KPJ Healthcare Berhad - Annual Report 2018

132 KPJ HEALTHCARE BERHAD AUDIT COMMITTEE REPORT The Internal Audit Services within its terms and reference had the following work undertaken for the financial year 2018:- - Reviewed and appraised the adequacy and integrity of the internal financial controls and information system controls so as to ensure that it provides a reasonable but not absolute assurance that assets are properly safeguarded; - Ascertained the effectiveness of Management in identifying principal risks and managed such risks through the Risk Management Framework set-up by the Group; - Ascertained the level of compliance with Group’s plans, policies, procedures and adherence to laws and regulations; - Appraised the effectiveness of administrative and financial controls applied and the reliability and integrity of data that is produced within the Group; - Performed follow-up reviews of previous audit reports to ensure appropriate actions are implemented to address control weaknesses highlighted; - Carried out investigations and special reviews requested by the Committee and/or Management; - Witnessed the tender opening process for project. The witnessing process is to ensure the activities in the tendering process are conducted in a fair, transparent and consistent manner; and - Prepared the Audit Committee Report for the Company’s Integrated Report for financial year ended 31 December 2018. During the financial year ended 31 December 2018, Internal Audit Services accomplished a total of 89 audits comprising scheduled financial and operational audits as well as IT audits at the hospitals and support companies. This also includes due diligence, special audits and ad hoc assignments. Reviews on compliance with the established procedures, guidelines and statutory obligations are also performed. In line with the system improvements in revamping the client-server hospital information system, the upgrading of Hospital Information System (HITS) and KPJ Clinical Information System (KCIS) starting in 2018 to second generation cloud computing products of HITS2 and KCIS2 is part of the auditable areas. This is to assure that the expected controls as per process requirements are embedded in the system in order to ensure segregation of duties, data accuracy, integrity and reliability throughout the Group. Investigations were also carried out at the request of the AC and Management on specific areas of concern to follow up in relation to high risk areas identified in the regular reports. These investigations provided additional assurance on the integrity and robustness of the internal control systems. All findings resulting from the audits were reported to the AC, Senior Management and relevant Management of operating hospitals and support companies. Management of the operating hospitals and support companies were accountable to ensure proper rectification of the audit issues and implementation of action plans within the timeframe specified. Follow up by Internal Audit Services on the actions taken is updated in the subsequent audits. In addition, the Internal Audit Services played an advisory role in the course of performing its audit activities.