About Us

Home About Us Governance & Policies
Statement on Risk Management & Internal Control


The Board of Directors (“the Board”) is pleased to present its Statement on Risk Management and Internal Control for inclusion in the Annual Report 2021 of WCT Holdings Berhad (“WCT” or “Company”). This statement serves to outline the nature and scope of risk management and internal control system of the Company and its subsidiaries (“Group”) for the financial year ended 31 December 2021 (“FYE2021”). This Statement is prepared pursuant to paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) of Bursa Malaysia Securities Berhad (“Bursa Securities”) and guided by the “Statement on Risk Management and Internal Control – Guidelines for Directors of Listed Issuers (“SRMICG”) issued by Bursa Securities on the issuance of internal control statement.

The Board of WCT affirms the overall responsibility for maintaining a sound system of risk management and internal control so as to safeguard shareholders’ interests and the Group’s assets. The system of risk management and internal control is designed to manage but may not totally eliminate the risk of failure to achieve business objectives. Accordingly, such systems can only provide reasonable and not absolute assurance against material error, misstatement or losses. The Board confirms that there is an ongoing process of identifying, evaluating and managing all significant risks faced by the Group that has been in place for the year and up to the date of approval of this Statement for inclusion in the Annual Report. The process is regularly reviewed by the Board and is in accordance with SRMICG and the Group’s Risk Management Policies and Procedures.

The risk management framework clearly defines the authority and accountability in implementing the risk management process and internal control system. The Management assists the Board in implementing the process of identifying, evaluating and managing significant risks applicable to their respective areas of business and in formulating suitable internal controls to mitigate and control these risks.

The Board has delegated the responsibility of risk management oversight and control to the Board Risk & Sustainability Committee (“BRSC”) while the Risk Management Committee (“RMC”) is responsible for developing, executing and maintaining an effective risk management system, including the continual review process of identified risks and the effectiveness of mitigation strategies and controls.

At operating unit level, risk owners are responsible for identifying risks that may have an impact on achieving their operational/financial and other business objectives. Gross risks are ranked accordingly, after taking into consideration of gross likelihood and gross impact should the risks occur, before they are ranked according to the residual risks, after taking into consideration the effectiveness of controls and action plans taken or proposed to be taken to mitigate such identified risks. Detailed action plans would then be implemented in order to manage such risks to an acceptable level.

During the FYE2021, all risks identified by respective owners together with the controls and action plans undertaken or proposed to be undertaken to mitigate and manage the risk exposure are reviewed, appraised and assessed by the RMC. Where applicable, the RMC had also raised other issues of concerns and recommended additional mitigation actions to further mitigate the risk exposure. The RMC then reports the key risks and mitigations actions which have been deliberated and recommended to be implemented on a quarterly basis to the BRSC. After due deliberation, the BRSC would then present a summary of the key risks, mitigation actions and its recommendation to the Board for final endorsement.

The Group’s risk management and internal control systems comprise the following key processes:
  • Clearly defined operating structure, lines of responsibilities and delegated authority. Various Board and Management Committees have been established to assist the Board in discharging its duties.
Board Committee Management Committee
1. Audit Committee 1. Management Committee
2. Board Risk & Sustainability Committee 2. Risk Management Committee
3. Nomination & Remuneration Committee 3. Covid-19 Task Force
4. Option Committee  
  • Discretionary Authority Limits (“DAL”) duly approved by the Board are prescribed to govern the authority limits granted to the designated personnel who are duly authorised to carry out their respective job responsibilities as well as to represent the Group in all official correspondences and documentations on behalf of the Group covering capital expenditures, procurement, payments, investments, acquisitions and disposals.
  • The Group’s policies, procedures and guidelines are properly documented and made accessible to all employees to ensure that all employees are aware of and will comply with them. These policies, procedures and guidelines are subject to periodic review and improvements.
  • An Integrated Management System, incorporating ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 requirements have been established and implemented to enable high-quality, cost-effective, reliable, safe and environmentally friendly products and services. Existing certification available are as follows:



Certification No

Issued to

Valid until

Quality Management System (“QMS”)

ISO 9001: 2015

QMS 00887

WCT Berhad (including WCT Construction Sdn Bhd)

8 Apr 2022

QMS 01762

WCT Machinery Sdn Bhd

4 Oct 2021

QMS 01306

WCT Land Sdn Bhd and its subsidiaries

2 Sept 2022

QMS 03141

WCT Properties Sdn Bhd

13 Jul 2023

Environmental Management System (“EMS”)

ISO 14001: 2015

EMS 00520

WCT Berhad (including WCT Construction Sdn Bhd)

8 Apr 2022

EMS 00931

WCT Machinery Sdn Bhd

14 Dec 2023

Occupational Health & Safety Management System (“OHSMS”)

ISO 45001: 2018

OHS 00221

WCT Berhad (including WCT Construction Sdn Bhd)

8 Apr 2022

OHS 00503

WCT Machinery Sdn Bhd

4 Oct 2021

OHS 00227

WCT Land Sdn Bhd and its subsidiaries

2 Sept 2022

  • Proper guidelines for recruitment and performance evaluation including termination of employees are in place. Employee’s performance is regularly monitored, appraised and rewarded accordingly.
  • Training and development programmes are identified and scheduled with the objective of continuously upgrading their skills, broadening their knowledge, improving their competency as well as sharing their experience to keep them proficient and competent in handling their day-to-day job functions, as well as to meet the current business requirements and future business needs.
  • The Group’s Vision, Mission and Core Values, are shared and communicated to all levels of employees of the Group and are accessible on the Company’s official website and intranet. The Code of Conduct & Ethics for Employees is available on the Company’s website at www.wct.com.my.
  • The Group Internal Audit Department (“GIAD”), which reports directly to the Audit Committee based on approved audit plan. Detailed internal audit report (comprised of audit findings, together with recommendations and proposed action plans) are submitted for deliberation by the Audit Committee during the Audit Committee meetings held throughout the financial year.

    During the FYE2021, GIAD had performed twenty-seven (27) internal audits on the adequacy and operating effectiveness of the Group’s internal controls which have been duly reviewed by the Audit Committee. Audit findings reported by the GIAD and actions taken or proposed to be taken by the operating units to address the findings were deliberated at Audit Committee meetings. The minutes of the Audit Committee meetings held to deliberate the internal audit reports were subsequently escalated to the Board for notation.
  • In respect of joint ventures entered into by the Group, the Management of the joint ventures, which consist of representatives from the Group and other joint venture partners, are responsible to oversee the administration, operation and performance of the joint venture. Financial and operational reports of these joint ventures are provided regularly to the Management of the Company
  • Annual strategic business plans and financial budgets are prepared by all key business units and are being monitored at quarterly Management Committee meetings and subsequently presented to the Audit Committee and the Board for deliberation. The Audit Committee and the Board also review the operational and financial results of the Group on a quarterly basis before the Group’s quarterly interim financial results and annual financial results are released to Bursa Securities for public announcement.
  • The Group’s operating performance and financial results are communicated to the Company’s shareholders, stakeholders and the general public on a quarterly basis via the release of interim quarterly financial reports as well as on an annual basis via the Company’s annual report. In addition, once a year, the Company would convene an Annual General Meeting whereby the Board would be able to brief the shareholders of the Company on the operational and financial performance of the Group. Company briefings for financial analysts and institutional investors are also conducted regularly to keep the investment community abreast with the development and latest financial results of the Group.
  • The Group’s Anti-Bribery Management System (“ABMS”) was introduced on 1 June 2020 when both the Group’s Anti-Bribery and Anti-Corruption Policy (“ABAC Policy”) and Anti-Bribery and Anti-Corruption Policy standard operating procedures (“ABAC SOP”) were approved. In 2021, the Group appointed a service provider to digitalize the ABMS and the first training to users was conducted on 19 January 2022. The ABAC policy is available on the Company’s website at www.wct.com.my.
  • The whistle-blower program of the Group was initiated since 2017 when the Group’s Whistleblowing Policy was approved, and later revised in August 2020 to commensurate with the implementation of the Group’s ABAC policy and ABAC SOP since 1 June 2020. The whistleblowing form is available on the Company’s website at www.wct.com.my
  • The Group’s Covid-19 Task Force was set-up in March 2020 to assess, co-ordinate and monitor initiatives required to manage, mitigate and contain, to the extent possible, the risks arising from COVID-19 outbreak in order to safeguard the safety of all the employees of the Group as well as to protect the interests of our stakeholders. During the FYE2021, some highlights taken by the Group to protect its employees (including their family member) includes (but not limited to) the following: -
    • 1st and 2nd dose Covid-19 vaccination to all employees of WCT Group and their immediate family member.
    • Provide adequate RTK Antigen Self-Test kit to all employees for use before they commence work.
    • Provide an online platform (Microsoft Power Appellants) for employees to upload their RTK Antigen Self-Test result.
    • Provide adequate face mask for use by all employees of WCT Group.
The Group Managing Director and the Director of Finance and Accounts have provided the Board with assurance that the Group risk management and internal control system are operating adequately and effectively. All internal control weaknesses identified during the period under review have been or are being addressed. There were no major internal control weaknesses that require disclosure in the Annual Report. The Management continues to review and take measures to strengthen the risk management and control environment.
Review of the Statement by External Auditors

As required by Paragraph 15.26(b) of the MMLR of Bursa Securities, the external auditors of the Company have reviewed this Statement on Risk Management and Internal Control prepared by the Company for the FYE2021. Their limited assurance review was performed in accordance with Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information and Audit and Assurance Practice Guide (“AAPG”) 3, and Guidance for Auditors on Engagements to report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants.

AAPG 3 does not require the external auditors to form an opinion on the adequacy and effectiveness of the risk management and internal controls system of the Group. The review by the external auditors was made solely for the benefit of the Board in connection with the compliance with the MMLR of Bursa Securities by the Company. The external auditors do not assume responsibility to any person other than the Board in respect of any aspect of their review.

Having considered all aspects of the Group’s risk management and internal control system in place as set out in this Statement, the Board is generally satisfied with the adequacy and effectiveness of the Group’s risk management and internal controls during the FYE2021 and the period up to the date of issuance of this Statement.

(This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board dated 18 April 2022)
Other Governance and Policies: