BIMB Integrated Annual Report 2017

External Audit Internal Audit BOARD OF DIRECTORS Shariah Supervisory Council BRC GRMC AEC KEY INTERNAL CONTROL STRUCTURE Key processes that the Board has established in reviewing the adequacy and effectiveness of the system of internal controls include the following: • Risk Management Framework The Board has established an organisation structure and charter with clear defined lines of responsibility, authority limits and accountability in association with BHB Group’s business and operational requirements in order to maintain a sound control environment. The key process that the Board has established in reviewing the adequacy and effectiveness of the system of internal controls is outlined in the diagram below:- Risk management is considered an integral part of BHB Group’s day-to-day operations to facilitate BHB in achieving its objectives as well as to protect its shareholders and stakeholders interest. The risk management is embedded in the Group’s key processes and monitored through a Risk Management Dashboard (“ RMD ”) report. The Group’s key operating subsidiaries report their risks via RMD at their BRC six (6) times a year. For BIMB Securities, it reports its risks via the RMD at its AEC on quarterly basis. The Group’s risk management framework seeks to ensure that there is an effective on-going process in place to manage risk across the Group. This process is regularly reviewed by the Board through the BRC which provides oversight over the risk management activities for the Group to ensure that the Group’s risk management process is functioning effectively. The BRC also assists the Board to review the Group’s overall risk management philosophy, frameworks, policies and models. In discharging its overall duties and responsibilities, the BRC is supported by the Group Risk Management Committee which monitors and evaluates the effectiveness of the Group’s risk management system on an on-going basis. In addition to the risk management framework, the Group’s key operating subsidiaries had implemented the Internal Capital Adequacy Assessment Process (“ ICAAP ”) framework to ensure that the Group maintains adequate capital levels consistent with the risk profiles including capital buffers to support the Group’s current and projected demand for capital under existing and stressed conditions. The key operating subsidiaries have each appointed a qualified risk officer who is responsible to monitor, assess and manage the risks associated with the business and operations of the respective subsidiaries. The RMD of the respective subsidiaries are tabled at the GRMC and where relevant subsequently tabled at BHB’s BRC. The BRC or the AEC (as the case may be) of the key operating subsidiaries will escalate and update their respective Board on any new regulatory or statutory requirement that could impact the internal control and the risk management principles, policies, procedures and practices of the Companies and its subsidiaries. 141 Overview Value Creation Accountability Financial Statements Sustainability Performance Data Shareholders Information 21 st AGM Information Management Discussion & Analysis