Basic HTML Version
78
Statement On Internal Control
(Pursuant to Paragraph 15.27(b) of the Bursa Malaysia Listing Requirements)
INFORMATION AND COMMUNICATION PROCESS
The Group recognizes the importance of securing the information
assets against potential threats to ensure their Confidentiality,
Integrity and Availability. Other than complying with information
security laws, regulations and international standards, the Group
has developed its own Policies and Standard Operating Manual.
KPJ Clinical Information System (KCIS) which is currently deployed
at 8 hospitals and planned to be operational in another 5 hospitals
in 2013, is well secured through the system of audit trail and
centralized patch management for new updates to mitigate the
issues and risks of incorrect information and securing the highly
confidential data as per user role and responsibility.
The Group is also developing a KPJ Cloud System, a dedicated
private cloud for providing KCIS, HITS, Data Security Services
Analytical etc on cloud model. The Group is also centralizing its
server farms to a Data Centre with the objectives of providing ease
of running the IT operations and cost saving.
CONTINUOUS MONITORING PROCESS
Ongoing Monitoring
Ongoing monitoring of internal control effectiveness is appropriately
and sufficiently done through not only normal daily supervision
by immediate supervisors, but also by the Internal and External
Auditors, who make both scheduled and surprised audit visits
to ensure compliance. Any discrepancy and irregularity will be
reported to the Management for correction and improvement. The
Management also monitors the performance of the hospitals and
companies through regular meetings and reports.
Separate Evaluations
All hospitals certified with the MSQH and JCI accreditation have to
undergo stringent surveillance audit by the respective surveyors
and audit teams to ensure compliance for every three (3) years
before the certificates can be renewed.
As mentioned above, the Group also monitors the effectiveness
of internal controls through Borang Peradaban, the declaration
form used by employees to report any deficiency or dishonest act
directly to the Managing Director of the Group.
ASSURANCE
The Board is of the view that the system of internal controls
instituted throughout the Group is sound and effective and provides
a level of confidence on which the Board relies for assurance. In
the year under review, there was no significant control failure or
weakness that would result in any material losses, contingencies or
uncertainties that would require separate disclosure in the Annual
Report. The Board ensures that the internal controls system and
the risk management practices of the Group are reviewed regularly
to meet the changing and challenging operating environment.
The Board is therefore pleased to disclose that the state of internal
controls of the Group is sufficient, appropriate and effective and
in line with the Malaysian Code of Corporate Governance and the
Statement of Internal Control – Guidance.
Dato’ Kamaruzzaman Abu Kassim
Chairman
Amiruddin Abdul Satar
President/Managing Director
Annual Report
2012
KPJ Healthcare Berhad
Chief Secretary to the Government, YBhg Dato’ Sri Dr Ali Hamsa (third from left) at the opening of KPJ Healthcare Conference and Exhibition 2012.