Featured News

Life in IJM

Experienced Professionals

Print Send link to friendZoom In Reset Zoom Out
Home » Corporate Governance »Statement on Risk Management & Internal Control
Statement on Risk Management & Internal Control
IJM Corporation Berhad
IJM Plantations Berhad
The Board is committed to nurture and preserve throughout the Group a sound system of risk management and internal controls and good corporate governance practices as set out in the Board?s Statement on Risk Management and Internal Control, made in compliance with Paragraph 15.26(b) of the Main Market Listing Requirements ("LR") of Bursa Malaysia Securities Berhad ("Bursa Securities") and guided by the Statement on Risk Management & Internal Control: Guidelines for Directors of Listed Issuers.


The Board acknowledges its responsibility for maintaining a sound risk management framework and internal control system to safeguard the shareholders' investments and the Group's assets, as well as to discharge its stewardship responsibility in identifying principal risks and ensuring the implementation of an appropriate risk management and internal control system to manage those risks in accordance with Principle 6 of the Malaysian Code on Corporate Governance 2012.

The Board continually articulates, implements and reviews the adequacy and effectiveness of the Group's risk management and internal control system which has been embedded in all aspects of the Group?s activities. The Board reviews the processes, responsibilities and assesses for reasonable assurance that risks have been managed within the Group's risk appetite and tolerable ranges and to ensure that the system is viable and robust.

Notwithstanding, the Group's system by its nature can only reduce rather than eliminate the risks of failure to achieve the business objectives. Accordingly, such systems can only provide a reasonable but not absolute assurance against material misstatement, loss or fraud.

The Board has received assurance from the Chief Executive Officer & Managing Director and the Chief Financial Officer that the Group?s risk management and internal control system is operating adequately and effectively, in all material aspects, based on the risk management and internal control framework of the Group.


The Group has a well-defined organisational structure with clearly delineated lines of accountability, authority and responsibility to the Board, its committees and operating units. Key processes have been established in reviewing the adequacy and effectiveness of the risk management and internal control system including the following:

  • The Executive Committee of the Board was established to manage the Group's operating divisions in accordance with corporate objectives, strategies, policies, key performance indicators and annual budgets as approved by the Board. Further details on the Executive Committee are set out in the Corporate Governance Statement.
  • The Audit Committee of the Group, with the assistance of the Risk Management Committee, performs regular risk management assessments and through the Internal Audit Department, reviews the internal control procedure and processes, and evaluates the adequacy and effectiveness of the risk management and internal control system. The committee also seeks the observations of the independent external auditors of the Group. Further details are set out in the Audit Committee Report.
  • The Risk Management Committee ("RMC") was established to oversee, perform regular reviews on risk management processes and to ensure prudent risk management over the Group?s business and operations. The RMC is chaired by the Group?s Chief Financial Officer and includes representatives from all business divisions, both local and overseas, as well as from the relevant Head Office operations support departments. Each business division?s risk management function is led by the respective head of the division. The RMC reports to the Audit Committee on a quarterly basis where key risks and mitigating actions are deliberated and implemented.
  • The Internal Audit Department performs internal audits on various operating units within the Group on a risk-based approach based on the annual audit plan approved by the Audit Committee. The department checks for compliance with policies and procedures and the effectiveness of the internal control system and highlights significant findings of non-compliance in the quarterly Audit Committee meetings of the Company and major subsidiaries.
  • The Nomination & Remuneration Committee ("NRC") assists the Board to review and recommend appropriate remuneration policies for Directors and senior management to ensure that their remuneration commensurates with their performance. The NRC also reviews and recommends candidates to the Board of the Company, and evaluates the performance of Directors (including Board Committees) on an annual basis.
  • The Securities and Options Committee administers options and/or shares under the employee share scheme and regulates the securities transactions in accordance with established regulations and by-laws. Further details are set out in the Corporate Governance Statement.
  • Management committees are established by the respective Boards of major subsidiaries of the Group to assume the functions, of the Executive Committee as stated above, in those subsidiaries.

Key Elements of the Risk Management and Internal Controls

  • Clearly documented standard operating policies and procedures to ensure compliance with internal controls, laws and regulations, which are subjected to regular reviews and improvement, have been communicated to all levels.
  • Established guidelines for recruitment, human capital development and performance appraisal to enhance staff competency levels have been disseminated to all employees.
  • Clearly defined levels of authority for day-to-day business aspects of the Group covering procurement, payments, investments, acquisition and disposal of assets have been disseminated to all employees.
  • Top down communication is made to all levels, of the company?s values such as the IJM charter, including statements of vision, mission and core values, code of ethics and conduct, corporate disclosure policy, diversity and inclusion policy as well as avenues for whistle-blowing.
  • Regular comprehensive information are conveyed to the Board, its committees and management committees of the Group and major subsidiaries covering finance, operations, key performance indicators and other business indicators such as economic and market conditions at their monthly or periodic meetings.
  • Annual budgets are prepared to monitor actual versus budgeted and prior period?s performance with major variances being reviewed and management actions taken as necessary.
  • Half-yearly company briefings with analysts are conducted on the day of release of the financial results to apprise the shareholders, stakeholders and general public of the Group?s performance whilst promoting transparency and open discussion.


The RMC principally develops, executes and maintains the risk management system to ensure that the Group?s corporate objectives and strategies are achieved within the acceptable risk appetite of the Group. Its reviews cover responses to significant risks identified including non-compliance with applicable laws, rules, regulations and guidelines, changes to internal controls and management information systems, and output from monitoring processes as well as continual review process of identified risks and effectiveness of mitigation strategies and controls.

A risk map addressing the risks to the achievement of strategic, financial, operational and other business objectives, using quantitative and qualitative aspects to assess their likelihood and impact matrices, and the controls for assuring the Board that processes put in place continue to operate adequately and effectively, is prepared annually by each business unit.

As the business risk profile changes, new areas are introduced for risk assessment and the necessary changes are made to the existing risks.

The Group's Head Office considers and incorporates the risks associated with the Group?s strategic objectives and overall risk appetite which are not addressed by the respective business units. The consolidated major risks and the mitigating actions are reported to the RMC before being presented to the Audit Committee on a quarterly basis.


During the financial year, all divisions conducted their risk management and internal control system reviews which were assessed by the RMC and reported to the Audit Committee at each quarter.

The Group identified major risk areas of concern and mitigating actions were undertaken within appropriate timeframes. The management of the Group?s significant risks identified for the financial year 2017 is outlined below:

Market Risk Management

Market risks refer to the risks resulting from economic and regulatory conditions and the inherent cyclical nature of the Group?s businesses.

Economic risks

In the current economic climate, the slowdown in the local and global economy may affect the Construction and Industry Division?s order book replenishment and result in overcapacity situations in its factories. During the financial year, the Industry Division?s quarrying performance was affected by softening demand for its quarry products and lower selling prices, while the Property Division continued to face challenges of a subdued and saturated market as well as stiff competition. All of these factors affect the Group?s profitability.

To mitigate such economic risks, the Group has various measures in place including the following:

  • Securing long term Build-Operate-Transfer (?BOT?) projects;
  • Exploring various business and geographical diversifications;
  • Regularly reviewing the business plans against performances to address any shortfalls;
  • Maintaining good relationships with vendors and negotiating for more favourable terms;
  • Maintaining existing customers and winning new customers;
  • Seeking alternative uses of available capacity for its factories;
  • Enhancing efficiency and productivity in its operations;
  • Cost reduction initiatives to contain rising production costs such as sourcing cheaper alternative raw materials; and
  • Adopting innovative marketing strategies with appropriate product differentiation and flexibility in product offerings to suit the market demand for its properties.

The Group has invested in emerging markets over the years such as in India, the Middle East, Indonesia and China. Whilst the Group is able to tap into these markets, foreign engagements entail added risks given their different operating, economic and regulatory environments as well as intensive local and international competition. Nevertheless, the Group continues to monitor these market risks, employ detailed feasibility assessments whilst continuously seeking out local as well as other international opportunities to replenish orders, diversify its business and grow earnings.

Commodity risks

Commodity risk is prevalent in the Plantation Division as its prices for palm products are subject to market volatility which affects its profitability. The Plantation Division manages such commodity risk with the following measures:

  • Constant monitoring of the commodity prices to determine the appropriate timing to transact sales;
  • Selling using the Malaysian Palm Oil Board?s average price mechanism;
  • Hedging through forward sales contracts;
  • Entering into crude palm oil pricing swap arrangements with financial institutions as an additional hedge; and
  • Close monitoring of the pricing trends of major oils and fats for market intelligence.

The Group is also exposed to foreign currency fluctuations due to its investments in foreign countries such as India and Indonesia which may affect its profitability due to the negative fluctuation in the functional currencies of the foreign subsidiaries. These foreign exchange exposures are managed by the Group with the following measures:

  • Entering into forward foreign exchange contracts or cross currency swap contracts where applicable; and
  • Keeping foreign currency denominated borrowings at an acceptable level.

Regulatory risks

The Group?s businesses are governed by relevant laws, regulations, standards, licenses and concession agreements. The Group constantly assesses the impact of new laws and regulations affecting its businesses to ensure that its processes and infrastructure setting are able to operate under the new requirements. New laws and regulations which have an impact to the Group includes the following:

  • Companies Act 2016;
  • Finance Act 2017; and
  • LR of Bursa Securities.

The Group manages these regulatory risks with the following measures:

  • Be updated with the new laws and/or requirements by participating in seminars, conferences and trainings, both in-house and external, presented by authorities, experts or specialists;
  • Implementing appropriate policies, procedures, guidelines, self-audit processes and contracts management; and
  • Maintaining regular communication with the authorities, industry, accounting, tax and legal experts to ensure compliance at all times.

In addition, the other policies which affect the Group?s Property Division are the loan to value cap requirement and strict mortgage lending policies by banks resulting in lower loan approvals. Coupled with the slower project approvals from the authorities, all these factors affect the demand for the Division?s properties, slow down the progress of its developments and reduce profitability levels. To mitigate such risks, the Property Division carries out the following measures:

  • Liaising closely with government officials and external institutions;
  • Maintaining close working relationships with financial institutions to counter the cooling policies;
  • Developing innovative marketing strategies and negotiating for attractive interest rates for loans;
  • Adopting the industrialised building system which is less dependent on labour, whilst improving the productivity and quality of construction work;
  • Switching product focus to landed properties and/ or affordable housing where demand is still resilient due to support by the younger demographic; and
  • Delaying the launch of certain high-end high rise projects where appropriate.

In addition to the above, the Group?s legal department provides legal input on compliance with applicable laws and regulations, including on business, contracts and operational matters.


These risks arise from the inability to recover debts in a timely manner which may affect the Group?s profitability, cash flows and funding. Such risks are more widespread in the Construction and Industry Division?s overseas operations.

The Group minimises such exposures with the following measures:

  • Assessing the creditworthiness of potential customers before granting credit limits and periods;
  • Employing strict debt repayment policies;
  • Persistent and close monitoring of collections and overdue debts; and
  • Ensuring effective credit utilisation to keep leverage at a comfortable level.


Inadequate skilled workforce risk

Similar to many other companies in the same line of business, the Group faces a common challenge in the form of inadequate skilled workforce. This risk is more acute in the Plantation Division due to the difficulty in recruiting skilled workers which may slow down its harvesting operations. Various measures carried out by the Plantation Division to attract more skilled labour included the following:

  • Working with the industry fraternity to improve the availability of labour;
  • Upgrading the living quarters of guest workers complete with amenities including electricity and water, medical care, crèche, education centres, recreational and sports facilities in phases;
  • Entering into partnership with NGOs such as the Borneo Child Aid to provide education to the children of guest workers with the intention of retaining the workers;
  • Encouraging local school leavers to participate in the plantation sector and to offer suitable internship programmes for undergraduates via joint ventures with universities and agricultural/labour authorities; and
  • Reviewing the remuneration benefits of workers from time to time to stay competitive.

To mitigate the risk of inadequate skilled workforce within the Group, it implemented various remuneration and welfare schemes to attract and retain employees to meet existing and future needs. Some of these initiatives are as follows:

  • The Long Term Incentive Plan (?LTIP?), which comprises an employee share option scheme and an employee share grant plan for qualified employees. For more details of the LTIP scheme, please refer to the Financial Statements section of the Annual Report;
  • Enhancing work-life practices such as staggered hours, family care leave, car park space for expectant mothers and extended maternity leave; and
  • Enhancing the Group?s hospitalisation and surgical plans.

Adverse weather risk

During the financial year, the Plantation Division?s crop productivity continued to be affected by the pro-longed dry weather. The Division?s fresh fruit bunches (?FFB?) production from the Malaysian operations dropped by 3% to 464,019 metric tonnes due to the severe dry weather. As a result, the Malaysian operations recorded a 3.8% drop in FFB yield to 20.0 tonnes per hectare in FY2017.

To mitigate the dry weather condition and in anticipation of its recurrence in the future, the Plantation Division had carried out measures which included the following:

  • Employing good agronomic and estate practices as per the Division?s operating manual;
  • Carrying out water conservation and irrigation measures to ensure its oil palms receive adequate water;
  • Deepening reservoirs, where possible, to increase water storage capacity with the objective of irrigating the surrounding fields; and
  • Ensuring appropriate agricultural training for its cadets and field staff.


Cyber security is one of the most urgent issues of today. Cyber attacks can cause major damage to the bottom line, as well as to business reputation and consumer trust. In order to proactively protect IT systems from cyber attacks, the Group has established a team of ISACA (Information Systems Audit and Control Association) certified IT security professionals. The Group has also developed a set of IT security policies and procedures based on the industry best practices, e.g. ISMS (Information Security Management System) and ITSMS (Information Technology Service Management System). In addition, independent enterprise wide assessments are conducted on a regular basis to ensure that the systems are effective and continuously improved to enhance the Group?s cyber resilience. The Group is proactively monitoring, controlling the risk and protecting its systems in a constantly changing cyber threat environment.


With threats of Management Information System (?MIS?) failure and other potential hazards such as fires, floods, earthquakes and major equipment failures, amongst others, the continuity of business operations is of a major concern to the Group. In line with that, the Group has a crisis management plan to deal with major incidences and crisis situations affecting our businesses, financial position and are of public concern. The Group regularly reviews the contingency plans to ensure its relevance and appropriateness of the mitigating actions.

Additionally, the Group has a production site for ERP systems at an external hosting centre in Cyberjaya, Selangor which was designed to be near disaster free whilethe IJM Data Recovery Centre maintained at Menara IJM Land, Penang acts as a warm site for systems recovery in the event of a MIS failure. The non-ERP applications are safely maintained in Cyberjaya or by cloud hosts.

Regular incident management drills at our properties ranging from basic fire safety to mass evacuation drills are conducted to ensure that our employees are familiar with the emergency response and crisis management plans. During the financial year, the Group did not encounter any major business interruption or crisis situations.


As a global conglomerate with a diverse business portfolio, the Group faces exposure to numerous risks. Hence, the Group has in place adequate and regularly reviewed insurance coverage for its business operations, assets and employees where it is available on economically acceptable terms to minimise the related financial impacts.


As required by Paragraph 15.23 of the LR of Bursa Securities, the external auditors have reviewed this Statement on Risk Management and Internal Control. Their limited assurance review was performed in accordance with Recommended Practice Guide (?RPG?) 5 (Revised 2015) issued by the Malaysian Institute of Accountants. RPG 5 (Revised 2015) does not require the external auditors to form an opinion on the adequacy and effectiveness of the risk management and internal control systems of the Group.


For the financial year under review and up to the date of issuance of this statement, the Board is pleased to state that the Group?s system of risk management and internal control was rated overall as satisfactory, adequate and effective for the Group?s purpose and safeguards the shareholders? investments, and the interests of customers, employees and other stakeholders. There have been no material losses, contingencies or uncertainties identified from the reviews.


Updated: 18 Aug 2017