Affin Bank Berhad | Annual Report 2020

201 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL AFFIN BANK BERHAD 197501003274 (25046-T) | ANNUAL REPORT 2020 Risk Governance Risk Appetite Risk Culture Risk Management Policy Risk Management Organization f. The GBAC, through GIA, follows up and monitors the status of actions on recommendations made by GIA, the external auditors and regulatory authorities. In addition, it can direct investigations in respect of any specific instances or events, which are deemed to have violated policies and procedures that have a material impact on the Group. g. GIA prepares the annual audit plan, ensures the adequacy of resources and obtains endorsement from the GBAC. h. Shariah related findings are escalated to the Shariah Committee. i. GIA also undertakes investigations into suspected fraudulent activities, staff misconduct, whistleblowing cases and other incidences, as and when required, and recommends appropriate improvements to prevent recurrence. j. GIA has unrestricted access to information required in the course of its work. GIA’s scope of work encompasses all business and support units throughout the Group. The scope is in accordance with The Institute of International Auditors’ (“IIA”) International Standards for the Professional Practice of Internal Auditing and relevant regulatory guidelines. k. GIA continuously conducts awareness programs/training on controls and compliance including controls certification programs to further strengthen staff knowledge (inter & intra department) in creating a robust control and compliance environment. l. GIA was awarded the rating of “Generally Conforms” in an external independent review in 2019 against the requirements of The Institute of Internal Auditors’ (“IIA”) International Standards for Professional Practice of Internal Auditing and the pertinent regulations. m. All related party transactions and audit and non-audit related fees proposed by external auditors or Chief Financial Officer (“CFO”) are reviewed by GBAC. GROUP BOARD AUDIT COMMITTEE (“GBAC”) AND GROUP INTERNAL AUDIT (“GIA”) GROUP RISK MANAGEMENT FRAMEWORK