80 KPJ Healthcare Berhad

(Company No. 247079 M)

Annual Report 2010

STATEMENT ON

INTERNAL CONTROL

(Pursuant to Paragraph 15.27(b) of the Bursa Malaysia Listing Requirements)

The Board of Directors of KPJ Healthcare Berhad (KPJ) is pleased to provide the following statement on the state of internal controls of the Group for the fnancial year ended 31 December 2010, which has been prepared in accordance with Paragraph 15.27 (b) of the Listing Requirements of Bursa Malaysia and the Statement on Internal Control – Guidance for Directors of Public Listed Companies. The system of internal controls is designed to manage the likelihood and consequences of risks to an acceptable level within the context of the business environment throughout the Group.

BOARD RESPONSIBILITIES

The primary responsibility of the Board is to ensure the adequacy and integrity of the Group’s system of internal controls which cover fnancial, operational and compliance controls and risk management. The principal objective of the internal controls system is to manage business risks effectively, enhance the value of shareholder’s investments and safeguards all assets. The role of Managing Director and Management is to assist in the design and implementation of the Board’s policies on internal control system.

The internal controls are designed to manage and reduce risks rather than eliminate them. As such internal controls can provide only reasonable assurance to Management and the Board of Directors regarding the achievement of company objectives through:- • effectiveness and effciency of operations • reliability of fnancial reporting

• compliance with applicable laws and regulations

The likelihood of achievement is affected by limitations inherent in any internal control systems. The Management therefore needs to consider the cost of implementation of internal controls against the expected beneft derived.

The Board still relies on the COSO Internal Control Framework to ensure an appropriate and sound system of internal controls, which encompasses fve interrelated components i.e. the Control Environment, Risk Assessment Framework, Control Activities, Information and Communication and Continuous Monitoring process.