From Left to Right:
Faisal began his civil service career in February 2004 in the MOF as an Assistant Secretary. He was later promoted as Senior Assistant Secretary in 2006, in the Investment, MOF Inc. and Privatisation Division. He then served as a Principal Assistant Secretary in the GIC Division, MOF, in 2015 and in June 2016 was appointed the Section Head for Energy, Utilities and Technologies, a position he currently held to date.
In June 2018, he was appointed member of an Executive Committee of Suria Strategic Energy Resources Sdn Bhd, a MOF subsidiary. Faisal also serves as director in private companies under the purview of MOF, among others PDX.com Sdn Bhd and Northern Gateway Sdn Bhd.
Nil (No meeting held since his appointment during the year)
Alternate Director to Dato’ Asri Hamidin @ Hamidon, Non-Executive Director nominated by MOF Inc.
Hamizah started her career in private legal practice and was a qualified advocate and solicitor of the High Court of Malaya. She subsequently joined TM as an Assistant Company Secretary in 1996 and promoted to Assistant General Manager in 2007. She was appointed as Joint Secretary on 15 July 2011 and thereafter as General Manager of Company Secretarial Unit of Group Legal, Compliance and Company Secretarial Division in 2012. She was made the Group Company Secretary of TM effective 1 January 2017, heading the Group Company Secretarial Division of TM. Hamizah has more than 22 years corporate experience attending to company secretarial and compliance matters, due diligence exercises and special projects.
Zaiton started her career in a public listed company in 1984 and has over 35 years’ experience in corporate secretarial matters. She joined TM in 1991 as an Assistant Company Secretary and was named as one of the Joint Secretaries of TM in 1996. She became an Assistant General Manager in 2006 and remains as a Joint Secretary of TM and its Group of Companies.
Save as disclosed, none of the Directors has any family relationship with any Director and/or major shareholder of TM.
Conviction for Offences
Save as disclosed, none of the Directors has any conviction for offences, other than traffic offences, for the past 5 years.
Conflict of Interests
Save as disclosed, none of the Directors has any conflict of interests with TM.
Public Sanction or Penalty
Save as disclosed, none of the Directors has any sanction or penalty imposed on them by any regulatory bodies during the financial year ended 31 December 2018.
From Left to Right:
Pursuant to Paragraph 15.26(b) of the Main Market Listing Requirements (Main LR) of Bursa Malaysia Securities Berhad (Bursa Securities), the Boards of listed companies are required to include in their annual report, a statement about the state of internal control of the listed issuer as a group. Accordingly, TM Board is pleased to provide the following statement that has been prepared in accordance with the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed issuers endorsed by Bursa Securities which outlines the nature and scope of the risk management and internal control within TM Group during the financial year under review.
RESPONSIBILITY AND ACCOUNTABILITY
The Board is responsible for the establishment as well as oversight of the Group’s risk management framework and internal control systems that are designed to manage the Group’s risk appetite within acceptable levels of tolerance as set by the Board and Management, rather than eliminate totally the risk of failure to achieve the Group’s goals and objectives in generating returns to shareholders. The Board periodically reviews the effectiveness and adequacy of the framework and systems by identifying, assessing, monitoring and communicating key business risks to safeguard shareholders’ investment and the Group’s assets.
The two (2) committees at the Board level that have primary risk management and internal control oversight responsibilities are:
RISK COMMITTEE (BRC)
The main responsibility of the BRC is to assist the Board in ensuring a sound and robust Enterprise Risk Management (ERM) framework and its implementation to enhance the Group’s corporate governance practices with focus on risk issues. The Terms of Reference (ToR) and main duties of the BRC in relation to risk management are incorporated in the Board Charter which is accessible on the Company’s official website at www.tm.com.my.
AUDIT COMMITTEE (BAC)
The main responsibility of the BAC is to assist the Board in assessing the effectiveness of the Group’s internal control structure and review of the financial reporting. BAC also reviews the adequacy and integrity of the Group’s internal control systems and management information systems, including compliance with applicable laws, rules, directives and guidelines through Group Internal Audit (GIA) function. The BAC’s ToR is stipulated in the Board Charter which is accessible in the Company’s website. The main duties of the BAC in assessing the adequacy and effectiveness of the internal control systems implementation within the Group are detailed in pages 143 and 144.
Other Board Committees such as the Nomination and Remuneration Committee, Tender Committee and Investment Committee are also established with clearly defined duties and responsibilities to oversee various key business activities involved within the Group. The Board acknowledges that it remains responsible for all the actions of the committees with regard to the execution of the delegated roles, including the outcome of the review and disclosure on key risks and internal control systems in this integrated annual report.
Management is accountable to the Board and responsible for implementing the processes of identifying, evaluating, monitoring and reporting of risks and the effectiveness of internal control systems, taking appropriate and timely corrective actions as required. The Management has assured the Board that the Group’s risk management and internal control systems are operating adequately and effectively in all material aspects, based on the ERM framework and internal control systems adopted by the Group. In respect of risk management, Management has implemented the necessary processes to:
GIA assists TM Group in achieving its business objectives by implementing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management measures, controls and governance processes. GIA provides independent, objective assurance and consulting services designed to enhance and protect organisational value. The internal audit charter approved by the BAC defines GIA’s purpose, authority and responsibility.
GIA reports directly to the BAC to preserve its independence and objectivity, and ensure audit personnel are free from any relationships or conflicts of interest which could impair their objectivity and independence. The Chief Internal Auditor (CIA) has an administrative reporting line to the AGCEO which enables the requisite stature and authority of Internal Audit to fulfil its responsibilities.
BAC reviews and approves GIA’s audit plans, annual budget and human resources requirements to ensure resources with the right competencies are sufficient to carry audit functions aligned with the Group’s objectives. The CIA periodically reports on activities performed by GIA as well as key strategic and control issues observed to the BAC. In addition to the above, the BAC approves and periodically reviews GIA’s and the CIA’s performance to observe their progress and achievements.
GIA adopts the International Professional Practices Framework (IPPF)® inclusive of the mandatory elements – Core Principles for the Professional Practice of Internal Auditing, International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors (IIA), the definition of Internal Auditing, and Code of Ethics – to manage its functions and perform the audit engagements.
PRACTICES AND FRAMEWORK
GIA is guided by the internal policies, procedures and framework as well as the Internal Control Framework of the COSO and Control Objectives for Information and Related Technology (COBIT) in assessing and reporting on the adequacy and effectiveness of the design, implementation and efficiency of the Group’s overall system of internal controls, risk management and governance.
SCOPE AND COVERAGE
GIA continues to adopt a risk-based audit plan approach to provide independent assurance to the Board that programmes being carried out are prioritised based on the Group’s strategies, objectives, key risks and core/priority areas. Input from various sources – inclusive of ERM, Annual Operating Plan, past internal and external audit issues, Management and the Board – permits the identification of auditable risk areas.
During the year, GIA conducted reviews on governance, risk management and controls in the areas of finance, compliance, human resources, operations, project management, network and information technology as well as data analytics. Key areas covered include:
All internal audit reports were presented to the BAC with recommendations from GIA and feedback from Management. GIA subsequently monitors and verifies the implementation status of the recommendations on a quarterly basis through the ABAC.
In providing value to the organisation, GIA’s key performance indicators include value creation and protection, in form of cost avoidance, opportunity loss as well as significant process improvements identified during audit engagement.
In addition to performing audit engagements, GIA is also actively involved with the Management in strengthening compliance teams within management units, sharing best practices as well as knowledge on internal auditing, risk management and internal controls to the various stakeholders in TM. GIA carried out several initiatives to strengthen and institutionalise ethics and integrity in TM, focusing on relevant laws and regulations, governance, rules and practices, policies, religions and cultures.
This year has been challenging for TM in the wake of the economic slowdown, shift in the regulatory environment and change of the political landscape. Consequently, TM’s profitability was affected due to stiff competition, pressure on reducing broadband prices and impact of the Mandatory Standard on Access Pricing (MSAP). TM continues to focus its efforts on anticipating and reducing risks while taking advantage of emerging opportunities.
TM’s ERM Framework provides reasonable assurance by identifying, analysing and addressing inherent and emerging risks with the effective implementation of mitigation controls to minimise its impact to the Group.
A project risk framework has been established to incorporate risk assessments during project initiation, project implementation and up to post-implementation review. This will empower the project owner to anticipate the level of risk and subsequently gauge the effectiveness of the mitigation actions including the benefit realisation from the projects.
The BRC played the vital role in overseeing risks that adversely affect TM. Management was also involved for a more active discussion on matters relating to the Group’s business strategy, regulatory, legal and project management. The key risks were highlighted and deliberated for better decision making 1. and ensure appropriate mitigation controls were put in place to address the risks.
SUMMARY OF PRINCIPAL ACTIVITIES
Various activities were carried out throughout the year with the objective of increasing awareness and empower a risk-based decision- making culture across TM’s employees, specifically for the risk fraternity. Amongst others, the following activities were included:
MANAGING CORPORATE RISKS
Through the adoption of the ERM framework and robust processes, TM was able to appropriately manage the Corporate Risks to minimise impact to an acceptable level.
EMERGING RISK & OPPORTUNITY
The ongoing global bilateral trade issues has led to the emergence of supply sustainability risk on telecommunications network equipment. Chinese telecommunications equipment makes up a substantial part of TM’s overall network of elements. Recent actions taken by U.S authorities against two (2) of the largest Chinese telecommunications equipment suppliers in the world has increased the risk of equipment supply disruption to the telecommunication service industry, including TM. Such a disruption would pose a serious impact to TM in terms of financial exposure, customer service and network security. To mitigate this risk, TM has taken precautionary actions, amongst others, from finding suitable local partners for maintenance and support services to exploring the selection strategy of technology partners.
The next generation of mobile internet connectivity 5G will begin its trial phase in 2019. The nascent 5G technology deployment in Malaysia raises several significant risks, namely the unavailability of a 5G spectrum policy, adoption time for 5G devices and high investment costs to implement the 5G network. In-depth knowledge and competency of 5G market developments are essential for TM to ensure the successful deployment of the network.
2018 was undoubtedly one of the most challenging times faced by TM. Changes to the business and industry landscape, solidify the need for us to make significant adjustments on how we operate and do business, taking into consideration the Company’s status and long term sustainability. The Board fully supported Management’s transformation initiatives.
Our governance provides much needed guiding principles to wade through the challenges, imparts the moral compass that directs and leads the Company whilst continuing to accord honour, integrity, transparency and accountability in our business conducts.
The Board underwent significant changes but continues to uphold the highest standards of corporate governance. This is due to the fact that the Board understands its ultimate responsibility is towards the Company and all stakeholders by taking cognisance of its role towards society, environment and upholding ethical integrity.
Our governance model is based on relevant requirements of the Main Market Listing Requirements (Main LR) of Bursa Malaysia Securities Berhad (Bursa Securities), Malaysian Code on Corporate Governance 2017 (MCCG 2017), Corporate Governance Guide 2017 (CG Guide), Corporate Disclosure Guide, Green Book on Enhancing Board Effectiveness, international best practices and standards, in addition to being benchmarked against the ASEAN Corporate Governance (CG) Scorecard.
The Board approves the Group’s governance framework where specific powers of the Board are delegated to the relevant Board Committees and Management based on their specialised skills such as financial information review, human capital management, internal controls and risk management as well as governance, procurement and investment matters, as depicted below:
BCM identifies potential threat and provides a holistic management process for building organisational resilience in safeguarding the interests of the stakeholders and the company’s reputation.
Business Impact Analysis (BIA) is a major component within BCM that determines the most appropriate business continuity strategies. The BIA identifies the urgency of the activity undertaken by assessing the impact over time caused by any potential or actual disruption on the delivery of products and services.
Malaysia’s 14th GE saw the historic event that altered the political landscape of the nation. TM as an organisation identified various possible scenarios and planned the strategies to ensure that the business operates as usual.
Ongoing global bilateral trade issues also contributed to potential supply disruptions risk by the China-based vendors affecting the telecommunication service industry, including TM. TM’s Business Continuity Plan (BCP) was tested and further strengthen to respond swiftly to potential business and supply disruptions. Furthermore, TM Corporate Crisis Management Plan (CCMP) was executed to tackle issues and minimise business interruptions.