INTRODUCTION
Pursuant to Paragraph 15.26(b) of the Main Market Listing Requirements (“MMLR”) of Bursa Malaysia Securities Berhad (“Bursa Securities”) and the “Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers” a listed issuer must ensure that its Board of Directors (“Board”) includes in its annual report a statement about the state of its risk management and internal controls as a group. In addition, the Malaysian Code on Corporate Governance (As at 28 April 2021) (“MCCG”) also stipulates that the Board should maintain a sound system of internal controls and review its effectiveness to safeguard shareholders’ investments and the Group’s assets.
Set out below is the Statement on Risk Management and Internal Control for financial year ended 31 December 2024 (“FYE2024”).
INTRODUCTION
BOARD’S RESPONSIBILITY
The Board is committed to maintaining a sound system of internal controls and has instituted a risk management framework, as well as good corporate governance measures to monitor the effectiveness of the measures and controls put in place by the Group to safeguard Shareholders’ investments and the Group’s assets.
The Board is responsible for determining key strategies and policies for significant risks and control issues, whereas Management is responsible for the effective implementation of the Board’s policies by way of identifying, monitoring and managing risks. However, as any system of internal controls will have its inherent limitations, the system has been designed to manage risks rather than provide absolute assurance against the elimination of risks including e.g. material misstatement, fraud or loss.
The Board has also received reasonable assurance from the Group Managing Director and Director of Finance & Accounts that the Group’s risk management and internal control system is operating adequately and effectively, in all material aspects. All internal control weaknesses identified during the period under review have been or are being addressed and there were no major internal control weaknesses that require disclosure in the Annual Report. The Management continues to review and take measures to strengthen the risk management and control environment.
RISK MANAGEMENT FRAMEWORK
The Board has put in place a Risk Management Framework (“RMF”) that is principally aligned with ISO 31000:2018. The RMF provides the foundation for managing risks across the Group where internal controls are designed to address and manage the risks identified. Applying the RMF and relevant practices set out in the MCCG ensures that there is an on-going process of identifying, evaluating and managing risk exposure. Management is accountable to the Board for risk management and internal control and has implemented processes to identify, evaluate, monitor and report risks in a timely manner. Management promptly mitigates risks through the design and implementation of effective and relevant controls.
a. Board Risk and Sustainability Committee (“BRSC”)
- All of the BRSC members are Independent Non-Executive Directors appointed by the Board. The BRSC is responsible for, amongst others:
- Creating a high-level risk strategy policy aligned with the Group’s strategic business objectives.
- Performing risk oversight and reviewing risk profiles; and
- Providing guidance to the business units’ risk appetite and capacity, and other criteria which, when exceeded, triggers an obligation to report upwards to the Board.
b. Risk Management Committee (“RMC”)
- The RMC comprises heads of business units i.e. engineering & construction, property, mall, hotel, business aviation, finance and legal and undertakes the following responsibilities
- Assists the BRSC in ensuring the establishment of sound and robust risk management framework, processes and practices to achieve the Group’s strategic objectives and safeguard shareholders’ investments and the Group’s assets.
- Implementation of the approved framework, policies and procedures pertaining to risk management and internal control to ensure that business strategies and risk management are aligned.
c. Risk Management Process
The following diagram depicts the risk management approach of the Group:
During the year under review, all registered risks of the Group were presented and deliberated in the RMC and BRSC meetings. Each unit is responsible for taking ownership and managing its risks. Group Risk Management Department (“GRMD”) helps to facilitate each unit in discharging its risk management responsibilities. GRMD helps in the risk assessment process of risk identification and risk rating determination by the respective process owners. GRMD also provides guidance and support in the development of risk action plans and monitors the risk mitigation action effectiveness and status.
The risk owners are responsible for identifying, analysing and evaluating risks, as well as developing, implementing and monitoring risk action plans and reporting all risks to the RMC and BRSC. During RMC and BRSC meetings, members and invitees would take note of risks, the potential impact and likelihood of risks occurring, the effectiveness of existing controls and the risk action plans that have been or are being taken to manage the risks to the desired levels.
KEY INTERNAL CONTROL FEATURES
1. DELEGATION OF RESPONSIBILITIES
The Board has delegated its responsibility to several board committees and to the Management to implement and monitor designated task. At Management level, organization charts are used to establish a clear line of reporting and delineation of responsibilities.
The Board has delegated the responsibility of risk management oversight and control to the BRSC while the RMC is responsible for overseeing the implementation and compliance of a robust risk management process and the relevant internal controls system.
The Audit Committee (“AC”) performs regular risk management assessments and through the Internal Audit function, reviews the internal control processes and evaluates the adequacy and effectiveness of the risk management and internal control system.
2. PLANNING, MONITORING AND REPORTING
For the current year’s business plan and budget, the Group has prepared an annual business plan and budget for all business divisions. The performance of each business is monitored at quarterly Management Committee meetings and subsequently presented to the AC and the Board for deliberation.
Quarterly Board and Board Committee Meetings including the AC, BRSC and RMC are being conducted to review business performance, discuss strategic matters and deliberate on key risks and matters brought up by the management as well as by the internal and external auditors.
3. DISCRETIONARY AUTHORITY LIMIT
Discretionary Authority Limits duly approved by the Board are prescribed to govern the authority limits granted to designated personnel who are duly authorised to carry out their respective job responsibilities as well as to represent the Group in all official correspondences and documentation on behalf of the Group covering capital expenditures, procurements, payments, investments, acquisitions and disposals.
4. QUALITY ASSURANCE AND QUALITY CONTROL (“QAQC”)
To ensure that the products delivered to its customers meet the expectation and quality required, the following entities of the Group are certified with Quality Management System, ISO 9001: 2015:
|
Issued to
|
Certification no
|
Valid until
|
|
WCT Berhad (including WCT Construction Sdn Bhd)
|
QMS 00887
|
8 Apr 2028
|
|
WCT Machinery Sdn Bhd
|
QMS 01762
|
14 Dec 2026
|
|
WCT Land Sdn Bhd and its subsidiaries
|
QMS 01306
|
2 Sept 2025
|
5. SAFETY, HEALTH AND ENVIRONMENT (“SHE”)
In ensuring employees work under a safe environment and the effect from the Group’s operations towards the environment are adequately monitored, the following entities have implemented adequate SHE procedures according to the following respective accredited systems:
|
Type
|
Ref
|
Certification No
|
Issued to
|
Valid until
|
|
Occupational Health & Safety Management System
|
ISO 45001: 2018
|
OHS 00221
|
WCT Berhad (including WCT Construction Sdn Bhd)
|
8 Apr 2028
|
|
OHS 00503
|
WCT Machinery Sdn Bhd
|
14 Dec 2026
|
|
OHS 00227
|
WCT Land Sdn Bhd and its subsidiaries
|
2 Sept 2025
|
|
Environmental Management System
|
ISO 14001: 2015
|
EMS 00520
|
WCT Berhad (including WCT Construction Sdn Bhd)
|
8 Apr 2028
|
|
EMS 00931
|
WCT Machinery Sdn Bhd
|
14 Dec 2026
|
6. INTERNAL AUDIT
Group Internal Audit Department (“GIAD”) provides independent and objective assurance to the Board that the established internal controls, risk management and governance processes are adequate and are operating effectively and efficiently.
To ensure independence and objectivity, GIAD reports independently to the AC and has no responsibilities or authority over any of the activities it reviews. GIAD’s scope of work and activities are guided by the Internal Audit Charter, mandatory elements of The Institute of Internal Auditors’ International Professional Practices Framework and relevant regulatory guidelines.
An Annual Audit Plan based on the appropriate risk-based methodology has been developed and approved by the AC. On a quarterly basis, audit reports and status of internal audit activities including the sufficiency of GIAD resources are presented to the AC for review.
Periodic follow up reviews are conducted to ensure adequate and timely implementation of Management’s action plans. Further information on the activities of GIAD can be found in the AC Report.
7. BRIBERY MANAGEMENT SYSTEMS
The Group is committed to mitigating the risks of bribery and corruption in all its business transactions by implementing a bribery management system. The processes undertaken to mitigate possibility of bribery and corruption were conducted according to T.R.U.S.T principles outlined in the Guidelines on Adequate Procedures issued by the Prime Minister’s Department:
a. Top level commitment
The Group has established an Anti-Bribery and Anti-Corruption (“ABAC”) Policy and ABAC Standard Operating Procedures (“ABAC-SOP”) since 1 June 2020, as a commitment to prevent all forms of bribery and corruption in its daily business activities consistent with the Group’s core values to promote good governance. An Integrity Management Framework was approved on 30 August 2022 to provide guidance to Group Integrity Unit (“GIU”) in executing its duties and responsibilities.
b. Risk assessment
The Group recognises the importance of adopting a corruption risk assessment (“CRA”) into its existing business processes. CRA is a risk-based management tool that guides the development of corruption risk profiles and risk action plans that effectively minimise the exposure to bribery and corruption. The GIU will identify any structural weaknesses in the existing business processes that may give room for bribery and corruption and register the risks in the corruption risk register.
c. Undertake control measures
Throughout the year, the GIU perform integrity due diligence for service providers and obtains declarations of integrity from employees and service providers.
d. Systematic review
During the year, the Group has embarked upon the process of obtaining ISO 37001: 2026 – Anti- Bribery Management System in line with the directive from the government of Malaysia.
e. Training and communication
Throughout the year, the GIU has implemented various anti-bribery programs including training for new and existing employees, anti-bribery communications, on a monthly basis as well as during festive seasons, to all employees and anti-bribery awareness competition in conjunction with International Anti-Corruption Day.
8. WHISTLEBLOWING PROCEDURES
The Group has established a whistleblowing (“WB”) policy to provide a clear direction for whistle-blowers to raise concerns with regard to any suspected wrongdoing, bribery or corruption. The WB policy provides assurance to whistle-blowers who are employees of the Group that they will be protected against reprisal and/or retaliation from their immediate superiors or heads of departments/divisions, in line with the Whistleblower Protection Act 2010. The GIU is responsible for managing complaints (received from various channels available including e.g. WB official e-mail address, WB online form and letter to the Chairman of AC). A copy of ABAC policy is published on the Company’s website.
REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS
As required by Paragraph 15.26(b) of the MMLR of Bursa Securities, the external auditors of the Company have reviewed this Statement on Risk Management and Internal Control prepared by the Company for the FYE2024. Their limited assurance review was performed in accordance with the Malaysian Approved Standard on Assurance Engagements, ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information and Audit and Assurance Practice Guide (“AAPG”) 3 and Guidance for Auditors on Engagements to report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants.
AAPG 3 does not require the external auditors to form an opinion on the adequacy and effectiveness of the risk management and internal control system of the Group. The review by the external auditors was made solely for the benefit of the Board in connection with the compliance with the MMLR of Bursa Securities by the Company. The external auditors do not assume responsibility to any person other than the Board in respect of any aspect of their review.
Conclusion
Having considered all aspects of the Group’s risk management and internal control system in place as set out in this Statement, the Board is generally satisfied with the adequacy and effectiveness of the Group’s risk management and internal controls during the FYE2024 and the period up to the date of issuance of this Statement on Risk Management and Internal Control.
(This Statement on Risk Management and Internal Control is made in accordance with the resolution of the Board dated 23 April 2025)
Other Governance and Policies:
