Shaped By High Standards Of Governance 168 FGV HOLDINGS BERHAD Statement on Risk Management and Internal Control THE GROUP’S CORE VALUES The Group’s corporate culture is embedded in its core values of Partnership, Respect, Integrity, Dynamism and Enthusiasm (PRIDE). These core values are integral in building an ethical and high-performance culture to achieve the Group’s vision and support its business objectives and goals. All employees are made aware of these values to inculcate the right conduct and culture within the Group. The PRIDE elements form a part of the annual performance assessment of the employees and account for 40% of the overall score. • Code of Business Conduct and Ethics for Employees FGV has in place a Code of Business Conduct and Ethics for Employees (COBCE). The COBCE guides FGV’s employees in embracing the Group’s values and complying with applicable laws and regulations through honest, transparent and ethical business practices. • Whistleblowing Policy FGV is committed to upholding the highest integrity standards among all employees and stakeholders. The Group’s Whistleblowing Policy was established in 2012 and the policy is reviewed periodically to ensure it remains relevant. The policy provides a dedicated channel for employees and stakeholders to disclose or raise genuine concerns about possible improprieties, improper conduct or other malpractices in a transparent and confidential manner without fear of punishment or unfair treatment. The policy also provides the platform through which whistleblowing complaints received are acted on through proper channels, as well as whistleblower protection. • Anti-Bribery Management System To signify FGV’s stance of zero-tolerance against bribery and corruption, FGV has an ISO-certified ABMS in place to uphold a high level of ethical business conduct and integrity, as adequate measures in compliance with Section 17A of the MACC Act to protect itself against bribery and corruption risk. FGV will continue recertification of the ABMS for 2023-2025. ORGANISATIONAL STRUCTURE WITH FORMALLY DEFINED LINES OF RESPONSIBILITY AND DELEGATION OF AUTHORITY FGV has a defined organisational structure that sets out the delineation of roles and responsibilities of the positions within FGV to enable swift responses to changes in the evolving business environment and effective supervision and coordination of day-to-day business undertakings. The Group’s Limits of Authority (GLOA) is the core reference for delegations of authority of the Group’s day-today operations through empowering various levels of Management to make decisions and execute the Group’s business transactions within the Board’s risk tolerance. The GLOA is continually reviewed and updated to ensure its applicability for operational expediency and alignment with the Group’s other policies. POLICIES AND PROCEDURES Documented policies and procedures form an integral part of the Group’s internal control systems to safeguard shareholders’ investments and the Group’s assets against material losses. They also ensure complete and accurate information. These documents consist of policy documents, SOPs, circulars, manuals and handbooks that are continuously revised and updated to meet current business and operational needs. More information on COBCE can be found in Corporate Governance Overview Statement on page 146. The key elements of FGV’s internal control framework established by the Board are as follows: INTERNAL CONTROL FRAMEWORK CYBER SECURITY Description The COVID-19 pandemic has highlighted the critical role of digital infrastructure in maintaining connectivity, and the widespread use of connected devices has greatly benefited our organisation. However, it has also exposed us to new and unpredictable cyber security threats and risks. Malware attacks, unpatched security vulnerabilities, unsecured Wi-Fi networks, weak passwords and poor user attitudes can all compromise the operability and security of the Company’s information technology systems. Any disruptions to these systems can lead to decreased operational efficiency and potentially result in financial losses. Key Mitigations FGV has implemented various mitigation measures to address cyber security risks. The organisation has conducted a systematic review of security weaknesses in its IT environment to evaluate the susceptibility of the system to any vulnerabilities. Additionally, FGV has purchased cyber security insurance for some protection and continues with its agenda to educate employees on security-related threats. Security Threats
RkJQdWJsaXNoZXIy NDgzMzc=