Affin Bank Berhad | Annual Report 2020

205 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL AFFIN BANK BERHAD 197501003274 (25046-T) | ANNUAL REPORT 2020 SYSTEMS OF INTERNAL CONTROLS To ensure adequacy and integrity of the Group’s system of internal controls, the Board and Senior Management have established the following processes: a. Clearly defined delegation of responsibilities to committees of the Board and to Management, including organisation structures, functions and appropriate authority levels; b. Risk management framework, business continuity management framework, code of conduct, human resource policies and performance reward system to support business objectives, risk management and the system of internal control; c. Defined policies and procedures to control applications, environment and security of information systems/ technologies/ infrastructure; d. Regular review/ updates of internal policies and procedures, to adapt to dynamic risk profiles and mitigating operational deficiencies; e. Periodic self-assessment of controls and processes by all business and support units for managing key risks; f. Regular senior management meetings to review, identify, discuss and resolve strategic, operational, financial and key management issues/ risks; g. Regular and comprehensive management reports/ updates are made available to the Board on various frequencies, covering financial performance and key business indicators, which allow for effective monitoring of significant variances between actual performance against budgets and plans; and h. Regular reviews of the Group’s activities by the Group Internal Audit, to assess the effectiveness of the control environment and to highlight significant control gaps impacting the Group. i. Escalation Process • The channels of communication and procedures have been established for reporting immediately to the Board and appropriate levels of management any significant control failings or weaknesses that are identified together with details of corrective action being undertaken. • Corrective Action Tracking on resolution of issues/findings highlighted by external audit, Group Internal Audit and regulators, if any, have also been escalated to Group Management Committee Meeting (“GMCM”), GBAC, Shariah Committee (on Islamic Banking only) and BOD. j. Policies/Procedures including Empowerment and Approving Authority Policies • Policies and Procedures covering all functions have been developed throughout the Group and approvals have been obtained from the relevant committees and Board. The policies and procedures are updated timely to incorporate changes to systems, work environment and guidelines issued by regulators. • Empowerment and Approving Authority Policies There is a clearly defined framework and empowerment approved by the main operating subsidiaries’ respective Board for acquisitions and disposals of property, plant and equipment, awarding tenders, applications for capital expenditure, writing off operational and credit items, approving general expenses including donations, gift policy, etc.