Annual Report 2020

Statement onRiskManagement & Internal Control INTERNAL CONTROL FRAMEWORK The following key internal control structures (including the AC and the GIAD disclosed above) are in place to assist the Board to maintain a proper internal control system: Board Governance The Board has governance over the Group’s operations. The Board is kept updated on the Group’s activities and operations on a timely and regular basis through Board meetings with a formal agenda on matters for discussion. The Board of AAGB has established four (4) committees, namely the AC, RMC, Nomination and Remuneration Committee and SRB to assist it in executing its governance responsibilities. Further information on the various Board Committees is provided in the Corporate Governance Overview Statement from pages 139 to 146 of this Annual Report. Senior Management Responsibilities Regular management and operations meetings are conducted by Senior Management, which comprises the Chief Executive Officer (“CEO”), President (Airlines) and President (AirAsia Digital), Group Chief Operations Officer (“GCOO”) of AAGB, Group Chief Financial Officer (“GCFO”) of AAGB, CEOs of various airline and non-airline operating companies, and Heads of Department. The Boards of our associated companies include our representatives. Information on the financial performance of our associated companies is provided regularly to the Management and Board of the Company via regular management reports and presentations at Board meetings. In respect to the joint ventures entered into by the Group, the Management of the joint ventures, which consist of representatives from the Group and other joint venture partners, are responsible to oversee the administration, operation and performance of the joint ventures. Financial and operational reports of the joint ventures are provided regularly to the Management of the Company. Segregation of Duties Segregation of duties is embedded in the key business processes. The Group has in place a system to ensure there are adequate risk management, financial and operational policies and procedures. Internal Policies and Procedures Policies, procedures and processes governing AAGB’s businesses and operations are documented and readily made available to employees across the Group on AAGB’s intranet portal. These policies, procedures and processes are reviewed and updated by the business and functional units through a structured and standardised process of review. This is to ensure that appropriate management controls are in place to manage risks arising from changes in legal and regulatory requirements as well as the business and operational environment. Financial Budgets A detailed budgeting process has been established requiring all Heads of Department to prepare budgets and business plans annually for deliberation and approval by the Board. In addition, AAGB has a reporting system on actual performance against the approved budgets, which requires explanations for significant variances and plans by Management to address such variances. People Management The Group acknowledges that a robust risk management and internal control system is dependent on its employees applying responsibility, integrity and good judgment to their duties. As such, the Group has in place policies and procedures that govern its recruitment, appointment, performance management, compensation and reward mechanisms as well as policies and procedures that govern discipline, termination and dismissal of employees and ensures compliance of the same with all applicable laws and regulations. 156 AIRASIA GROUP BERHAD