img
92
Axiata Group Berhad
Advancing Asia
(242188-H)
annual report 2011
STATEMENT ON INTERNAL CONTROL
The key elements in the strategy are to
move the operating environments into
The Group has an insurance programme in
standards-based ones and to renew the
place to ensure that its assets are sufficiently
operations support systems/business support
covered against any mishap that will result in
systems value chains to successfully support
material losses. The Group also ensures that
the new business and corporate aspirations.
its major assets are physically safeguarded.
3.3 Regulatory and Compliance
3.2 Security (Application and IT Network)
C
A four-pronged approach is adopted towards
ontinuity Plans (BCP)
managing the various regulatory issues
Dependability was one of four primary
confronting our markets, supported by regular
strategic focus areas for 2010/2011. The
review of group risk matrix, managed as part
activities started then will be continued and
of the enterprise risk management process.
enhanced in 2012/2013 with all operating
In this manner, risks which are both of
units having a comprehensive end to end
jurisdictional as well as global nature are
process by then. DRP and BCP requirements
recognised and managed. The four-prong
have been reinforced in all systems upgrades
approach encompasses:
and implementation in the past year. The IT
1.
The development of annual Regulatory
team has been strengthened with the
Action Plans for each OpCo focusing on
inclusion of a Group IT Programme Director
the top three issues of highest strategic,
to oversee the strengthening of the Group's
financial or reputational impact;
IT infrastructure, including the hardening of
2. Crafting strong submissions on issues and
DRP specifications.
communicating the same with regulators
through active stakeholder engagement;
DRP includes the timely resumption of service
3. Developing group-wide positions on key
from the applications, data, hardware,
issues such as spectrum management,
communications and other technical
roaming regulations, access pricing and
infrastructure.
licence renewal; and
BCP includes planning for non-technical
4. Ensuring a common baseline of best
related aspects such as key personnel,
practice regulatory skills group-wide,
facilities, crisis communications and reputation
through the adoption of a Regulatory
protection, and refers to the DRP for
Best Practices Manual, regular conference
calls and annual meetings of regulatory
technology related infrastructure recovery/
staff group wide.
continuity.
The Group Regulatory Policy outlined in the
Group Policy document also provides
The Corporate IT Policy continues to be a
guidance and establishes internal policies and
focus item. The Board recognises the
procedures that attempt to avert potential
importance of a well-formulated IT direction,
liabilities arising from adverse regulatory
architecture and implementation. The IT focus
decisions. Underpinning the Group Regulatory
in the Company has been augmented with
Policy is the understanding that the Group
the formation of a Group IT team in the
shall comply with all applicable laws and
Technology division to continue the on-going
regulations, regulatory obligations and
improvement programmes and to implement
governmental policies in the jurisdictions in
a holistic IT strategy initiated in 2011, starting
which it operates, and that regulatory advice
with Celcom.
is obtained in an efficient and cost effective
manner as and when required.