The Malaysian Code on Corporate Governance prescribes various corporate governance principles, best practices
and standards for listed companies, including maintaining a sound system of risk management and internal control to
safeguard shareholders’ investments and the Group’s assets. The Board of Directors of WCT Holdings Berhad (“the
Board”) is pleased to present this Statement on Risk Management and Internal Control (“the Statement”) for the
financial year ended 31 December 2018 (“FY2018”). This Statement is prepared pursuant to paragraph 15.26(b) of the
Main Market Listing Requirements (“LR”) of Bursa Malaysia Securities Berhad (“Bursa Securities”) and guided by the
Statement on Risk Management and Internal Control: Guidelines to Directors of Listed Issuers (“the Guidelines”).
The Board affirms its responsibility for maintaining a sound risk management framework and internal control system
to safeguard shareholders’ investment and the Group’s assets, as well as to discharge its stewardship responsibility in
identifying principal risks and ensuring the implementation of an appropriate risk management and internal control
system to manage those risks.
The Board further recognises that internal audit is an integral part of risk management framework in achieving the
Group’s business objectives, and that such system is designed to manage rather than to eliminate the risk of failure
to achieve the Group’s business objectives. Accordingly, such system, can only provide reasonable and not absolute
assurance against material misstatement, loss or fraud, and can only mitigate and manage any adverse impact arising
from a foreseeable future event or situation on the Group’s objectives.
The Board has received assurance from the Group Managing Director and Director of Finance & Accounts that the
Group’s risk management and internal control system are operating adequately and effectively, in all material aspects,
to mitigate any significant breakdown or weaknesses that may give rise to material losses being incurred by the Group
during the financial year under review or that requires disclosure in the 2018 Annual Report.
- The management-level Risk Management Committee (“RMC”) reviewed, appraised and assessed the existing
controls and action plans in place to mitigate and manage the Group’s risk exposure, as well as raised issues
of concerns and recommended mitigation actions. The RMC reports to the Audit Committee on a quarterly
basis where key risks and mitigations actions are deliberated and recommended to be implemented. The Audit
Committee then presented a summary of their deliberations to the Board.
- The adequacy and effectiveness of the internal controls were also reviewed by the Audit Committee, including
reviewing reports on internal audits performed by Internal Audit Department (“IAD”) during the year, as well
as any internal controls issues reported by the external auditors. The Audit Committee deliberated on the audit issues and actions taken by Management, and a summary of these deliberations were presented to the Board.
FEATURES OF RISK MANAGEMENT AND INTERNAL CONTROL FRAMEWORK
1. AUTHORITY AND RESPONSIBLITY
The Group operates with an organisation structure with clearly defined reporting lines, areas of responsibilities
and delegated authority limits.
a. The following board and management committee were established to assist the Board to discharge its
The Audit Committee comprising all Independent Non-Executive Directors of the Company is responsible
to provide an independent oversight of the implementation and operation of the Group’s risk management
framework. In addition, the Audit Committee also reviews the internal control procedures and processes of
the Group and evaluates the adequacy and effectiveness of the Group’s internal controls system. The Audit
Committee also seeks the observation of the external auditors of the Group, whenever required. The terms
of reference of the Audit Committee is available in WCT’s official website at www.wct.com.my.
The RMC comprising Management representatives from various business divisions and support services is
responsible to monitor and perform regular reviews on the Group’s risk management processes and ascertain
if the risk management framework approved by the Board is properly implemented throughout the Group’s
business and operations. The RMC reports directly to the Audit Committee.
Nomination & Remuneration Committee
This Committee assists the Board to establish formal and transparent procedures for the appointment of new
directors to the Board; identify, consider, assess and recommend new nominees to the Board; annually review the
effectiveness of the Board as a whole (in relation to its size and composition); develop the Group’s remuneration
policy and determine the remuneration package for the Group’s Executive Directors; and propose remuneration to
be paid to each Director for their services as well as member of a committee of the Board. The terms of reference
of the Nomination & Remuneration Committee is available in WCT’s official website at www.wct.com.my.
The Option Committee administer offering, granting and dealing of the share options and new ordinary shares
issued under the Group’s employees share option scheme (“ESOS”) to be in accordance with relevant guidelines
and approved by-laws governing the ESOS.
Management Committee (‘MC”)
MC reports to the Board on the effective implementation of strategic business plans for the Group. The MC
comprising all the key senior management of the Group is responsible for the development of an overall
corporate and business strategy which is presented annually to the Board for approval. The MC reports regularly
to the Board on the progress of the execution of the strategic business plans approved by the Board with
periodic financial and operational performance of the various business divisions as well as other strategic matters.
2. POLICIES, PROCEDURES AND VALUES
This enable the Management to minimise risk exposure and increase both effectiveness and efficiency of
- Policies, procedures and guidelines are properly documented and made accessibly by all employees of
the Group to ensure compliance with relevant laws, acts and regulations. These policies, procedures and
guidelines are subject to periodic review and improvements.
- Discretionary Authority Limits (“DAL”) duly approved by the Board are prescribed to govern the authority
limits granted to the designated personnel who are properly authorised to operate their respective job
responsibilities as well as to represent the Group in all official correspondences and documentations on
behalf of the Group covering procurement, payment, investment, acquisition and disposal. The DAL are
periodically reviewed and are made accessible to all employees for effective implementation.
- Proper guidelines for recruitment and termination of personnel and a performance appraisal system are
in place. Employee’s performance is regularly monitored, appraised and rewarded accordingly. Training
programmes are identified and regularly scheduled for the Group’s employees with the objective of
continuously upgrading their skills, broadening their knowledge, improving their competency as well as
sharing their experience to keep them proficient and competent in handling their day-to-day job functions,
as well as to meet the current business requirements and future business needs.
- The Group’s Vision, Mission and Core Values, are shared and communicated to all levels and are easily
accessible on Group’s official website. This includes Code of Conduct & Ethics for Employees, Code of
Ethics for Company Directors, as well as avenues for whistle blowing.
- Centralised controls of selected key functions of the Group include: -
- Finance & Accounts (including Tax and Treasury)
- Tender, Procurement & Budget
- Quality, Environment, Safety & Health (“QESH”)
- Human Resource & Administration
- Sales & Marketing
- Procurement, Legal, and Information Technology
- The IAD, which reports directly to the Audit Committee, perform internal audits on various operating
units within the Group based on an audit plan approved by the Audit Committee. The IAD checks
for compliance with policies and procedures and the effectiveness and adequacy of the internal control
systems and highlights material findings, together with recommendations and action plans, in the quarterly
Audit Committee meetings. Further details of IAD’s functions and activities are set out in the Audit
Committee Report contained in the 2018 Annual Report.
- The external auditors’ audit plan, scope of work, and audit procedures to be adopted in the annual report
for the financial year in relation to the audit service on the Group’s financial statements are reviewed by the
Audit Committee. The review also includes a review on the suitability, objectivity and independence of the
- Subsidiaries that are accredited with QESH accreditation i.e. ISO 9001:2015, OHSAS 18001:2007 and ISO
14001:2015 undergo scheduled internal / external audits and the results of these audit are reported to the
4. RISK MANAGEMENT
The Group’s risk management activities are governed by the Risk Management Policy and Risk Management
Frameworks approved by the Board, which have been put in place to provide a common understanding
and approach in the application of risk management process across the Group. The RMC is responsible to
developing, executing and maintaining the risk management system, including the continual review process of
identified risks and the effectiveness of mitigation strategies and controls.
At operating unit level, risk owners are responsible for identifying risks that may have an impact on achieving
their operational/financial and other business objectives. The identified risks are assessed using qualitative and
quantitative aspects against their likelihood (based on risk appetite) and their impact matrix. Thereafter, gross
risks are ranked accordingly, after taking into consideration of gross likelihood and gross impact should the risks
occur, before they are ranked as Residual risks, after taking into consideration the effectiveness of controls and
action plans taken to mitigate the risks. Detailed action plans would then be identified, in order to manage such
risks to an acceptable level.
During the year, risks and mitigating actions are reported to the RMC before being presented to the Audit
Committee on a quarterly basis.
5. INFORMATION, COMMUNICATION AND MONITORING
- A financial system is in place to ensure all financial transactions are timely and correctly captured in the
accounting system to generate an accurate periodic management financial report for performance review
and decision making by the Management and the Board.
- Annual strategic business plans are prepared by all business units and are being monitored at quarterly
Management Committee meetings and presented to the Board for information. The Board also reviews
the operational and financial results on a quarterly basis before the Group’s interim financial results are
announced to Bursa.
- The Directors and Senior Management conduct regular visits to Group’s project sites as well as principal
investment properties and meet up with the Group’s customers and business associates in order to
review the Group’ operations, to gain first-hand knowledge of significant operational matters as well as to
understand any significant risks so that an informed decision-making can be made.
- The Group’s performance and financial results are communicated to the shareholders, stakeholders and
the general public on a quarterly basis via the release of interim financial reports. In addition, once a
year, the Company would convene an Annual General Meeting whereby the Board would be able to brief
the shareholders of the Company on the operational and financial performance of the Group. Company
briefings with financial analysts and institutional investors are also conducted regularly to keep the
investment community abreast with the development of the Group.
As an entity with a diversified business portfolio, the Group faces exposure to various risks. Hence, where
possible all such risks relating to the Group’s business operations, assets and employees are adequately insured
in order to minimise the related financial impact.
Review of the Statement by External Auditors
As required by Paragraph 15.26(b) of the LR of Bursa Securities, the external auditors have reviewed this Statement
on Risk Management and Internal Control. Their limited assurance review was performed in accordance with the Audit
and Assurance Practice Guide (“AAPG”) 3, Guidance for Auditors on Engagements to report on the Statement on Risk
Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants.
AAPG 3 does not require the external auditors to form an opinion on the adequacy and effectiveness of the risk
management and internal controls system of the Group. The report from the external auditors was made solely for
the Board in connection with their compliance with the LR of Bursa Securities. The external auditors do not assume
responsibility to any person other than the Board in respect of any aspect of this report.
For the financial year ended 31 December 2018 and up to the date of issuance of this Statement, the Board is
generally satisfied with the adequacy and effectiveness of the Group’s risk management and internal controls system.
(This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board
dated 19 April 2019)