KIM HENG OFFSHORE & MARINE HOLDINGS LIMITED
ANNUAL REPORT 2014
38
CORPORATE
GOVERNANCE REPORT
The Management is responsible to the Board for the design, implementation and monitoring of the Group’s
risk management and internal control systems and to provide the Board with a basis to determine the
Group’s level of risk tolerance and risk policies. The Board acknowledges that it is responsible for reviewing
the adequacy and effectiveness of the Group’s risk management and internal control systems including
financial, operational, compliance and information technology controls. The Board also recognises its
responsibilities in ensuring a sound system of internal controls to safeguard the Company’s shareholders’
investments and the Group’s assets.
The Group has established an Enterprise Risk Management (“
ERM
”) framework for identification of key
risks within the business and has adopted the use of risk register and summary of comfort matrices to
document the identified risks as well as taking appropriate measures to control and mitigate these risks. The
Management regularly reviews and updates the Board on the Group’s business and operational activities in
respect of the key risk control areas including financial, operational, compliance and information technology
controls and continues to apply appropriate measures to control and mitigate these risks. All significant
matters were highlighted to the Board and the ARC for further discussion. The Board and the ARC also
work with the internal auditors, the external auditors and the Management on their recommendations to
institute and execute relevant controls with a view to managing such risks.
The Company has engaged PricewaterhouseCoopers LLP (“
PWC
”) as the outsourced internal auditors who
will carry out internal audit reviews and perform gap analysis on the ERM, as part of the annual internal
audit plan approved by the ARC.
Based on the internal controls established and maintained by the Group, work performed by the internal
auditors and the external auditors, and reviews performed by the Management, the Board with the
concurrence of the ARC, is of the opinion that the Group’s risk management and internal control systems put
in place during the financial year to address financial, operational, compliance and information technology
risks, are adequate. The Board has received assurances from the CEO and the Chief Financial Officer
(“
CFO
”) that:
(a) the financial records of the Group have been properly maintained and the financial statements for
FY2014 give a true and fair view of the Group’s operations and finances are prepared in accordance
with the relevant accounting standards; and
(b) the Company’s risk management and internal control systems are adequate and effective.
The Board notes that the system of internal controls is designed to manage, rather than to eliminate, the
risk of failure in achieving business objectives, and that no system of risk management and internal control
can provide absolute assurance against the occurrence of errors, losses, fraud or other irregularities and
the containment of business risk. Nonetheless, the Board believes its responsibility of overseeing the
Group’s risk management framework and policies are well supported. The Board will look into the need for
establishment of a separate board risk committee at the relevant time.
Audit & Risk Committee
Principle 12: The Board should establish an Audit Committee with written terms of reference which
clearly set out its authority and duties.
During the year, the Board has expanded the function of the AC to include risk management functions and
responsibility and renamed the AC as “Audit & Risk Committee” (“
ARC
”).
