture.
  • Risk management principles, policies, procedures and practices are updated regularly to ensure relevance and compliance with current/applicable laws and regulations, and are made available to all employees. The Group also adopted a whistle blowing policy, providing an avenue for employees to report actual or suspected malpractice, misconduct or violations of the Group’s policies and regulations in a safe and confidential manner.
  • A written Management Control Policy (MCP) and Internal Control Policy (ICP) from Management are in place. The MCP outlines the specific responsibilities of the various parties i.e. the Management, the Internal Audit Committee (IAC) and the ACB pertaining to internal control. The ICP is to create awareness among all the employees with regards to the internal control components and the basic control policy.