Annual Report 2020

INTERNAL CONTROLS • By way of discussions with key Senior Management and through the review of the process undertaken by the GIAD and the External Auditors, evaluated the overall adequacy and effectiveness of: • the system of internal controls, including controls within information technology; • the Group’s finance, accounting and audit organisations and personnel; and • the Group’s policies and compliance procedures with respect to business practices. • Reviewed the establishment of policies and procedures relating to anti-bribery and anti-corruption to prevent the offences under the Malaysian Anti-Corruption Commission (MACC) Act 2009 and such other applicable anti-bribery and anti-corruption laws in jurisdictions where the Group operates. • Regular reviews were conducted to access the performance, efficiency and effectiveness of the ABAC Policies. • Reviewed the employee code of business practice, vendor code of business practice, the whistleblowing policy and the outcome of any cases investigated. ANNUAL REPORT • Further information on the summary of the AC activities in discharging its functions and duties for the Financial Year and how it has met its responsibilities are provided in the Corporate Governance (“CG”) Report in accordance with Practice 8.5 of the Malaysian Code on Corporate Governance (“MCCG”). • The AC has reviewed the Statement of Risk Management and Internal Control and the Statement of Corporate Governance prior to their inclusion in the Group’s Annual Report. ANNUAL REVIEW OF THE TERMS OF REFERENCE OF THE AUDIT COMMITTEE • Reviewed and assessed the adequacy of the terms of reference of the AC on annually, and where necessary, obtained the assistance of the Management, Group’s External Auditors and external legal counsel, and recommended changes to the Board for approval. INTERNAL AUDIT FUNCTION The Group has a well-established in-house GIAD to assist the AC in carrying out its functions. The GIAD maintains its independence through reporting directly to the AC. The GIAD plans and provides supervision on internal audit services across all subsidiaries and associated companies in the Group, including the various Airline Operating Companies (“AOCs”). The internal audit teams in the respective AOCs have a reporting line to the Group Head, GIAD. The GIAD reviews and compiles their reports in the form of a Group Internal Audit Report to be submitted and presented to the AC for its review and deliberation. The GIAD is guided by its Internal Audit Charter that provides independence and reflects the roles, responsibilities, accountability and scope of work of the department and aligned with the International Professional Practice Framework (“IPPF”) on Internal Auditing issued by the Institute of Internal Auditors. The Group Head, GIAD reports functionally to the AC and administratively to the CEO of AAGB. The principal responsibility of the GIAD is to undertake regular and systematic reviews of the systems of internal controls so as to provide reasonable assurance that the systems continue to operate efficiently and effectively. The GIAD adopts a risk- based audit methodology with reference to the five elements of the Committee of Sponsoring Organisations of the Treadway Commission (“COSO”) i.e. control environment, risk assessment, control activity, information and communication as well as monitoring, to develop its audit plans by determining the priorities of the internal audit activities, consistent with the strategies of the Group. Based on risk assessments performed, greater focus and appropriate review intervals are set for higher risk activities, and material internal controls, including compliance with AAGB’s policies, procedures and regulatory responsibilities. The audits cover the review of the adequacy of risk management, the strength and effectiveness of the internal controls, compliance to both internal and statutory requirements, governance and management efficiency, among others. The audit reports, which provide the results of audits conducted, are submitted to the AC for review. Key control issues and recommendations are highlighted to enable the AC to execute its oversight function. Areas for improvement and audit recommendations are also forwarded to the Management for their attention and further action. The Management is responsible for the implementation of corrective actions within the required time frame. On 25 January 2021, GIAD confirmed its organisational 149 ANNUAL REPORT 2020