Board Audit and Risk Management Committee - Terms Of Reference


This Terms of Reference (“TOR”) identifies the purpose, composition, authority, procedures, and the duties and responsibilities of the MBM Resources Berhad (“MBMR” or “the Company”) Board Audit and Risk Management Committee (“ARMC”).

The details of the current members of the ARMC can be found here: Audit and Risk Management Committee


Pursuant to the Bursa Malaysia Securities Berhad (“the Exchange”)’s Main Market Listing Requirements (“MMLR”) and the Malaysian Code on Corporate Governance 2017 (“MCCG 2017”), the Company’s establishment of an Audit Committee is compulsory and necessary.

The primary function of the ARMC is to provide assistance to the Board of Directors of MBMR (“the Board”) in fulfilling its statutory and fiduciary responsibilities in ensuring that the Company is in compliance with regulatory requirements in all material aspects of its accounting and financial reporting processes, the quality of financial disclosures including oversight of the activities of the Company’s Management and the External Auditor appointed by the Board.

The Committee’s objectives are as follows:

(a)                To ensure the integrity of the Company’s financial statements and disclosures as well as related accounting and financial reporting processes;

(b)               To determine that the Company has adequate administrative, operational and internal accounting controls and that the Company is operating in accordance to its prescribed procedures, codes of conduct and applicable legal and regulatory requirements;

(c)                Serve as an independent and objective party in the review of the financial information presented by the Management for distribution to shareholders and the general public;

(d)               Provide direction and oversight over the Internal Audit function and the External Auditor to enhance their independence from the Management; and

(e)                To oversee the development, implementation and execution of the Company’s risk management framework and processes in identifying, managing and monitoring risks of the Company and its business.


3.1 Members

(a)             The ARMC members shall be appointed by the Board from amongst the Directors of the Company.

(b)            The ARMC shall consist of not less than three members; all shall be Non-Executive Directors, with a majority of them being Independent Directors[1].

(c)             All members should be financially literate and are able to understand matters under the purview of the ARMC, including the financial reporting process and should undertake continuous professional development to keep themselves abreast of relevant development in accounting and auditing standards, practices and rules[2]

(d)            At least one member of the ARMC:-

(i)        must be a member of the Malaysian Institute of Accountants (“MIA”); or

(ii)       if he is not a member of the MIA, he must have at least three years’ working experience and:-

(aa)        he must have passed the examinations specified in Part I of the First Schedule of the Accountants Act 1967; or

(bb)       he must be a member of one of the associations of accountants specified in Part II of the First Schedule of the Accountants Act 1967; or

(iii)  fulfills such other requirements as prescribed or approved by the Exchange[3].

(e)             No Alternate Director shall be appointed as a member of the ARMC[4].

(f)           The Board shall through Nominating and Remuneration Committee review the terms of office and performance of the ARMC and each of its members annually to determine whether they have carried out their duties in accordance with their TOR[5].

(g)          Should a vacancy in the ARMC occur resulting in the non-compliance with the MMLR, the Board shall fill the vacancy as soon as it is practicable and, in any event, within three months from the date of the vacancy[6].

(h)         Any former key audit partner of the Company must observe a cooling-off period of at least two years before being appointed as a member of the ARMC[7]

3.2 Chairman

The members of the ARMC must elect a Chairman among themselves who is an Independent Director. The Chairman of the ARMC shall not be the Chairman of the Board [8].

3.3 Secretary

The Company Secretaries of the Company or such substitute as appointed by the Directors from time to time shall act as the secretary of the ARMC during the term of his/her appointment.


4.1 Financial Reporting

(i)            To review the quarterly and year-end financial statements of the Group and the Company with the Management, focusing particularly on:-

  • any changes in or implementation of major accounting policies and practices[9];
  • significant matters highlighted including financial reporting issues, significant judgments made by the Management, significant and unusual events or transactions, and how these matters are addressed[10]; and
  • compliance with applicable approved accounting standards and other legal and regulatory requirements[11];

(ii)          To discuss and note of any new financial accounting standards that may be adopted into the financial reporting of the Group for any financial year;

(iii)         To prepare the annual Audit Report for inclusion in the Group’s Annual Reports; and

(iv)        To review annually the Board’s Corporate Governance Overview Statement and Statement on Risk Management and Internal Control as required under the MCCG 2017, MMLR and Corporate Governance Guide (3rd Edition), for inclusion in the MBMR Group’s Annual Reports.

4.2 Internal Control and Risk Management

(i)               To review policies and parameters proposed by the Management for the Groups’ risk management framework comprised of risk profiles, risk registers, risk evaluations, risk ratings, risk attitudes and treatment linking to value creation and the strategic objectives of the Group;

(ii)             To develop and review the risk management framework, risk management policies and procedures, system of internal controls and reporting system proposed by the Management and recommend to the Board for approval;

(iii)            To direct the implementation of the risk management framework, policies and procedures, system of internal controls and reporting system approved by the Board;

(iv)           To direct the development of an appropriate risk culture throughout the Group and develop policies and processes to implement the appropriate levels of risk awareness, risk attitudes and risk management within the Group;

(v)             To review the effectiveness of the MBMR Group’s risk management framework and system of internal controls in relation to the core strategic objectives of the Group;

(vi)           To review regular risk management reports from the Management which enable the ARMC to assess the risks involved in the Group’s businesses and how they are controlled and monitored by the Management;

(vii)          To monitor and review the effectiveness of the risk management function, and to seek such assurance as it may deem appropriate that the function is adequately resourced and has appropriate standing within the Group;

(viii)        To consider the risks associated with proposed strategic acquisitions or disposals;

(ix)            To review treasury policies from time to time;

(x)             To review regularly the process for monitoring the Group’s compliance with the Group’s Standard Operating Procedures;

(xi)            To review the Group’s procedures for handling allegations from whistle-blowers from time to time;

(xii)          To review the Group’s procedures concerning the prevention and detection of fraud and financial crime;

(xiii)         To review the Group’s anti-bribery and anti-corruption policy, procedures and processes and monitor its implementation to ensure adequate measures are taken in accordance with relevant guidelines and recommendations;

(xiv)        To review the Group’s arrangements for regulatory compliance and consider any material findings from regulatory reviews; and

(xv)          To ensure that there is proper compliance with the Group’s established internal policies and procedures and that exceptions are reported to the Board.

4.3   Internal Audit

(i)            To review the internal audit charter to ensure the appropriate company structures, authority, access and reporting arrangements are in place;

(ii)          To advise the Board on the appointment of the head of internal audit (in the case of an in-house function) and/or recommending a specific appointment (outsourced/ co-sourced) which report directly to the ARMC;

(iii)         To ensure that the internal audit function is adequately resourced and able to function independently in accordance with recognised framework[12];

(iv)        To assist the Board to ensure that the Management establishes and maintains adequate and effective internal controls;

(v)          To ensure adequate monitoring and review of the effectiveness of the systems established by the Management to identify, assess, manage and monitor the various risks arising from the Company’s activities;

(vi)        To review the internal audit coverage and annual work plan, and monitoring progress of the work plan as well as fees or costs associated with the internal audit function;

(vii)       To advise the Board on the adequacy of internal audit scope, competency and resources to carry out its work and responsibilities, including completion of the approved internal audit plan[13];

(viii)     To review the internal audit plan, processes, the results of the internal audit assessment and investigation undertaken by the internal audit function and monitor the Management’s implementation of the internal audit recommendations[14];

(ix)         To review all internal audit reports and advising the CEO (or his equivalent) and the Board on significant issues identified in internal audit reports and the action taken on the issues raised, including the identification and dissemination of best practices based on the recommendations of the internal audit function;

(x)          To assist the Board to ensure that appropriate controls are in place for monitoring compliance with laws, regulations and supervisory requirements and relevant internal policies;

(xi)         To periodically review the performance of the internal audit function; and

(xii)       To act as a forum for communication between the Board, the Management and the Internal Auditor.

4.4 Related Party Transactions

(i)            To review recurrent related party transactions entered into by the Company, Group and its subsidiaries; and

(ii)          To review any related party transactions and conflict of interest situations that may arise within the Group, including any transaction, procedure or course of conduct that may raise questions of management integrity[15]

4.5 External Audit

(i)           To review and recommend to the Board on the appointment, reappointment and removal of the Company’s External Auditor, ensure there is a formal process to evaluate the effectiveness and efficiency of the External Auditor;

(ii)          To establish policies and procedures to assess the suitability, objectivity and independence of the External Auditor which shall include, among others, the following[16]:-

  • the competence, audit quality, resource capacity and timeliness of the External Auditor in relation to the audit;
  • the nature and extent of the non-audit services rendered and the appropriateness of the level of fees; and
  • obtaining written assurance from the External Auditor confirming that they are, and have been, independent and impartial throughout the conduct of the audit engagement in accordance with the terms of all relevant professional and regulatory requirements.

(iii)         To establish a formal mechanism to ensure there is frank and candid dialogue with the External Auditor;

(iv)        To review with the External Auditor, the audit plan[17];

(v)          To study and evaluate the audit plan, especially the approach to be deployed by the External Auditor. The audit plan should include the following:-

  • scope of the audit, timing of the audit and reporting deadlines;
  • audit team;
  • key areas of business risk and significant transactions for the Group, as appropriate;
  • major accounting systems and systems of internal control to be reviewed;
  • extent of planned testing of controls;
  • areas where contention may arise;
  • nature and extent of audit procedures to be performed, including materiality level;
  • identification or anticipation of significant changes for the financial report as a result of new or revised accounting policies and/or regulatory requirements;
  • locations to be visited and audit procedures to be undertaken in respect of those locations not visited;
  • liaison with subsidiaries’ auditors on consolidation of financial statements;
  • coordination with internal audit to avoid duplication of efforts and to optimise the effectiveness of the audit function efficiency;
  • the extent to which the planned audit scope can be relied upon to detect errors or irregularities (i.e. fraud); and
  • frequency of meetings with the ARMC and any reports or other deliverables the ARMC and the Management are likely to receive.

(vi)        To review with the External Auditor, the firm’s evaluation of the system of internal controls[18];

(vii)       To review with the External Auditor, the audit report[19];

(viii)     To review the assistance given by the employees of the Company to the External Auditor[20];

(ix)         To discuss with the External Auditor before the audit commences, the nature and scope of the audit, including the terms as detailed in the External Auditor’s engagement letter;

(x)          To discuss and resolve any problems and reservations arising from the interim and final audit of the Group’s financial statements that the External Auditor might have, and discuss any matters the External Auditor may wish to table (in absence of the Management where necessary), before recommendation to the Board for their approval;

(xi)         To review with External Auditor the Group’s Statement on Risk Management and Internal Control before recommendation of the same for inclusion into the Group’s Annual Reports;

(xii)       To review the External Auditor’s management letters and the Management’s responses;

(xiii)      To review any letter of resignation from the External Auditor of the Company[21];

(xiv)     To review whether there is reason (supported by grounds) to believe that the Company’s External Auditor is not suitable for re-appointment[22]; and

(xv)       To recommend the nomination of a person or persons as External Auditor[23].

4.6 Occupational Safety, Health and Environmental Compliance

(i)            To receive regular updates from the Safety and Health Committee regarding compliance with related laws and regulations and monitor such compliance, excluding, however, legal compliance matters subject to the oversight of the Safety and Health Committee.

(ii)          To review the measures taken to ensure the occupational safety and health of persons at the workplace and investigate any related matters arising.

4.7 Others

(i)            To have explicit authority to investigate certain matters, with the resources with which it needs to do so, e.g. professional advice, and with full and direct access to information or anyone in the Group;

(ii)          To consider the major findings of any internal investigation and the Management’s response;

(iii)         To promptly report to the Exchange on matters reported by it to the Board that have not been satisfactorily resolved that may result in a breach of the MMLR[24];

(iv)        To report its activities, including how it has discharged its responsibilities, to the Board on a regular basis and promptly provide to the Board copies of the minutes of meetings of the ARMC; and

(v)          To undertake other duties as requested by the Board from time to time.


In performing of its duties and responsibilities, the ARMC shall:-

(a)          Have authority to investigate any matter within its TOR;

(b)         Have the resources which are required to perform its duties;

(c)          Have full and unrestricted access to any information pertaining to the Company;

(d)         Have direct communication channels with the External Auditor and person(s) carrying out the internal audit function or activity;

(e)          Be able to obtain independent professional or other advice; and

(f)           Be able to convene meetings with the External Auditor, the person(s) carrying out the internal audit function or activity or both, excluding the attendance of other Directors and employees of the Company, whenever deemed necessary.


6.1 Frequency of Meetings

The ARMC shall meet at least four times a year, and additional meetings may be called at any time, at the discretion of the ARMC.

6.2 Calling of Meeting

(a)          Meetings of ARMC shall be called by the Secretary at the request of the ARMC Chairman or any member of ARMC.

(b)         The ARMC meeting may be held at two or more venues within or outside Malaysia using any technology that enable the ARMC members as a whole to participate for the entire duration of the meeting, and that all information and documents for the meeting must be made available to all members prior to or at the meeting. Minutes of the proceedings of such meeting shall be conclusive evidence of the proceedings to which it relates.

6.3 Notice

Unless otherwise agreed, notice for calling the ARMC meeting shall be given to all its members at least five business days before the meeting or at shorter notice as the ARMC shall determine. An agenda of items to be discussed together with its supporting papers shall be sent to the ARMC and other attendees as appropriate, at the same time. The notice of each meeting shall be served to the members of the ARMC either personally or by fax, email, post, courier or any other electronic means[25].

6.4 Quorum

The quorum for the ARMC meeting shall be two (2), the majority members present must be Independent Directors[26].

6.5 Attendance

(a)          The Managing Director/Chief Executive Officer, other Board members, Group Chief Financial Officer, Internal Auditor and representatives of the External Auditor will normally attend the meetings upon invitation of the ARMC[27].

(b)         The ARMC will meet with the External Auditor without the presence of Executive Directors and the Management at least once a year. The External Auditor have the right to appear and be heard at any meetings of the ARMC and shall appear before it when required to do so by the ARMC.

6.6 Voting

A resolution put to a vote at the meeting shall be decided on a show of hands. In the case of an equality of votes, the Chairman shall be entitled to a second or casting vote except where two (2) members form a quorum, the chairperson of a meeting at which only such a quorum is present, or at which only two (2) members are competent to vote on the question at issue shall not have a casting vote[28] and such matters shall be referred to the Board for decision.

6.7 Minutes of Meetings

The Secretary shall minute the proceedings and resolutions of all ARMC meetings, including the names of those present and in attendance. The draft minutes of ARMC meetings shall be circulated promptly to all members of the ARMC.

The minutes of each meeting shall be signed by the Chairman of the meeting at which the proceedings were held and kept as part of the statutory records of the Company. The minutes of each meeting shall be tabled to the Board for notation.

The minutes shall be kept by the Company at the Registered Office and/or the principal place of business in Malaysia of the Company and shall be open to the inspection of any member of the ARMC without charge.

6.8 Written Resolution

A written resolution signed or approved by letter or telefax or facsimile, email or other electronic means by the members of the ARMC shall be valid and effectual as if it had been passed at a meeting of the ARMC duly called, convened, held and constituted. Any such resolution may be executed in any number of counterparts, each signed by one or more members, all of which taken together and when delivered to the Secretary of the ARMC shall constitute one and the same resolution.

6.9  Conflict of Interest

ARMC members should proactively declare any matter at the outset of each meeting, any potential conflict of interest relating to the affairs of the ARMC. Depending on the nature, extent and potential duration of the conflict-of-interest situation, the Chairman of the ARMC should then determine an appropriate course of action with the said member which may include requiring the member to abstain from deliberation and decision making.


The ARMC should at least annually perform a review and an evaluation of its performance to ensure that it is meeting its responsibilities as set forth in this TOR. Findings from this review and evaluation process shall be presented to the Board for consideration and notation.

The review should specifically include consideration of the following:

(a)    Frequency and timeliness of ARMC meetings.

(b)   Adequacy and quality of information and materials provided to the ARMC.

(c)    Effectiveness of the ARMC in carrying out the duties as set out in this TOR.

(d)   Contribution of each individual ARMC member.

(e)    Appropriateness and adequacy of this TOR.

The ARMC should also recommend to the Board such changes to this TOR in such manner as the ARMC deems appropriate to ensure that it remains consistent with the ARMC’s objectives, the Company’s Constitution and existing regulatory requirements and recommendations.

- End -

[1] Paragraph 15.09(1)(a) & (1)(b) of MMLR

[2] Practice 8.5 of MCCG 2017

[3] Paragraph 15.09(1)(c) of MMLR

[4] Paragraph 15.09(2) of MMLR

[5] Paragraph 15.20 of MMLR

[6] Paragraph 15.19 of MMLR

[7] Practice 8.2 of MCCG 2017

[8] Paragraph 15.10 of MMLR and Practice 8.1 of MCCG 2017

[9] Paragraph 15.12(1)(g)(i) of MMLR

[10] Paragraph 15.12(1)(g)(ii) of MMLR

[11] Paragraph 15.12(1)(g)(iii) of MMLR

[12] Practice 10.1 and 10.2 of MCCG 2017

[13] Paragraph 15.12(1)(e) of MMLR

[14] Paragraph 15.11(1)(f) of MMLR

[15] Paragraph 15.12(1)(h) of MMLR

[16] Practice 8.3 of MCCG 2017

[17] Paragraph 15.12(1)(a) of MMLR

[18] Paragraph 15.12(1)(b) of MMLR

[19] Paragraph 15.12(1)(c) of MMLR

[20] Paragraph 15.12(1)(d) of MMLR

[21] Paragraph 15.12(1)(i) of MMLR

[22] Paragraph 15.12(1)(j) of MMLR

[23] Paragraph 15.12(2) of MMLR

[24] Paragraph 15.16 of MMLR

[25] Practice 1.5 of MCCG 2017

[26] Paragraph 15.18 of MMLR

[27] Paragraph 15.13 of MMLR

[28] Clause 102(7) of the Constitution

Subsidiaries & Associates