About Us

Home About Us Governance & Policies
Statement on Risk Management & Internal Control

The Board of Directors (“the Board”) is committed to maintaining a sound system of risk management and internal control for WCT Holdings Berhad (“WCT” or “Company”) and is pleased to present its Statement on Risk Management and Internal Control (“Statement”) for the financial year ended 31 December 2022 (“FYE2022”). This Statement is prepared pursuant to paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) of Bursa Malaysia Securities Berhad (“Bursa Securities”) in accordance with the Malaysian Code of Corporate Governance and as guided by the latest “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers” (“the Guidelines”) issued by Bursa Securities on the issuance of internal control statements.

  • Maintain reliable and effective risk management practices to identify, assess and monitor key business risks and to safeguard and enhance the Group’s assets and shareholders’ investments; and
  • Review the effectiveness of the risk management framework in identifying and managing risks and internal processes which includes but is not limited to ensuring the adequacy of risk management policy and infrastructure to facilitate the implementation of action plans for risk management.

The Board acknowledges its overall responsibilities in establishing a sound system of risk management and internal control as well as reviewing its adequacy and effectiveness to safeguard shareholders’ investments and the Group’s assets.

The Board has delegated the responsibility of risk management oversight and control to the Board Risk & Sustainability Committee (“BRSC”) while the Risk Management Committee (“RMC”) is responsible for developing, executing and maintaining an effective risk management system, including the continual review process of identified risks and the effectiveness of mitigation strategies and controls.

The responsibilities of the BRSC in respect of risk management and internal control are as follows:

i. To set risk management policies and provide an independent oversight of the risk appetite and the implementation and operation of the Group’s enterprise-wide risk management framework and integrity management framework;
ii. To promote adequate awareness and understanding of risk, including sustainability risk, bribery & corruption risks and controls by the Management and risk owners in order to safeguard stakeholders’ interests and add value to the Group;
iii. To provide oversight, direction and counsel to:
  • the risk management process and risk compliance framework in line with the Listing Requirements of Bursa Securities (e.g., the Guidelines); and
  • the anti-bribery and anti-corruption activities in line with Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (amendment 2018) (“MACC Act”) and the Prime Minister’s Office Guidelines on Adequate Procedures.
The Board recognises that any risk management system is designed to manage and mitigate rather than eliminate risk completely. As such, it should be noted that such systems can only provide reasonable assurance against its occurrence and not absolute assurance against material error, misstatement, operational failure, loss or fraud.

The Board confirms that there has been an established ongoing process for identifying the principal risks impeding the achievement of the organisation’s goals and objectives:
  • To evaluate the nature and extent of those risks;
  • To manage them efficiently, effectively and economically; and
  • To execute regular review and take into account changes in the regulatory and business environment as mentioned in the Guidelines.
In accordance with the Guidelines, the Board assures that this process has been in place for the year under review and up to the date of approval of this Statement for inclusion in the Annual Report.

The Board regards the importance of key risk management and internal control system that set the tone for the Group as critically important. In recognising the importance of risk management and internal control system in the overall governance process, the Board has instituted the following:

The BRSC, which is guided by its Terms of Reference:-
i. To review the regular updates of risk profiles of each business segment, including the relevant internal controls and measures to mitigate the impact of the risks identified; and
ii. To provide strategic direction in terms of risk management and mandate the RMC to oversee the establishment and implementation of the risk management process.

The members of the BRSC are:
Members Directorship Role
Dato’ Ng Sooi Lin Independent Non-Executive Director Chairman
Tan Sri Marzuki Bin Mohd Noor Independent Non-Executive Director Member
Datuk Ab Wahab Bin Khalil Independent Non-Executive Director Member
Rahana Binti Abdul Rashid Independent Non-Executive Director Member

The responsibilities of the BRSC in respect of risk management and internal control are as follows:
(i) To report to the Board on the Group’s risk exposures, including the review of the risk management framework and integrity management framework used to monitor the risk exposures and the Management’s views on the acceptable and appropriate level of risks faced by respective business units/divisions of the Group;
(ii) To review and advise the Board on the potential risk strategies and, if deemed fit, to recommend to the Board of Directors of the Company to approve any acquisitions, investments and/or divestments of assets or properties, including any acquisition of landed properties via outright purchase and/or joint venture (but excluding any acquisitions of plant and equipment in the ordinary course of business of the Group); and
(iii) To support and provide oversight for the implementation of the Company’s and the Group’s sustainability strategies, initiatives, policies and practices as approved by the Board, including setting and assessing of targets and measuring the performance against targets and to report to the Board on the same regularly.

The RMC assists the BRSC in ensuring the establishment of sound and robust risk management framework, processes and practises to achieve the Group’s strategic objectives and safeguard shareholders’ investments and the Group’s assets.

The RMC is responsible for the implementation of the approved framework, policies and procedures pertaining to risk management and internal control to ensure that business strategies and risk management are aligned.

The members of the RMC are:
Designations Role
Head of Machinery Chairman
Chief Executive Officer – Engineering & Construction Member
Director of Construction Member
Director of Legal Affairs & Secretarial Member
Director of Finance & Accounts Member
Chief Executive Officer - Mall Member
Chief Operating Officer – Property Member
Director – Executive Chairman Office Member
The Group Enterprise Risk Management Framework

The Group has established the Risk Management Framework to provide guidelines on the effective management of risks through the application of Enterprise Risk Management (“ERM”) processes at varying levels and within the Group. The framework ensures that the risk-related information derived from the ERM process is adequately reported and used as a basis for decision making and is accounted for at all relevant organisational levels. The framework shall be continuously assessed and improved to ensure its adaptability to the changing business environment.

The framework outlines:
  • Policy and governance structure for the ERM within the Group;
  • Risk management roles and responsibilities within the Group and procedures to mitigate risks;
  • Methodology for risk assessment and risk response; and
  • Reporting framework to ensure clear communication for all risk management activities and reporting.
Internal Control

The key elements of the Group’s internal control system include:
1. Control Environment
  • Various Board and Management Committees have been established to assist the Board in discharging its duties.
    Board Committee Management Committee
    1. Audit Committee 1. Management Committee
    2. Board Risk & Sustainability Committee 2. Risk Management Committee
    3. Nomination & Remuneration Committee
    4. Option Committee  
  • The Board established the BRSC which comprises Independent Non-Executive Directors. The BRSC primarily assist the Board in reviewing the organisational risks, bribery & corruption risks and internal controls with the assistance of the RMC, Group Internal Audit Department (“GIAD”) and Group Integrity Unit (“GIU”).
  • The Board also demonstrates a commitment towards high integrity culture and ethical values with the establishment of the Integrity Management Framework (“IMF”).
  • Discretionary Authority Limits duly approved by the Board are prescribed to govern the authority limits granted to the designated personnel who are duly authorised to carry out their respective job responsibilities as well as to represent the Group in all official correspondences and documentations on behalf of the Group covering capital expenditures, procurements, payments, investments, acquisitions and disposals.
2. Integrity
  • The BRSC had on 30 August 2022 approved the IMF to express the Group’s commitment to complying with Adequate Procedures based on the T.R.U.S.T principle.
  • The GIU is responsible for managing complaints (received from various channels available, i.e., whistleblowing (“WB”) official e-mail address, WB online form and letter to Chairman of AC. The WB online form is available on the Company’s website at www.wct.com.my
  • The Group is committed to conducting all of its businesses in an ethical manner by implementing the Integrity Due Diligence process to all applicable service providers and obtaining Declarations of Integrity from employees and applicable service providers.
3. Anti-Bribery & Anti-Corruption

  • The Group has adopted and implemented the Anti-Bribery and Anti-Corruption (“ABAC”) Policy and ABAC Standard Operating Procedures (“ABAC-SOP”) since 1 June 2020 which is in line with the requirements set out in Section 17A of the MACC Act.
  • The Group is committed to mitigating the risks of bribery & corruption in all of its business transactions by implementing an Anti-Bribery Management Systems throughout the Group.
  • The ABAC policy and ABAC-SOP are available on the Company’s website at www.wct.com.my.
4. Risk Assessment

The Management of each division/business unit is responsible for:-
  • identifying, assessing, reviewing, monitoring and managing their risks, including Economic, Environmental and Social and bribery and corruption; and
  • identifying and assessing changes that could significantly impact the system of internal control.
5. Control Activities
  • Annual strategic business plans and financial budgets are prepared by all key business units and are being monitored at quarterly Management Committee meetings and subsequently presented to the Audit Committee and the Board for deliberation.
  • An Integrated Management System, incorporating ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 requirements have been established and implemented to enable high-quality, cost-effective, reliable, safe and environmentally friendly products and services. Existing certification available are as follows; -



    Certification No

    Issued to

    Valid until

    Quality Management System (“QMS”)

    ISO 9001: 2015

    QMS 00887

    WCT Berhad (including WCT Construction Sdn Bhd)

    8 Apr 2025

    QMS 01762

    WCT Machinery Sdn Bhd

    4 Oct 2024

    QMS 01306

    WCT Land Sdn Bhd and its subsidiaries

    2 Sept 2025

    QMS 03141

    WCT Properties Sdn Bhd

    13 Jul 2023

    Environmental Management System (“EMS”)

    ISO 14001: 2015

    EMS 00520

    WCT Berhad (including WCT Construction Sdn Bhd)

    8 Apr 2025

    EMS 00931

    WCT Machinery Sdn Bhd

    14 Dec 2023

    Occupational Health & Safety Management System 

    ISO 45001: 2018

    OHS 00221

    WCT Berhad (including WCT Construction Sdn Bhd)

    8 Apr 2025

    OHS 00503

    WCT Machinery Sdn Bhd

    4 Oct 2024

    OHS 00227

    WCT Land Sdn Bhd and its subsidiaries

    2 Sept 2025

6. Information and Communication
  • The risks identified in divisions/business units are presented to the RMC and the BRSC on a quarterly basis.
  • Significant risk matters that require particular attention are reported to the BRSC and the Board.
  • The Group’s quarterly financial performance is presented to the Audit Committee and the Board for review and approval.
7. Monitoring
  • The GIAD, which reports directly to the Audit Committee assists the Board in ascertaining the adequacy and effectiveness of the Group’s internal control system based on the approved audit plan.
  • Detailed internal audit reports (comprised of audit findings, together with recommendations and proposed action plans) are submitted for deliberation by the Audit Committee during quarterly Audit Committee meetings.
  • The GIAD follows up on the Management’s responses and action plans stated in the internal audit reports.

The objective of the risk management process is to develop an individual risk profile via risk identification, analysis, treatment and evaluation of existing controls. The following diagram depicts the risk management approach in the Group:

At operating unit level, risk owners are responsible for identifying risks that may have an impact on achieving their operational/financial and other business objectives. Gross risks are ranked accordingly, after taking into consideration of gross likelihood and gross impact should the risks occur, before they are ranked according to the residual risks, after taking into consideration the effectiveness of controls and action plans taken or proposed to be taken to mitigate such identified risks. Detailed action plans would then be implemented in order to manage such risks to an acceptable level.
Risk Assessment and Reporting

During the period under review, the Group, through its Group Risk Management Department (“GRMD”), had assessed and reviewed the effectiveness of the control procedures indicated in the risk profiles of the business divisions (“Risk Owners”) and subsequent action plans after such assessments and reviews.

The GRMD team worked very closely with the Risk Owners to understand all key aspects of the business and operations, which includes (but is not limited to) the nature of the business and operations, socio-economic environment, competitions and other factors that may affect the achievement of business objectives.

The findings of the assessment and review were then discussed with the Risk Owners on the effectiveness of the control measures to mitigate risks.
Monitoring and Review

Where the findings revealed certain weaknesses in the control procedures to mitigate risks, these were discussed with the Risk Owners. Risk Owners had provided assurance and commitment in terms of action plans to strengthen the control procedures and target dates of these action plans were put in place.

The GRMD will re-visit the risk assessment of these control procedures of the business divisions on a quarterly basis to ensure such action plans are implemented and functioning effectively.

It will also assess and review the control procedures to ensure they are satisfactory, consistent and continue to operate satisfactorily and effectively within the Group.

For the FYE2022, the business divisions assessed and reviewed by the GRMD include:
i. Engineering & construction
ii. Property
iii. Mall
iv. Hotel
v. Business aviation

The assessment and review findings of the GRMD together with the Risk Owners’ responses were deliberated by the RMC. Where applicable, the GRMD will provide recommendations to improve the effectiveness of risk management, internal control systems and governance processes.

Assessments and reviews by the GRMD are carried out on the business divisions using a risk-based approach taking into consideration inputs from the BRSC and the Audit Committee.

The objective of the risk assessment and review is to assist the Board in performing its oversight responsibilities and to increase shareholders’ confidence in the Group’s system of risk management and internal control.

Risks that were assessed by the GRMD and discussed with the Risk Owners, the RMC, and the BRSC during the current financial year are summarised below. These risks are still relevant and mitigation responses are in place and continuously monitored to mitigate risk exposures:
Division Key Risk Description Control Measures
Engineering & construction Project delay Delay or the extension of time ("EOT") in the completion of project occurs in most construction projects, regardless of the project complexity. To a contractor, the impact would be cost incurred for prolongation of construction period, delay damages charged by Employer for failure to deliver completed work on time and in worst case scenario, termination of contract that would have a bigger implication on the contractor. For WCT, current delays are caused by many reason(s) which includes (but is not limited to) change in project scope, project complexity, inadequate planning, inappropriate project schedule, change of design, resources becoming unavailable or insufficient, project objectives and deliverable are not realistic within the project constraint, unpredictable external changes like COVID-19 and etc.
  • Inform the Employer in a timely manner on all delaying events, together with probable time and cost impact from such delaying events.
  • Maintain adequate and complete records on all delaying events which are crucial for applying for extended construction period.
  • Apply for EOT from Employer for number of days lost due to the recorded delaying events.
  • Manage Project resources allocation such as machineries and manpower by mobilising them to critical project locations in a timely manner.
Shortage of workers Despite the lifting of the COVID-19 freeze on recruiting foreign workers in February 2022, Malaysia has not seen a significant return of migrant workers due to slow government approvals and protracted negotiations with key foreign governments such as that of Indonesia and Bangladesh over worker protections. This, together with increase in levy for foreign workforce, caused shortage of labour supply at construction sites which in turn added to the delay in progress of work.
  • Apply for new quota for foreign labour with Ministry of Human Resources.
  • Immediately source for foreign labour from the relevant country once the quota is approved.
  • Prepare all necessary deliverables to comply with requirements set by Jabatan Tenaga Kerja in terms of workers’ accommodation and
  • Use foreign workers supplied by local agents to mitigate the effect from current shortage of directly hired foreign workers.
Increase in material price Globally, cost of construction materials is continually soaring and has reached a record 40-year high, as per the annual growth of the Building Cost Information Service Material Cost Index. A combination of logistical problems and increased global demand in the construction industry has resulted in huge shortages and delays, leading to increased materials prices. This situation has caused the increase in project cost and impacted the targeted bottom line.
  • Pursue Variation of Price claim for government projects based on latest circular from Treasury Malaysia issued on 15 July 2022.
  • Implement stringent procurement procedures to mitigate risk of excessive purchase.
  • Continuous and close monitoring and reporting of material purchased, utilised and wastage.
Diminishing order book As at 30 September 2022, the Group’s existing order book balance stands at RM3.814 billion which would last until 2025. In the Malaysian 2023 Budget, there is no major allocation towards new mega infrastructure projects despite an allocation of RM400 billion for projects for 2021-2025 (under the 12th Malaysian Plan) as most of the projects announced were existing projects or a reiteration of previously planned projects. This would affect the ability to secure major government projects.
  • Actively look for suitable overseas business opportunities.
  • Continuously participate in selected local private and government tender for construction work.
Property High number of unsold completed properties The Group’s existing property stock is mainly contributed by completed property in Medini Johor (which was hampered by the status of ownership i.e., Strata Private Lease Scheme) and recently completed property in Klang Valley in which the market was softened by market condition and oversupply of high-rise property stock.
  • Continuous promotion with attractive sales campaign such as promote easy purchase entry, WCT Buddy points reward and sales incentive repackaging.
  • Continuous marketing effort to dispose the property stock which includes participation in property fairs and roadshows, exposure on digital platform and social media and organising events at sales gallery.

The Group Managing Director and the Director of Finance and Accounts have provided the Board with assurance that the Group risk management and internal control system are operating adequately and effectively. All internal control weaknesses identified during the period under review have been or are being addressed. There were no major internal control weaknesses that require disclosure in the Annual Report. The Management continues to review and take measures to strengthen the risk management and control environment.
Review of the Statement by External Auditors

As required by Paragraph 15.26(b) of the MMLR of Bursa Securities, the external auditors of the Company have reviewed this Statement on Risk Management and Internal Control prepared by the Company for the FYE2022. Their limited assurance review was performed in accordance with the Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information and Audit and Assurance Practice Guide (“AAPG”) 3, and Guidance for Auditors on Engagements to report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants.

AAPG 3 does not require the external auditors to form an opinion on the adequacy and effectiveness of the risk management and internal control system of the Group. The review by the external auditors was made solely for the benefit of the Board in connection with the compliance with the MMLR of Bursa Securities by the Company. The external auditors do not assume responsibility to any person other than the Board in respect of any aspect of their review.

Having considered all aspects of the Group’s risk management and internal control system in place as set out in this Statement, the Board is generally satisfied with the adequacy and effectiveness of the Group’s risk management and internal controls during the FYE2022 and the period up to the date of issuance of this Statement.

(This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board dated 20 April 2023)
Other Governance and Policies: