Page 204 - 56-1 One Report 2022 EN

P. 204

Part 2 Corporate Governance

9. Internal Control and Related Transactions

9.1 Internal Control
A sound system of internal controls is an essential element of good corporate governance. The BOD has established
a n effective internal controls system to manage the key risks that might affect the achievement of the Company’s
objectives. The BOD has delegated the responsibility for monitoring the effectiveness of the Company’s risk
management and internal control systems to the Audit and Risk Committee while the management is responsible
for designing and implementing these systems.

The Company has adopted the Internal Control-Integrated Framework developed by the Committee of Sponsoring
Organizations of the Treadway Commission (COSO) in developing and implementing its internal control system.
The Internal Control Framework has five components, which are as follows:

1 ) Control Environment: the set of standards, processes, and structures that provide the basis for
implementing internal controls across the Company. The key elements of the Company’s control environment are
as follows:
 The BOD acts independently from the Management and demonstrates relevant knowledge and
expertise in carrying out its oversight responsibilities. The BOD has clearly defined its retained authority and the
authority delegated to the CEO and executives.

 The BOD and the Management at all levels demonstrate, through their directives, actions, and behavior,
the importance of integrity and ethical values to support the functioning of the internal control system. Codes of
conduct have also been drawn up as guidelines for all directors, executives, and employees.
 The CEO and the executives have clearly established the organizational structure, reporting lines,
responsibilities, and delegated approval authority along with enforced accountability for the performance of internal
control responsibilities at all levels of the organization. The appropriateness of these is reviewed regularly.
 The Company has established policies and practices, along with appropriate performance
measurement and incentives for attracting, developing, and retaining competent employees. In addition,
succession plans are implemented for the Company’s key positions.

2) Risk Assessment: the Company conducts its business within its defined risk appetite The risks that may
affect the achievement of the Company’s objectives, the potential risk of fraud, and changes in the external and
internal environments have been identified and assessed across the Company in order to determine the appropriate
mitigation measures.

All the Company’s executives and staff are risk owners who are responsible for identifying and assessing the
risks in their business areas as part of the annual strategic and business plans, day-to-day management, decision-
making, and project management process.

3) Control Activities: the Company has deployed the control activities through policies and procedures,
including the implementation of ISO in the working processes to be more effective and efficient. The Company’s
control activities are performed at all levels of the Company and various business processes. The control activities
include authorization and approval, verification, reconciliation, segregation of duties, business performance

Part 2 page 80

199 200 201 202 203 204 205 206 207 208 209