Axiata Group Berhad | Annual Report 2016

GOVERNANCE

098

(c) BAC

The primary function of the BAC is to assist the Board in

fulfilling its statutory and fiduciary responsibilities. The BAC

will review the financial statements and financial reporting

process, the system of internal controls, management

of enterprise risk, the audit process and the process for

monitoring compliance with law and regulations including

Bursa Securities requirements and the company’s Code of

Conduct.

It has direct access to the internal and external auditors and

full discretion to invite any Director to attend its meetings.

Further details of the BAC are stated under the BAC Report

section of this Annual Report.

In 2016, the Cyber Security Steering Committee (“CSSC”)

was established as a sub-committee of the BAC focusing on

the accelerated implementation of cybersecurity initiatives,

for example, the establishment of the Cyber Security

Operation Centre (“CSOC”) and Cyber Security Posture

Assessment in the Group and ensuring a standardised and

aligned implementation across the Group.

(d) BNC

Please refer to the Statement on Corporate Governance

section of this Annual Report.

(e) BRC

Please refer to the Statement on Corporate Governance

section of this Annual Report.

1.3 Senior Leadership Team (SLT)

The SLT is committed to the identification, monitoring and

management of risks associated with its business activities. The

GCEO andManagement are ultimately responsible to the Board for

the Group’s system of internal control and risk management. Each

business unit is responsible and accountable for implementing

procedures and controls to manage risks within its business.

1.4 Organisation Structure

•

Clear Organisation Structure

The Group has an appropriate organisational structure

led by functional SLT members who have clear roles of

responsibility and lines of reporting. The proper segregation

of duties promotes ownership and accountability for risk

taking and defines lines of accountability and delegated

authority for planning, executing, controlling and monitoring

of business operations. Competent and professional

individuals have been selected as part of our SLT to ensure

we manage our business well and to deliver business results.

Regular reviews of the organisational structure are held to

address the changes in the business environment as well

as to keep abreast of current and future trending of new

technologies, products and services.

•

Corporate Centre

The Corporate Centre plays an advisory role to add value

to the subsidiaries at varying engagement levels. The broad

roles of the Corporate Centre are as follows:

1.

Supporting role to Axiata Board Representatives at

OpCos and OpCos’ management; and

2.

Supporting role to OpCos’ Functional Heads.

Besides engaging in regular communication between the

OpCos and the Group functions, the Corporate Centre

also gives appropriate inputs and steers the Group on best

practices through sharing of the Group’s guidelines and

strategies to minimise risk exposure and to increase the

efficiency and effectiveness of business operations.

The Corporate Centre is also responsible for key processes

and functions including strategic planning, mergers and

acquisitions, joint development projects, capital raising and

allocation, leadership, talent development, group accounts

and reporting, procurement, treasury, technology including

cybersecurity and network.

The Corporate Centre is also involved in leading Group

initiatives to address current and future challenges of the

Group.

1.5 Assignment of Authority and Responsibility

•

Policies and Procedures

Documented policies and procedures are now in place for

all major aspects of the Group’s business and these are

regularly reviewed and updated to ensure that they remain

effective and continue to support the organisation’s business

activities at all times as the organisation continues to grow.

These policies and procedures are supported by clearly

defined delegation of authorities for amongst others,

spending on operating and capital expenditures, authority

to enter into contracts and commitments, business plans and

budget, and procurement of goods and services.

•

Limits of Authority (LoA)

The Board has approved a clearly defined and documented

LoA which is to be used consistently throughout the Group.

These are regularly updated to reflect changing risks or

to resolve operational deficiencies. It establishes a sound

framework of authority and accountability within the Group,

including segregation of duties which facilitates timely,

effective and quality decision making at the appropriate

levels in the Group’s hierarchy.

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL