CONTINUOUS MONITORING AND
ASSURANCE
Ongoing Monitoring
The main assurance process of the Group is primarily
undertaken by the Level 2 and Level 3 defence line functions.
The effectiveness of internal control systems implemented
throughout the Group is assessed primarily by the Group
Internal Audit through the conduct of regular audits on the
hospitals and key subsidiaries.
The assurance on the effectiveness of the ERM framework is
provided primarily by the Clinical & Quality Services and Risk
Management Services through on-site and off-site reviews. In
2015, 25 clinical audits and 16 risk & compliance reviews
were conducted by these departments respectively.
Reports generated by the Level 2 and Level 3 lines of defence
mentioned above are presented to the Clinical Risk Management
Committee and Audit Committee respectively for deliberation.
The Group’s risk management framework and internal control
systems do not apply to the associate companies where it
does not exercise management control over their operations.
The Group’s interests are served through representation on the
Board of Directors of these associate companies as well as
through regular review of management accounts that they
provide to the Group. The Board is satisfied with the information
provided to assess the associates’ performance for informed
and timely decision-making on the Group’s investments in
these associates.
Independent Evaluation
All hospitals certified with the MSQH and JCI accreditation
have to undergo stringent surveillance audit by the respective
surveyors and audit teams to ensure compliance with
accreditation standards and requirements before accreditation
certification can be renewed, usually every three (3) years.
In 2015, MSQH conducted 7 hospital accreditation audits and
JCI conducted 2 hospital audits as part of the accreditation
process cycle.
Review Of This Statement By The External
Auditors
This Statement on Risk Management and Internal Control has
been reviewed by the External Auditors as required by
Paragraph 15.23 of the Main Market Listing Requirements of
Bursa Malaysia Securities Berhad for the inclusion in the
Annual Report for the year ended 31 December 2015. The
limited assurance review was performed in accordance with
Recommended Practice Guide (RPG) 5 (Revised) issued by the
Malaysian Institute of Accountants. RPG 5 (Revised) does not
require the External Auditors to form an opinion on the
adequacy and effectiveness of the risk management and
internal control of the Group.
The External Auditors have reported to the Board that nothing
has come to their attention that causes them to believe that the
statement is inconsistent with their understanding of the process
adopted by the Board in reviewing the adequacy and integrity of
risk management and internal controls systems of the Group.
ASSURANCE
The Board has received assurance from the Managing Director
and Vice President (I) – Corporate and Financial Services, that
the Group’s risk management framework and internal control
system are operating adequately and effectively, in all material
aspects, during the financial year under review and up to the
date of approval of this Statement for inclusion in the Annual
Report, based on the risk management and internal control
system adopted by the Group.
The Board is of the view that the system of internal controls
instituted throughout the Group is sound and effective and
provides a level of confidence on which the Board relies for
assurance. In the year under review and up to the date of this
report, there was no significant control failure or weakness
that would result in any material separate disclosure in the
Annual Report. The Board ensures that the internal control
system and the risk management practices of the Group are
reviewed regularly to meet the changing and challenging
operating environment.
The Board is therefore pleased to disclose that the system of
internal control and risk management of the Group is sufficient,
appropriate, effective and in line with the Malaysian Code of
Corporate Governance and the Statement on Risk Management
and Internal Control – Guidelines for Directors of Listed Issuers.
189
KPJ Healthcare Berhad
Annual Report
2015