About Us

Home About Us Governance & Policies
Statement on Risk Management & Internal Control

The Malaysian Code on Corporate Governance prescribes various corporate governance principles, best practices and standards for listed companies, including maintaining a sound system of risk management and internal control to safeguard shareholders’ investments and the Group’s assets. The Board of Directors of WCT Holdings Berhad (“the Board”) is pleased to present this Statement on Risk Management and Internal Control (“the Statement”) for the financial year ended 31 December 2018 (“FY2018”). This Statement is prepared pursuant to paragraph 15.26(b) of the Main Market Listing Requirements (“LR”) of Bursa Malaysia Securities Berhad (“Bursa Securities”) and guided by the Statement on Risk Management and Internal Control: Guidelines to Directors of Listed Issuers (“the Guidelines”).

The Board affirms its responsibility for maintaining a sound risk management framework and internal control system to safeguard shareholders’ investment and the Group’s assets, as well as to discharge its stewardship responsibility in identifying principal risks and ensuring the implementation of an appropriate risk management and internal control system to manage those risks.

The Board further recognises that internal audit is an integral part of risk management framework in achieving the Group’s business objectives, and that such system is designed to manage rather than to eliminate the risk of failure to achieve the Group’s business objectives. Accordingly, such system, can only provide reasonable and not absolute assurance against material misstatement, loss or fraud, and can only mitigate and manage any adverse impact arising from a foreseeable future event or situation on the Group’s objectives.

The Board has received assurance from the Group Managing Director and Director of Finance & Accounts that the Group’s risk management and internal control system are operating adequately and effectively, in all material aspects, to mitigate any significant breakdown or weaknesses that may give rise to material losses being incurred by the Group during the financial year under review or that requires disclosure in the 2018 Annual Report.

During FY2018,
  • The management-level Risk Management Committee (“RMC”) reviewed, appraised and assessed the existing controls and action plans in place to mitigate and manage the Group’s risk exposure, as well as raised issues of concerns and recommended mitigation actions. The RMC reports to the Audit Committee on a quarterly basis where key risks and mitigations actions are deliberated and recommended to be implemented. The Audit Committee then presented a summary of their deliberations to the Board.
  • The adequacy and effectiveness of the internal controls were also reviewed by the Audit Committee, including reviewing reports on internal audits performed by Internal Audit Department (“IAD”) during the year, as well as any internal controls issues reported by the external auditors. The Audit Committee deliberated on the audit issues and actions taken by Management, and a summary of these deliberations were presented to the Board.

The Group operates with an organisation structure with clearly defined reporting lines, areas of responsibilities and delegated authority limits.
a. The following board and management committee were established to assist the Board to discharge its duties; -

Audit Committee
The Audit Committee comprising all Independent Non-Executive Directors of the Company is responsible to provide an independent oversight of the implementation and operation of the Group’s risk management framework. In addition, the Audit Committee also reviews the internal control procedures and processes of the Group and evaluates the adequacy and effectiveness of the Group’s internal controls system. The Audit Committee also seeks the observation of the external auditors of the Group, whenever required. The terms of reference of the Audit Committee is available in WCT’s official website at www.wct.com.my. RMC
The RMC comprising Management representatives from various business divisions and support services is responsible to monitor and perform regular reviews on the Group’s risk management processes and ascertain if the risk management framework approved by the Board is properly implemented throughout the Group’s business and operations. The RMC reports directly to the Audit Committee.

Nomination & Remuneration Committee
This Committee assists the Board to establish formal and transparent procedures for the appointment of new directors to the Board; identify, consider, assess and recommend new nominees to the Board; annually review the effectiveness of the Board as a whole (in relation to its size and composition); develop the Group’s remuneration policy and determine the remuneration package for the Group’s Executive Directors; and propose remuneration to be paid to each Director for their services as well as member of a committee of the Board. The terms of reference of the Nomination & Remuneration Committee is available in WCT’s official website at www.wct.com.my.

Option Committee
The Option Committee administer offering, granting and dealing of the share options and new ordinary shares issued under the Group’s employees share option scheme (“ESOS”) to be in accordance with relevant guidelines and approved by-laws governing the ESOS.

Management Committee (‘MC”)
MC reports to the Board on the effective implementation of strategic business plans for the Group. The MC comprising all the key senior management of the Group is responsible for the development of an overall corporate and business strategy which is presented annually to the Board for approval. The MC reports regularly to the Board on the progress of the execution of the strategic business plans approved by the Board with periodic financial and operational performance of the various business divisions as well as other strategic matters.
  • Policies, procedures and guidelines are properly documented and made accessibly by all employees of the Group to ensure compliance with relevant laws, acts and regulations. These policies, procedures and guidelines are subject to periodic review and improvements.
  • Discretionary Authority Limits (“DAL”) duly approved by the Board are prescribed to govern the authority limits granted to the designated personnel who are properly authorised to operate their respective job responsibilities as well as to represent the Group in all official correspondences and documentations on behalf of the Group covering procurement, payment, investment, acquisition and disposal. The DAL are periodically reviewed and are made accessible to all employees for effective implementation.
  • Proper guidelines for recruitment and termination of personnel and a performance appraisal system are in place. Employee’s performance is regularly monitored, appraised and rewarded accordingly. Training programmes are identified and regularly scheduled for the Group’s employees with the objective of continuously upgrading their skills, broadening their knowledge, improving their competency as well as sharing their experience to keep them proficient and competent in handling their day-to-day job functions, as well as to meet the current business requirements and future business needs.
  • The Group’s Vision, Mission and Core Values, are shared and communicated to all levels and are easily accessible on Group’s official website. This includes Code of Conduct & Ethics for Employees, Code of Ethics for Company Directors, as well as avenues for whistle blowing.
  • Centralised controls of selected key functions of the Group include: -
    • Finance & Accounts (including Tax and Treasury)
    • Tender, Procurement & Budget
    • Quality, Environment, Safety & Health (“QESH”)
    • Human Resource & Administration
    • Sales & Marketing
    • Development
    • Procurement, Legal, and Information Technology
This enable the Management to minimise risk exposure and increase both effectiveness and efficiency of operations.
  • The IAD, which reports directly to the Audit Committee, perform internal audits on various operating units within the Group based on an audit plan approved by the Audit Committee. The IAD checks for compliance with policies and procedures and the effectiveness and adequacy of the internal control systems and highlights material findings, together with recommendations and action plans, in the quarterly Audit Committee meetings. Further details of IAD’s functions and activities are set out in the Audit Committee Report contained in the 2018 Annual Report.
  • The external auditors’ audit plan, scope of work, and audit procedures to be adopted in the annual report for the financial year in relation to the audit service on the Group’s financial statements are reviewed by the Audit Committee. The review also includes a review on the suitability, objectivity and independence of the external auditors.
  • Subsidiaries that are accredited with QESH accreditation i.e. ISO 9001:2015, OHSAS 18001:2007 and ISO 14001:2015 undergo scheduled internal / external audits and the results of these audit are reported to the Management.

The Group’s risk management activities are governed by the Risk Management Policy and Risk Management Frameworks approved by the Board, which have been put in place to provide a common understanding and approach in the application of risk management process across the Group. The RMC is responsible to developing, executing and maintaining the risk management system, including the continual review process of identified risks and the effectiveness of mitigation strategies and controls.

At operating unit level, risk owners are responsible for identifying risks that may have an impact on achieving their operational/financial and other business objectives. The identified risks are assessed using qualitative and quantitative aspects against their likelihood (based on risk appetite) and their impact matrix. Thereafter, gross risks are ranked accordingly, after taking into consideration of gross likelihood and gross impact should the risks occur, before they are ranked as Residual risks, after taking into consideration the effectiveness of controls and action plans taken to mitigate the risks. Detailed action plans would then be identified, in order to manage such risks to an acceptable level.

During the year, risks and mitigating actions are reported to the RMC before being presented to the Audit Committee on a quarterly basis.
  • A financial system is in place to ensure all financial transactions are timely and correctly captured in the accounting system to generate an accurate periodic management financial report for performance review and decision making by the Management and the Board.
  • Annual strategic business plans are prepared by all business units and are being monitored at quarterly Management Committee meetings and presented to the Board for information. The Board also reviews the operational and financial results on a quarterly basis before the Group’s interim financial results are announced to Bursa.
  • The Directors and Senior Management conduct regular visits to Group’s project sites as well as principal investment properties and meet up with the Group’s customers and business associates in order to review the Group’ operations, to gain first-hand knowledge of significant operational matters as well as to understand any significant risks so that an informed decision-making can be made.
  • The Group’s performance and financial results are communicated to the shareholders, stakeholders and the general public on a quarterly basis via the release of interim financial reports. In addition, once a year, the Company would convene an Annual General Meeting whereby the Board would be able to brief the shareholders of the Company on the operational and financial performance of the Group. Company briefings with financial analysts and institutional investors are also conducted regularly to keep the investment community abreast with the development of the Group.

As an entity with a diversified business portfolio, the Group faces exposure to various risks. Hence, where possible all such risks relating to the Group’s business operations, assets and employees are adequately insured in order to minimise the related financial impact.
Review of the Statement by External Auditors

As required by Paragraph 15.26(b) of the LR of Bursa Securities, the external auditors have reviewed this Statement on Risk Management and Internal Control. Their limited assurance review was performed in accordance with the Audit and Assurance Practice Guide (“AAPG”) 3, Guidance for Auditors on Engagements to report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants.

AAPG 3 does not require the external auditors to form an opinion on the adequacy and effectiveness of the risk management and internal controls system of the Group. The report from the external auditors was made solely for the Board in connection with their compliance with the LR of Bursa Securities. The external auditors do not assume responsibility to any person other than the Board in respect of any aspect of this report.

For the financial year ended 31 December 2018 and up to the date of issuance of this Statement, the Board is generally satisfied with the adequacy and effectiveness of the Group’s risk management and internal controls system.

(This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board dated 19 April 2019)
Other Governance and Policies: