142 FGV HOLDINGS BERHAD ABOUT FGV MANAGEMENT DISCUSSION & ANALYSIS VALUE CREATION Statement on Risk Management and Internal Controls PANDEMIC The uncertainties of COVID-19 pandemic remains a key risk to our operations with shutdowns of operational sites, loss of productivity, challenges in supply and logistics, and corresponding loss of earnings. As new variants of the coronavirus may appear in the near future, pandemic risk to our business cannot be downplayed despite the pandemic going into its third year in 2022. Various mitigation measures have been put in place including tracking and ramping up vaccination rates among our workers through close collaboration with the relevant Government agencies, establishment of quarantine and isolation centres in estates, as well as strict compliance to the Standard Operation Procedures (SOPs) established by the Government. CYBER SECURITY With the increasing digitalisation of economies and the virtualisation of day-to-day business, all companies face heightened cyber threats. Operability and security of Information Technology (IT) systems may fail from among others cyber related attacks, espionage and poor user attitudes. Undesirable systems interruptions could compromise operational efficiency and potentially result in financial losses. In order to mitigate and defend against cyber threats, FGV undertakes a range of cybersecurity programmes to protect our assets and information of our business. FGV has an approved IT Security Framework based on ISO 27001, which amongst others involves channel encryption for web services, server hardening and encryption, security penetration test for IT infrastructure and applications, and education on security related attacks. During the year, the Board had engaged an independent consultant to review and enhance FGV’s readiness on cyber security. INTERNAL CONTROL FRAMEWORK The key elements of FGV’s internal control framework established by the Board are as follows: THE GROUP’S CORE VALUES The Group’s corporate culture is embedded in its core values of Partnership, Respect, Integrity, Dynamism and Enthusiasm (PRIDE). These core values are integral in building an ethical and high performance culture to achieve the Group’s vision and support its business objectives and goals. All employees are made aware of these values to set the right conduct and culture within the Group. The PRIDE elements form a part of the annual performance assessment of the employees and account for 40% of the overall score. Code of Business Conduct and Ethics for employees FGV has in place a Code of Business Conduct and Ethics for Employees (COBCE). The COBCE guides our employees in embracing the Group’s values and adhering with applicable laws and regulations through honest, transparent and ethical business practices. Whistleblowing Policy The Group’s Whistleblowing Policy was established in 2012 and has been reviewed annually with the latest revision in November 2020. The policy provides a dedicated channel for employees and stakeholders to disclose or raise genuine concerns on possible improprieties, improper conduct or other malpractices, in a transparent and confidential manner without fear of punishment or unfair treatment. The policy also provides the platform by which whistleblowing complaints received are acted on through proper channels as well as protection to whistleblowers. Anti-Bribery Management System To signify FGV’s stance on zero tolerance towards bribery and corruption, FGV has an ISO-certified Anti-Bribery Management System (ABMS) in place to uphold a high level of ethical business conduct and integrity, as adequate measures in compliance with Section 17A of the Malaysian Anti-Corruption Commission (MACC) Act to protect itself from bribery and corruption risk. ORGANISATIONAL STRUCTURE WITH FORMALLY DEFINED RESPONSIBILITY LINES AND DELEGATION OF AUTHORITY FGV has a defined organisational structure that sets out the delineation of roles and responsibilities of the positions within FGV to enable swift responses to changes in the evolving business environment, effective supervision and coordination of day-to-day business undertakings. The Group’s Limit of Authorities (LOA) is the core reference for delegations of authorities of the Group’s day-to-day operation through empowering various levels of Management to make decisions and execute the Group’s business transactions within the Board’s risk tolerance. The LOA defines the approval levels for budgeted, non-budgeted, capital and non-capital expenditures, and investments. The Group’s LOA is continually reviewed and updated to ensure its applicability for operational expediency and alignment with the Group’s other policies.
RkJQdWJsaXNoZXIy NDgzMzc=