BIMB Integrated Annual Report 2017

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL • Limit of Authority Matrix The Group has clearly defined lines of authorities to facilitate prompt responses in the continuously evolving business environment, effective supervision of day-to-day business conducts and accountability. The establishment of Limit of Authority (“ LoA ”) matrix clearly outlines the Board and Management’s limits and approval authorities across various key processes. The LoA is duly approved by the Board and subject to regular review and enhancement to ensure it reflects changes in accountability and risk appetite of the Group. • Standard Operating Procedures Documented Standard Operating Procedures (“ SOPs ”) for all departments of BHB and its subsidiaries were approved by the respective Management. The SOPs serves as a day-to-day operational guide to ensure compliance with financial and operational controls as well as the applicable laws and regulations. All SOPs are reviewed and updated regularly to reflect current risks, new regulatory requirements and current operations. • Human Resources Policies and Procedures The Human Resources policies and procedures of BHB and its subsidiaries encompasses areas of human resources management such as the recruitment of new employees based on “fit and proper” criteria, performance appraisals, training and development. • Annual Business Plan and Budgeting Process The Group’s budget is prepared based on the annual business plans of BHB’s key operating subsidiaries. The budget and business plan are approved by the respective Board and subsequently endorsed by BHB’s Board. Actual performances of the subsidiaries are reviewed against the targeted results on a quarterly basis allowing for timely response and corrective actions to be taken to ensure the business targets are met. The subsidiaries’ performances are assessed against the budget, business plans and relevant key financial indicators. • Information Technology (“IT”) System IT is key in supporting the service efficiency and delivery systems of the Group. The IT Risk Framework was developed to ensure that risks are correctly identified and mitigated accordingly. Bank Islam and Takaful Malaysia have developed their IT policies to address issues of security and risk related to IT. The subsidiaries continue to upgrade their IT systems to enhance efficiency of their business operations and services. • Performance Review The Board receives and reviews reports from the Management on the Group’s financial and operational performance, risk management as well as legal and regulatory matters on a quarterly basis. The financial performance presented highlights the key financial indicators of which include amongst others the ratio on profitability, capital adequacy and asset quality. The actual performance of BHB and its key operating subsidiaries are assessed against approved budgets and business plans, key financial indicators as well as industry’s benchmark. The assessment enables the Management to identify any significant deviations and gaps for remedial measures to be implemented where necessary. • Whistle Blowing Policy There is an established process for reporting anyone suspected found to be abusing or circumventing processes and controls. All staff are accorded the opportunity to report via the whistle-blowing mechanism with the assurance that the report will be dealt with confidentially and that the reporter’s identity will be protected. 144 BIMB HOLDINGS BERHAD Integrated Annual Report 2017