The Malaysian Code of Corporate Governance (the Code) requires the Board of Directors (Board) to maintain a sound system of internal control to safeguard shareholders' investments and the Group's assets. Pursuant to Para 15.27(b) of Bursa Malaysia Securities Berhad (BMSB) Listing Requirements (LR) and Statement on Internal Control: Guidance for Directors of Public Listed Companies, the Board is pleased to present the Statement on Internal Control which outlines the nature and scope of internal control of the Group during the financial year under review.
The Board asserts its overall responsibility on Malaysian Airline System Berhad's (MAS) group-wide systems of internal control and risk management as well as reviewing its effectiveness, adequacy and integrity. Board acknowledges that the system of internal control is designed to manage an acceptable and tolerable level of the Group's risk rather than eliminate the risk of failure to achieve business objectives. Therefore, the systems only provide reasonable but not absolute assurance against occurrence of any material misstatement or loss.
Get your grade
or your money back
using our Essay Writing Service!
Concerted effort from all business units are needed to ensure a sound system of internal controls. Management is responsible for implementing the Board's policies on risk management and internal controls. All employees have a responsibility towards maintaining a sound internal control system as part of their accountability in achieving the Group's overall objectives.
The system of internal control comprises the following key elements:
î¬ Control Environment
î¬ Control Activities
î¬ Information & Communication
î¬ Risk Assessment
The key elements in MAS' internal control systems are as follows:
1. CONTROL ENVIRONMENT
The Board of Directors is committed to maintain a strong governance structure and environment for the proper conduct of the Group's business operations.
A. Governance Structure
i. Board of Directors (Board)
The Board assumes responsibilities which facilitate the discharge of Board's stewardship through the adoption of strategic plan for the Group, oversee the conduct of the Groups business and review the adequacy and integrity of the internal control systems and compliance to applicable regulations. The Board also reviews the operational and financial performance of the Group. The scope of this review covers any significant internal control issues identified in the monthly performance reports.
ii. Board Audit Committee (BAC)
The BAC comprised majority of independent non-executive directors, duly executes their duties as defined in the Code. The BAC regularly reviews, on behalf of the Board, internal control issues reported by the Audit and Business Advisory Department (ABA) and external auditors, including any significant internal control issues affecting the financial statements. The BAC also performs annual review on the adequacy of scope, authority and resources of ABA and appraises the performance of ABA.
iii. Audit & Business Advisory (ABA)
Internal audit functions are carried out by ABA which performs systematic reviews of key processes in high-risk areas and assesses the effectiveness of internal controls. An Internal Control Performance Scorecard is provided in every audit report to highlight the state of internal control for the areas audited. On a monthly basis, ABA submits audit reports to the BAC through the Monthly Audit Reporting Package. ABA presents key audit findings to BAC on quarterly basis which are also deliberated at the Senior Management level. Starting from June 2009, follow-up reviews are conducted on quarterly basis to monitor the status of all internal control issues raised.
iv. Quality Assurance (QA) Functions
16 internal QA functions established under various divisions such as the Risk and Policy Advisory Services (RPAS)
Department, IT Governance, Financial Compliance, Service Quality Unit, Engineering & Maintenance QA, Airport Operations QA and others are aimed to improve the Group's services standards and meet regulatory requirements.
v. Operating structure that defines responsibility & authority
A comprehensive organization structure, which aligns to business and operational requirements and led by Division
Heads with defined responsibility, accountability and delegation of authority, is in place.
i. Code of Ethics (COE)
The Code provides general principles and specific guidelines applicable to business conducts in MAS inculcating best practices in conduct and compliance with the law. COE covers among others conducts on business ethics, behaviour, conflict of interest, privileged information and compliance to law.
Always on Time
Marked to Standard
ii. Consequent Management
Commend & Reprimand Programme (CaRP) serves as a consequent management tool to instill discipline in the organization, reiterate the importance of complying with Group's policies and procedures and to deal with unethical practices. It also serves to recognise areas which have shown to have put in place and applied consistently good corporate governance practices.
C. Organizational Values
- Internal Control Enhancement (ICE) Programme continues to be a group-wide effort put in place to increase awareness amongst business units on the importance of effective internal controls.
i. Business Assurance & Control Assessment (BACA)
A key initiative under ICE programme is the Control Self-Assessment, an approach to instill accountability for business unit owners to conduct half yearly assessment on their internal controls and communicate the results to management. All system-wide stations and some key departments at the corporate office have started performing self-assessment and reported their results in 2009. In 2010, the scope of BACA will be extended to wholly-owned subsidiaries in 2010.
ii. Whistle Blower Programme (WBP)
The WBP is in place to provide an internal mechanism for employees to raise their concerns about malpractices, irregularities and negligence affecting MAS without fear of adverse repercussions and with their confidentiality protected. The Whistle Blower Independent Committee (WIC) chaired by the Chief Internal Auditor is responsible to review and monitor concerns channeled through WBP. Investigations and reviews are carried out by the Integrity Unit under ABA or any appointed action parties, tabled to the WIC and subsequently reported to the Managing Director on a periodic basis. Appropriate actions are taken based on the strengths and merits of the findings.
iii. Employee Performance Measurement & Competency
The Performance Measurement System (PMS) is aligned to Strategies and Key Business Activities set forth in Business Transformation Plan 2 (BTP2). Key Performance Indicators (KPI) are used to measure staff performance on a half yearly basis.
The Leadership and Management Development Programme is conducted as part of the Talent Management and Development Programme. Continuous education, development and training are provided to the staff through a wide variety of schemes and programmes. In 2010, a talent management programme called the Guest Auditor Programme, will be implemented by ABA with the objective of building future leaders in MAS who appreciate cross- functional teamwork and possess strong corporate governance knowledge. The Guest Auditor programme provides the platform for on-the job training with exposure on governance, risk and control.
2. CONTROL ACTIVITIES
A. Authority and Accountability
î¬ Policy guidelines and authority limits are imposed in respect of day-to-day operations in a form of Corporate Policy, Corporate Approving Authority Manual (CAAM), Station Approving Authority Manual (SAAM) and Systemwide Station Internal Control Manual (SSICM). Subsidiaries are guided by the Subsidiary Governance Framework. These policies complement each other in defining the authority and accountability for key decision making areas. These policies are continuously reviewed to align with organisational and industry changes.
B. Policies and Procedures
î¬ Policies and procedures with embedded internal controls are documented in a series of Standard Operating Manuals. Custodianship of these manuals is bestowed upon the RPAS Department. Manuals are regularly reviewed to ensure that more aligned, standardised and comprehensive procedures are in place. RPAS assists Management to establish and review corporate policies, when necessary, to improve the Group's corporate governance profile. RPAS also conducts regular briefings to various levels of employees on key policies and procedures, including those relating to authorisation, accountability, monitoring and reconciliation processes.
î¬ The SSICM Education Programme (SEP) was further enhanced with the development of a SSICM Qualification Assessment (SQA) to ensure our management teams throughout the regions are conversant with governance requirements when discharging their daily duties and responsibilities. The SQA was launched in November 2009 with the first assessment completed in January 2010.
î¬ Key manuals at the corporate level are periodically reviewed and subject to adherence by the employees. Updated versions of the key corporate policies are maintained and made available via the Group's intranet.