1 157 Table of Contents 159 301

Annual Report 2020

AUDIT COMMITTEE The Audit Committee (“AC”) monitors the adequacy and effectiveness of the system of internal controls through a review of the results of work performed by the Group Internal Audit Department (“GIAD”) and External Auditors and discussions with Senior Management. The AC, established by the Board in the year 2018, comprises two (2) Independent Non-Executive Directors and one (1) Non-Independent Non-Executive Director. The AC Report is disclosed on pages 147 to 150 of this Annual Report. The duties and responsibilities of the AC are set out in its Terms of Reference which is available on AAGB’s corporate website at (https://ir.airasia.com/misc/terms-of-reference-of-audit-committees.pdf) . GROUP INTERNAL AUDIT DEPARTMENT The GIAD regularly reviews the Group’s systems of internal controls and evaluates the adequacy and effectiveness of the controls, risk management and governance processes implemented by Management. It integrates a risk-based approach in determining the auditable areas and frequency of audits. The annual audit plan for the Group is reviewed and approved by the AC. GIAD is guided by its Internal Audit Charter that provides independence and reflects the roles, responsibilities, accountability and scope of work of the department. For any significant gaps identified in the governance processes, risk management processes and controls during the engagements, GIAD provides recommendations to Management to improve their design and effectiveness of controls where applicable. The GIAD’s functions are disclosed in the AC Report on pages 149 to 150 of this Annual Report. ENTERPRISE RISK MANAGEMENT FRAMEWORK The ERM framework standardises the process of identifying, evaluating and managing risks faced by the Group for the Financial Year. The ERM framework covers the following key features: • Roles and responsibilities of the RMC, RMD, Management and departments • Guidance on risk management processes and associated methodologies and tools • Guidance on risk register and controls assessments • Guidance on business impact analysis The Group has established a structured process for risk management and reporting within the ERM framework as follows: • The first line of defence is provided by Management and departments which are accountable for identifying and evaluating risks under their respective areas of responsibilities • The second line of defence is provided by the RMD and RMC which are responsible for facilitating and monitoring risk management process and reporting • The third line of defence is provided by the GIAD which provides assurance on the effectiveness of the ERM framework A key component of the ERM framework is Business Continuity Management and the Group has established business continuity plans which enable it to respond effectively in the event of a crisis and to prevent significant disruption to operations. Statement onRiskManagement & Internal Control 152 AIRASIA GROUP BERHAD

RkJQdWJsaXNoZXIy ODU0MjU5