KPJ Healthcare Berhad - Annual Report 2018

134 KPJ HEALTHCARE BERHAD STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL The likelihood of achievement of the Group’s objectives is affected by limitations inherent in any internal control systems. The Management therefore has to consider the cost of implementation of internal controls against the expected benefits to be derived. RISK MANAGEMENT AND INTERNAL CONTROL STRUCTURE Integrity and Ethical Values The Group is committed to promote ethical behaviour culture in employees and medical consultants. At the annual staff assembly called “Pedoman” (Perhimpunan, Dialog dan Amanat), all employees and medical consultants are reminded of the five Core Values adopted by the Group, which are Safety, Courtesy, Integrity, Professionalism and Continuous Improvement. These core values guide all employees to achieve the Group’s vision and support the business mission and goals. Employees are expected to be transparent in their conduct to promote high ethical values and reaffirm their commitment to the Group through the Staff Integrity Pledge ceremony. In addition, the Group also encourages employees to report directly to the President & Managing Director of any misconduct or unethical behaviour committed by any staff of the Group through the annual Borang Peradaban declaration. To complement this expectation, the Group also has in place a comprehensive Policy of Whistle-Blowing that outlines the Group’s commitment to promote the highest standards of governance, ethics and integrity in all aspects of business dealings. The Policy covers, inter-alia, three (3) tiers of whistle-blowing reporting line, comprising of the President & Managing Director, the Chairman of the Audit Committee and the Chairman of the Board, to facilitate whistle-blowing activities according to different possible circumstances. In order to encourage a conducive environment for effective whistle-blowing, the Policy also provides assurances on the preservation of identity, confidentiality of information and protection of whistle-blowers from possible retaliation. This policy provides an avenue for employees to raise genuine concerns internally or report any breach or suspected breach of any law or regulation. The Group is also a signatory to the “Malaysian Corporate Integrity Pledge” since 2011, introduced by the Malaysian Institute of Integrity (MII) in support of the Government efforts to combat corruption and unethical practices. The Group has put in place the “No Gifts and Entertainment” policy and “Annual Asset Declaration” policy applicable to all staff. The purpose of these policies is to uphold ethical and responsible behaviour by all its employees and to avoid conflict of interest situation in any ongoing or potential business dealings in the Group with various suppliers and service providers. The Group has also established the “Corporate Integrity Agreement (CIA) for Vendors/Suppliers/Contractors since 2016 to strengthen our integrity practices. The Group requires its Vendors/ Suppliers/Contractors to adhere in all of their activities to the laws, rules and regulations. The Group expects the Vendors/Suppliers/ Contractors to abide by the integrity agreement when conducting business with or for the Group. In-line with the National Integrity Plan (NIP), in 2018, the Group has enrolled in the Certified Integrity Officer (CeIO) Programme in collaboration with JCorp and Malaysian Anti-Corruption Commission (MACC). Four (4) officers attended this up-skilling programme with the focus in managing the business integrity and its components. Moving forward, with the aspiration and objectives of NIP, KPJ will develop “KPJ Corporate Integrity Plan 2019 – 2023”. The objective of KPJ Integrity Plan are:- • To inculcate the noble values and enhance the culture of professionalism and integrity within KPJ Group of Companies • To enhance the governance, core competency and efficiency of service delivery • To strengthen the resilience and productivity of KPJ Group of Companies staff in handling challenges ahead • To ensure KPJ Group of Companies integrity and transparency is sustained in daily practices through elements of honesty, efficiency and trustworthiness Control Structure The Group adopts the COSO Internal Control Framework (COSO Internal Control Framework which was updated in 2017 – Enterprise Risk Management Integrating with Strategy and Performance) as a guide to ensure an appropriate and sound system of internal controls are in place, which encompasses five inter-related components i.e. the Control Environment, Risk Assessment Framework, Control Activities, Information and Communication and Continuous Monitoring process. In 2019, KPJ is moving towards ISO 31000:2018 Risk Management Guidelines and will be adopting ISO 31000:2018 standard by June 2019, to be in line with KPJ’s ISO Certification Programme. The Group’s operations is headed by the President & Managing Director, who is assisted by two (2) Executive Directors and three (3) Vice Presidents for the following functions: • Group Finance Services • Project Management, Biomedical & International Operation Services • Group Marketing & Strategic Communication Services All the hospitals within the Group are headed by an executive director who will oversee and control all the hospitals’ operations. At the hospital level, the Executive Directors and the Chief Executive Officers are assisted by the Medical Directors who oversee all clinical governance in the hospitals.