Audit and Risk Management Committee - Terms Of Reference (TOR)





Dato’ Anwar Bin Aji

(Independent Non-Executive Director)


Datuk (Dr) Aminar Rashid Bin Salleh

 (Independent Non-Executive Director)

Encik Muhammad Lukman Bin Musa

(Non-Independent Non-Executive Director)

A.            COMPOSITION

1.                  Members

(a)           The Audit and Risk Management Committee (“ARMC”) shall be appointed by the Board of Directors from amongst the Directors of the Company.

(b)          The ARMC shall consist of not less than three members; all shall be non-executive directors, with a majority of them being independent directors.

(c)           All members should be financially literate and are able to understand matters under the purview of the ARMC, including the financial reporting process. 

(d)          At least one member of the ARMC:-

(i)                 must be a member of the Malaysian Institute of Accountants (“MIA”); or

(ii)                if he is not a member of the MIA, he must have at least three years’ working experience and:-

(aa)        he must have passed the examinations specified in Part I of the First Schedule of the Accountants Act 1967; or

(bb)       he must be a member of one of the associations of accountants specified in Part II of the First Schedule of the Accountants Act 1967; or

(iii)         fulfills such other requirements as prescribed or approved by Bursa Malaysia Securities Berhad.

(e)          No Alternate Director shall be appointed as a member of the ARMC.

(f)           The Board of Directors shall through Nominating Committee review the terms of office and performance of the ARMC and each of its members annually to determine whether they have carried out their duties in accordance with their terms of reference.

(g)          Should a vacancy in the ARMC occur resulting in the non-compliance with the Main Market Listing Requirements of Bursa Malaysia Securities Berhad, the Board shall fill the vacancy as soon as it is practicable and, in any event, within 3 months from the date of the vacancy.

(h)          Any former key audit partner of the Company must observed a cooling-off period of at least two years before being appointed as a member of the ARMC. 

2.                  Chairman

The members of the ARMC must elect a Chairman among themselves who is an Independent Director. The Chairman of the ARMC shall not be the Chairman of the Board.

3.            Secretary of the ARMC

The Company Secretaries of the Company or such substitute as appointed by the Directors from time to time shall act as the secretary of the ARMC during the term of his/her appointment.


                The responsibilities and duties of the ARMC are:

(a)           Financial Reporting

(i)                 To review the quarterly and year-end financial statements of the Group and the Company with Management, focusing particularly on:-

  • any changes in or implementation of major accounting policies and practices; 

  • significant matters highlighted including financial reporting issues, significant judgments made by management, significant and unusual events or transactions, and how these matters are addressed; and   

  • compliance with applicable approved accounting standards and other legal and regulatory requirements;

(ii)                To discuss and note any new financial accounting standards that may be adopted into the financial reporting of the Group for any financial year;

(iii)              To prepare the annual Audit Report for inclusion in the Group’s Annual Reports; and

(iv)              To review annually the Board’s Corporate Governance Overview Statement and Statement on Risk Management and Internal Control as required under the Malaysian Code of Corporate Governance 2017 and Bursa Malaysia’s Listing Requirements and Corporate Governance Guide (3rd Edition), for inclusion in the Group’s Annual Reports.

(b)          Internal Control and Risk Management

(i)                 To review policies and parameters proposed by the management for the Groups’ risk management framework comprised of risk profiles, risk registers, risk evaluations, risk ratings, risk attitudes and treatment linking to value creation and the strategic objectives of the Group;

(ii)                To develop and review the risk management framework, risk management policies and procedures, system of internal controls and reporting system proposed by the management and recommend to the Board for approval;

(iii)              To direct the implementation of the risk management framework, policies and procedures, system of internal controls and reporting system approved by the Board;

(iv)              To direct the development of an appropriate risk culture throughout the Group and develop policies and processes to implement the appropriate levels of risk awareness, risk attitudes and risk management within the Group;

(v)               To review the effectiveness of the MBMR Group’s risk management framework and system of internal controls in relation to the core strategic objectives of the Group;

(vi)              To review regular risk management reports from management which enable the Committee to assess the risks involved in the Group’s businesses and how they are controlled and monitored by management;

(vii)            To monitor and review the effectiveness of the risk management function, and to seek such assurance as it may deem appropriate that the function is adequately resourced and has appropriate standing within the group;

(viii)           To consider the risks associated with proposed strategic acquisitions or disposals;

(ix)              To review treasury policies from time to time;

(x)               To review regularly the process for monitoring the group’s compliance with the group’s Standard Operating Procedures;

(xi)              To review the group’s procedures for handling allegations from whistleblowers from time to time;

(xii)            To review the Group’s procedures concerning the prevention and detection of fraud and financial crime;

(xiii)           To review the Group’s arrangements for regulatory compliance and consider any material findings from regulatory reviews;

(xiv)          To ensure that there is proper compliance with the Group’s established internal policies and procedures and that exceptions are reported to the Committee.

(xv)            To review the Group’s procedures and the Group’s annual risk assessment in relation to corruption risk.

(c)           Internal Audit

(i)                 To review the internal audit charter to ensure the appropriate company structures, authority, access and reporting arrangements are in place;

(ii)                To advise the Board on the appointment of the head of internal audit (in the case of an in-house function) and/or recommending a specific appointment (outsourced/ co-sourced) which report directly to the ARMC;

(iii)              To ensure that the internal audit function is adequately resourced and able to function independently in accordance with recognised framework;

(iv)              To assist the Board to ensure that senior management establishes and maintains adequate and effective internal controls;

(v)               To ensure adequate monitoring and review of the effectiveness of the systems established by management to identify, assess, manage and monitor the various risks arising from the company’s activities;

(vi)              To review the internal audit coverage and annual work plan, and monitoring progress of the work plan as well as fees or costs associated with the internal audit function;

(vii)            To advise the Board on the adequacy of internal audit scope, competency and resources to carry out its work and responsibilities, including completion of the approved internal audit plan;

(viii)           To review the internal audit plan, processes, the results of the internal audit assessment and investment undertaken by the internal audit function and monitor management’s implementation of the internal audit recommendations;

(ix)              To review all internal audit reports and advising the CEO (or his equivalent) and the board on significant issues identified in internal audit reports and the action taken on the issues raised, including the identification and dissemination of best practices based on the recommendations of the internal audit function;

(x)               To assist the Board to ensure that appropriate controls are in place for monitoring compliance with laws, regulations and supervisory requirements and relevant internal policies;

(xi)              To periodically review the performance of the internal audit function; and

(xii)            To act as a forum for communication between the Board, senior management and internal audit function.

(d)          Related Party Transactions

(i)                 To review recurrent related party transactions entered into by the Company, Group and its subsidiaries; and

(ii)          To consider any related party transactions and conflict of interest situations that may arise within the Group, including any transaction, procedure or course of conduct that may raise questions of or affect management integrity. 

(e)          External Audit

(i)                 To review and recommend to the board on the appointment, reappointment and removal of the Company’s external auditor, ensure there is a formal process to evaluate the effectiveness and efficiency of the external auditor;

(ii)                To establish policies and procedures to assess the suitability, objectivity and independence of the external auditor which shall include, among others, the following:-

  • the competence, audit quality and resource capacity of the external auditor in relation to the audit;

  • the nature and extent of the non-audit services rendered and the appropriateness of the level of fees; and

  • obtaining written assurance from the external auditor confirming that they are, and have been, independent and impartial throughout the conduct of the audit engagement in accordance with the terms of all relevant professional and regulatory requirements.

(iii)              To establish a formal mechanism to ensure there is frank and candid dialogue with the external auditor;

(iv)              To review with the external auditor, the audit plan;


(v)               To study and evaluate the audit plan, especially the approach to be deployed by the external auditor. The audit plan should include the following:

  • scope of the audit, timing of the audit and reporting deadlines;
  • audit team;
  • key areas of business risk and significant transactions for the group, as appropriate;
  • major accounting systems and systems of internal control to be reviewed;
  • extent of planned testing of controls;
  • areas where contention may arise;
  • nature and extent of audit procedures to be performed, including materiality level;
  • identification or anticipation of significant changes for the financial report as a result of new or revised accounting policies and/or regulatory requirements;
  • locations to be visited and audit procedures to be undertaken in respect of those locations not visited;
  • liaison with subsidiaries’ auditors on consolidation of financial statements;
  • coordination with internal audit to avoid duplication of efforts and to optimise the effectiveness of the audit function efficiency;
  • the extent to which the planned audit scope can be relied upon to detect errors or
  • irregularities (i.e. fraud); and
  • frequency of meetings with the ARMC and any reports or other deliverables the ARMC and management are likely to receive.

(vi)              To review with the external auditor, the firm’s evaluation of the system of internal controls; 

(vii)            To review with the external auditor, the audit report;

(viii)           To review the assistance given by the employees of the listed issuer to the external auditor; 

(ix)              To discuss with the external auditor before the audit commences, the nature and scope of the audit, including the terms as detailed in the external auditor’s engagement letter;

(x)               To discuss and resolve any problems and reservations arising from the interim and final audit of the Group’s financial statements that the external auditor might have, and discuss any matters the external auditor may wish to table (in absence of management where necessary), before recommendation to the Board of Directors for their approval;

(xi)              To review with external auditor the Group’s Statement on Risk Management and Internal Control before recommendation of the same for inclusion into the Group’s Annual Reports;

(xii)            To review the external auditor’s management letters and management’s responses;

(xiii)           To review any letter of resignation from the external auditor of the Company; 

(xiv)          To review whether there is reason (supported by grounds) to believe that the Company’s external auditor is not suitable for re-appointment. 

(xv)            To recommend the nomination of a person or persons as external auditor. 

(f)           Others

(i)                 To have explicit authority to investigate certain matters, with the resources with which it needs to do so, e.g. professional advice, and with full and direct access to information or anyone in the Group;

(ii)                To consider the major findings of any internal investigation and the management’s response;

(iii)              To promptly report to Bursa Malaysia Securities Berhad on matters reported by it to the Board that have not been satisfactorily resolved that may result in a breach of the Listing Requirements of Bursa Malaysia Securities Berhad; 

(iv)              To report its activities, including how it has discharged its responsibilities, to the Board on a regular basis and promptly provide to the Board copies of the the minutes of meetings of the ARMC;

(v)               To undertake other duties as requested by the Board from time to time;

(vi)              To annually review these terms of reference and monitor and evaluate the performance of the ARMC and make recommendations to the Board with regard to any adjustments that are deemed necessary.

(vii)               To establish, maintain and review the anti-corruption policies and procedures.

(g)           Occupational Safety, Health and Environment Compliance

(i)                 To receive regular updates from the Safety and Health Committee regarding compliance with related laws and regulations and monitor such compliance, excluding, however, legal compliance matters subject to the oversight of the Safety and Health Committee.

(ii)                To review the measures taken to ensure the occupational safety and health of persons at the workplace and investigate any related matters arising.

(iii)              To review the findings of any examination of non-compliance by regulatory authorities and internal auditors' observations relating to occupational safety and health matters.

C.            Rights of the ARMC

In performing of its duties and responsibilities, the ARMC shall:-

(a)          have authority to investigate any matter within its terms of reference;

(b)          have the resources which are required to perform its duties;

(c)           have full and unrestricted access to any information pertaining to the listed issuer;

(d)          have direct communication channels with the external auditors and person(s) carrying out the internal audit function or activity;

(e)          be able to obtain independent professional or other advice; and

(f)           be able to convene meetings with the external auditors, the person(s) carrying out the internal audit function or activity or both, excluding the attendance of other directors and employees of the listed issuer, whenever deemed necessary.


1.            Frequency of Meetings

The ARMC shall meet at least four times a year, and additional meetings may be called at any time, at the discretion of the ARMC.

2.            Calling of Meeting

(a)          Any member may at any time, and the financial controller and the Secretary shall on the requisition of any of the members summon a meeting.

(b)          The ARMC meeting may be held at two or more venues within or outside Malaysia using any technology that enable the ARMC members as a whole to participate for the entire duration of the meeting, and that all information and documents for the meeting must be made available to all members prior to or at the meeting. Minutes of the proceedings of such meeting shall be conclusive evidence of the proceedings to which it relates.

3.            Notice

Notice calling for the ARMC meeting shall be given to all its members at least five business days before the meeting or at shorter notice as the ARMC shall determine. A notice of the meeting shall be served to the ARMC either personally or by fax, email, post, courier or any other electronic means provided by the ARMC members.

4.            Quorum

The quorum for the ARMC meeting shall be two (2), the majority members present must be Independent Directors.

5.            Attendance

(a)          The Managing Director/Chief Executive Officer, other Board members, Group Financial Controller, Internal Auditors and representatives of the external auditor will normally attend the meetings upon invitation of the ARMC.

(b)          The ARMC will meet with the External Auditors without the presence of Executive Directors and the management at least once a year. The external auditors have the right to appear and be heard at any meetings of the ARMC and shall appear before it when required to do so by the ARMC.

6.            Voting

A resolution put to a vote at the meeting shall be decided on a show of hands. In the case of an equality of votes, the Chairman shall be entitled to a second or casting vote.

7.            Keeping of Minutes

Minutes of each meeting shall be signed by the Chairman of the meeting at which the proceedings were held and kept as part of the statutory record of the Company. The minutes of each meeting shall be tabled to the Board for notation.

8.            Custody, production and inspection of such minutes

The minutes shall be kept by the Company at the Registered Office or the principal place of business in Malaysia of the Company and shall be open to the inspection of any member of the ARMC without charge.

9.            Written Resolution

A written resolution signed or approved by letter or telefax or facsimile, email or other electronic means by the members of the ARMC shall be valid and effectual as if it had been passed at a meeting of the ARMC duly called, convened, held and constituted. Any such resolution may be executed in any number of counterparts, each signed by one or more members, all of which taken together and when delivered to the Secretary of the ARMC shall constitute one and the same resolution.

Subsidiaries & Associates