Audit Committee Report
A. Composition And Terms Of Reference
Composition
- The Committee shall be appointed by the Board of
Directors from amongst its non-executive directors and
shall consist of at least (3) three members. The Chairman
and the majority of the Audit Committee members must
be independent directors and at least one (1) member of
the committee must be:
- a member of the Malaysian Institute of Accountants (MIA); or
- if he is not a member of the MIA, he must have at
least three (3) years working experience; and
- he must have passed the examinations specified in Part I of the First Schedule of the Accountants Act, 1967; or
- he must be a member of one (1) of the associations of accountants specified in Part II of the First Schedule of the Accountants Act, 1967.
- Where the Chairman is unable to attend the meeting, the members shall elect a person among themselves as Chairman.
- Review of membership is undertaken once every three (3) years. This review pertains to the terms of office and performance of the members.
Meetings
- Meetings shall be held at least once a month or at a frequency to be decided by the Committee and the Committee may invite any person to be in attendance to assist in its deliberations. At least once a year, the Committee shall meet with the external auditor without the presence of Management.
- The Committee will regulate its own procedure particularly with regard to the calling of meetings, the notice to be given of such meetings, the voting and proceedings of such meetings, the keeping of minutes, the custody, production and inspection of such minutes.
- Upon the request of the external auditor, a meeting is to be convened to consider any matter that the auditor believes should be brought to the attention of the directors and shareholders.
Quorum
The quorum shall be two (2), both of whom are to be independent directors.
Secretary
The General Counsel & Company Secretary, En. Mohd Nazlan bin Mohd Ghazali is the Secretary to the ACB.
Authority
The Committee is authorised by the Board to:
- Investigate any activity or matter within its terms of reference.
- Promptly report to Bursa Malaysia Securities Berhad (“Bursa Securities”) matters which have not been resolved satisfactorily, thus, resulting in a breach of the Bursa Securities Listing Requirements.
- Obtain external independent professional advice, legal or otherwise deemed necessary.
- Maintain direct communication channels with external auditors, person(s) carrying out the internal audit function or activity, and with senior management of the Bank and its subsidiaries.
- Convene meetings with internal and external auditors, without the attendance of the management, whenever deemed necessary.
In discharging the above functions, the ACB has also been empowered by the Board to have:
- Necessary resources which are required to perform its duties.
- Full and unrestricted access to any information and documents relevant to its activities.
B. Duties & Responsibilities
The primary duties and responsibilities of the ACB with regards to the Maybank Group's Internal Audit function, external auditors, financial reporting, related party transactions, annual reporting and investigation are as follows:
- Internal Audit
- Review the adequacy of the internal audit scope and plan, functions and resources of the internal audit function, Internal Audit Charter and that it has the necessary authority to carry out its work.
- Review the internal audit reports and to ensure that appropriate and prompt remedial action is taken by Management on lapses in controls or procedures that are identified by internal audit.
- Approve the appointment or termination of the Chief Audit Executive and Heads of Department of Internal Audit.
- Assess the performance of the internal audit staff; determine/approve the remuneration and annual increment of the internal audit staff.
- Take cognisance of resignation of internal audit staff and the reason for resigning.
- External Audit
- Review the appointment and performance of external auditors, the audit fee and any question of resignation or dismissal and to make recommendations to the Board.
- Assess the qualification, expertise, resources and effectiveness of the external auditors.
- Monitor the effectiveness of the external auditors' performance and their independence and objectivity.
- Review the external auditors' audit scope and plan, including any changes to the planned scope of the audit plan.
- Review major audit findings raised by the external auditors and Management's responses, including the status of previous audit recommendations.
- Review the assistance given by the Group's officers to the external auditors and any difficulties encountered in the course of the audit work, including any restrictions on the scope of activities or access to required information.
- Approve non audit services provided by the external auditors.
- Financial Reporting
Review the quarterly and year-end financial statements focusing on:-
- Any changes in accounting policy and practices.
- Significant and unusual events
- Compliance with applicable Financial Reporting Standards and other legal and regulatory requirements.
- Related Party Transactions
Review any related party transactions and conflict of interest situations that may arise within the Bank or Maybank Group including transactions, procedures or courses of conducts that may raise questions of Management's integrity. - Annual Report
Report the Audit Committee's activities for the financial year. - Investigation
Instruct the conduct of investigation into any activity or matter within its terms of reference. - Other Matters
Act on other matters as the Committee considers appropriate or as authorised by the Board of Directors.
C. A Ctivities Of The Audit Comite During The Year
During the year under review, the Audit Committee in the discharge of its duties and functions carried out the following activities:
Attendance of meetings
A total of fourteen (14) meetings were held during the year ended 31 December 2012. The details of attendance of each of the member at the Committee meetings held during the year are as follows:
| Composition and name of committee member |
No. of meetings attended during the period under review |
|
|---|---|---|
| 1 | Tan Sri Datuk Dr Hadenan A. Jalil (Chairman) - Appointed on 15/7/2009 - Independent Non-Executive Director |
14/14 |
| 2 | En Cheah Teik Seng (member) - Appointed on 26/8/2009 - Independent Non-Executive Director |
14/14 |
| 3 | Dato' Johan Ariffin (member) - Appointed on 26/8/2009 - Independent Non-Executive Director |
14/14 |
| 4 | Mr. Erry Riyana Hardjapamekas (member) - Appointed on 25/6/2012 - Independent Non-Executive Director |
7/7 |
| 5 | Dato' Sreesanthan Eliathamby (member) – Appointed on 27/10/2010 – Non-Independent Non-Executive Director (retired w.e.f 29/3/12) |
3/3 |
The Audit Committee consists of four (4) Independent Non- Executive Directors. One of the members (En Cheah Teik Seng) is a Fellow of the Institute of Chartered Accountants in England and Wales. This meets the requirement of the Bursa Securities Listing Requirements which requires at least one qualified accountant as a member of the Audit Committee.
The Audit Committee meets on a scheduled basis. The Group Chief Financial Officer (GCFO) and the Chief Audit Executive (CAE) are invited to attend the meetings. The External Auditors are also invited to discuss their management letters, Audit Planning Memorandum and other matters deemed relevant.
In addition to the scheduled meetings, the members of the Audit Committee also had two (2) sessions with the External Auditors without the presence of the Management as required.
The Audit Committee also meets to discuss and review the quarterly unaudited financial results and the annual audited financial statements of the Bank and the Maybank Group. The President & Chief Executive Officer (PCEO) and the Group Chief Financial Officer (GCFO) are invited to attend these meetings, together with the External Auditors.
Internal Audit (IA)
- Reviewed the annual internal audit plan for the financial year 2012 to ensure adequate scope, coverage of the activities of the Bank and the Group and the resource requirements of internal audit to carry out its functions.
- Reviewed the internal audit reports, audit recommendations and Management's responses to these recommendations.
- Reviewed the status report on Management's efforts to rectify the outstanding audit issues to ensure control lapses are addressed.
- Reviewed the monthly audit performance reports to ensure the adequacy, performance, progress, achievement, coverage of the internal audit functions and noted the reasons for the resignation of audit staff.
- Reviewed the audit reports issued by regulatory authorities, Management's responses to the Regulators' recommendations and the remedial actions taken to rectify the weaknesses detected.
- Reviewed the minutes of meetings of the subsidiary companies' ACB for an overview of the risk management and internal control systems of those subsidiary companies.
- Provided independent evaluation on the performance and remuneration package of audit staff in accordance with the regulatory requirements.
- Approved the appointment of audit staff in key positions.
- Instructed the conduct of investigation into any activity or matter within its terms of reference.
- Reviewed the Audit Committee Report and Statement on Internal Control.
- Reviewed the minutes of meetings of the Internal Audit Committee for an overview of the deliberation and remedial actions taken by Management on the control lapses raised by internal auditors.
Financial Reporting
- Reviewed the quarterly unaudited financial results and the annual audited financial statements of the Bank and the Maybank Group to ensure that the financial reporting and disclosure requirements are in compliance with accounting standards, with special focus placed on changes in accounting policy, as well as significant and unusual events/transactions.
External Audit
- Reviewed the quarterly unaudited financial results and
the annual audited financial statements of the Bank and
the Maybank Group to ensure that the financial reporting
and disclosure requirements are in compliance with
accounting standards, with special focus placed on
changes in accounting policy, as well as significant and
unusual events/transactions.
- The Audit Planning Memorandum and scope of work for the year.
- The results of the audit, the relevant audit reports and Management Letters together with Management's responses/comments to the findings.
- Approved the appointment of external statutory auditors for the provision of non-audit services. When considering the approvals for these services, the ACB took into consideration the process and requirements (including fees threshold) established under the policy for such appointments.
- Evaluated the performance of the external auditors and made recommendations to the Board on their reappointment.
Employee Share Scheme (ESS)
- Reviewed the allocation to ensure that it is consistent with the approved matrix.
Directors' Training
- The training attended by the Committees is reported under the Statement on Corporate Governance in pages 202 to 203.
E. Internal Audit Function
The Group has a well established in-house Internal Audit (IA) to assist the Board of Directors to oversee that Management has in place a sound risk management, internal control and governance system. The total costs incurred for maintaining the IA function for 2012 was approximately RM42.0 million, comprising mainly salaries, travelling and accommodation expenses and subsistence allowances for audit assignments.
The internal audit function is guided by its Audit Charter and reports functionally to the ACB of the Bank and administratively to the President & Chief Executive Officer, and is independent of the activities or operations of other operating units. The principal responsibility of IA is to undertake regular and systematic reviews to evaluate the effectiveness of risk management frameworks and the internal control systems to provide reasonable assurance that such frameworks and systems continue to operate efficiently and effectively. In order for IA to perform its functions effectively, the auditors are continuously sent for training to equip themselves with requisite product knowledge and skills especially in the areas of Shariah, Treasury, Investment Banking, and Insurance & Takaful. The scope of coverage of IA encompasses all units and operations of the Bank, including the subsidiaries. The selection of the units to be audited from the audit universe leading to the formulation of the audit plan is premised on a risk-based approach, and it is the responsibility of the IA to provide the ACB with an independent and objective report on the state of affairs of the risk management, internal control and governance processes.
The internal audit function for Maybank operations and its subsidiary companies in Malaysia and Papua New Guinea is organised on a Group basis within Maybank. Technical support in the areas of credit risk, treasury and market risk, information technology systems, asset management and developmental initiatives are provided, where required to ensure consistency of standards and applications. When approving the Annual Audit Plan, the ACB reviews Maybank IA's human resource requirements to ensure that the function is adequately and appropriately resourced. The internal audit functions for the respective subsidiary companies in the Philippines, Indonesia, Singapore, Thailand and Cambodia are organised and supported by the respective resident internal audit teams with direct accountability to the respective Board Audit Committees of these subsidiary companies.
The audit reports which provide the results of the audit conducted in terms of the risk management of the unit, operating effectiveness of internal controls, compliance with internal and regulatory requirements and overall management of the unit are submitted to the respective ACB for their review. Key control issues, significant risks and recommendations are highlighted, along with Management's responses and action plans for improvement and/or rectification, where applicable. This enables the ACB to execute its oversight function by forming an opinion on the adequacy of measures undertaken by Management.
The International Professional Practices Framework (IPPF) issued by The Institute of Internal Auditors (IIA), the Practice Advisories issued by the IIA, the Guidelines on Internal Audit Functions, Bank Negara Malaysia's Guidelines on Internal Audit Function of Licensed Institutions and Guidelines on Management of IT Environment are used where relevant as authoritative guides for internal auditing procedures.
During the period under review, the following activities were carried out by IA:
- Developed an annual audit plan premised on a risk-based approach and in line with the Group's business expansion plan, taking into consideration input from Senior Management and the ACB.
- Executed independent assurance role through programmed reviews of units and operations identified in the annual audit plan, to evaluate and improve the effectiveness of risk management, internal control and governance processes. These include the review of the operations and service levels offered by Service Providers.
- Reviewed the adequacy and appropriateness of the internal controls and risk exposures in the new products/ financing packages.
- Ascertained the extent of compliance with established policies and procedures and statutory requirements.
- Besides the risk assurance activities, IA also conducts audits on computer hardware, operating and application systems as well as the information communication technology (ICT) network of Maybank Group.
- Carried out ad hoc assignments and special reviews as instructed by the ACB.
- Recommended improvements and enhancements to the existing system of internal control and work procedures/ processes.
- Carried out investigation into activities or matters as instructed by the ACB and Senior Management.
- Witnessed the tender opening process for procurement of services.
- Preparation of Audit Committee Report and Statement on Internal Control for the Company's Annual Report for Financial Year ended 31 December 2012.