Affin Bank Berhad | Annual Report 2020

a. The Board recognises and exercises overall responsibilities in promoting good corporate governance and ensuring sound system of internal controls and risk management practices are maintained throughout the Bank and its subsidiaries (“the Group”). b. The Group’s Corporate Governance Framework is consistent and complies with the following requirements and guidelines: • Malaysian Code of Corporate Governance 2018 (“MCCG 2018”) • Bank Negara Malaysia’s (“BNM”) Corporate Governance Policy (“BNM CG Policy 2016”) c. The Board is of the view that the system of internal controls instituted by the Group’s operating units for the year under review and up to the date of annual report is sound and sufficient to safeguard shareholders’ investment, customers’ interests and the Group’s assets. d. Notwithstanding this, there are continuous reviews to ensure the effectiveness, adequacy and integrity of the system. The control procedures are designed to manage rather than to eliminate completely all risks of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material errors, losses, fraud or the occurrence of unforeseeable circumstances. e. The Board meets regularly to discuss matters related to system of internal controls which cover inter alia financial, operational, compliance controls and risk management procedures. f. The Board extended the responsibilities of the Group Board Audit Committee (“GBAC”), Group Board Risk Management Committee (“GBRMC”) and Group Board Compliance Committee (“GBCC”) to include the role of oversight of financial reporting, disclosures, internal controls, compliance and risk management strategies, policies and other risk related matters. g. All GBAC and GBCC members are Independent Non-Executive Directors, while GBRMC comprises majority Independent Non-Executive Directors. h. Board receives regular reports from the Group’s management relating to financial performance, key operating statistics, legal and regulatory compliance, breaches of law or regulations, unauthorised activities, and fraud. 200 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL ORGANISATION EXECUTIVE SUMMARY CORPORATE GOVERNANCE FINANCIAL STATEMENTS OTHER INFORMATION CORPORATE GOVERNANCE & BOARD’S OVERSIGHT a. Group Board Audit Committee (“GBAC”) is a Board delegated committee in charge of the oversight on financial reporting, disclosures and internal controls. GBAC comprises four (4) independent non- executive directors. b. The principal responsibility of GBAC is to provide independent appraisal on the adequacy and effectiveness of internal control and governance process implemented by Management. c. In evaluating internal controls, GIA adopts the 5 components set out in the Internal Control Integrated Framework issued by the Committee of Sponsoring Organisations of the Treadway Commission (“COSO”); namely control environment, risk assessment, control activities, information and communication, and monitoring activities. COSO is an internationally recognised organisation providing thought leadership and guidance on internal control, enterprise risk management and fraud deterrence. d. The GBAC regularly reviews and holds discussions with management on the action taken on internal control issues identified by Group Internal Audit, external auditors and regulatory authorities. e. All significant and material findings by GIA, external auditors and regulators are reported to GBAC for reviews and deliberation and subsequently escalated to the BOD. GROUP BOARD AUDIT COMMITTEE (“GBAC”) AND GROUP INTERNAL AUDIT (“GIA”)