CORPORATE

GOVERNANCE
MECHANISM
BY
AIDA HAZLIN ISMAIL
 • Overview of corporate governance
• Roles and responsibilities of
TOPICS TO BE internal auditors to the corporate
governance mechanisms
COVERED

2
 • Corporate governance is defined as the process and
structure used to direct and manage the business
and affairs of the company towards promoting
business prosperity and corporate accountability

OVERVIEW OF
with the ultimate objective of realising long-term
shareholder value while taking into account the
interest of other stakeholders.

CORPORATE • Corporate governance provides a framework of

control mechanisms that support the company in
achieving its goals, while preventing unwanted

GOVERNANCE conflicts. The pillars of corporate governance such

as ethical behavior, accountability, transparency and
sustainability are important to the governance of
companies and stewardship of investors’ capital.
Companies that embrace these principles are more
likely to produce long-term value than those that
are lacking in one or all.

3
 • Proper corporate governance identifies the
distribution of rights and responsibilities
among different participants in the company
and outlines among others the rules and
OVERVIEW OF procedures for decision-making, internal
control and risk management. Corporate
CORPORATE governance is not only concerned with
shareholder interests but requires balancing
GOVERNANCE the needs of other stakeholders such as
employees, customers, suppliers, society and
the communities in which the companies
conduct their business.

4
THE MALAYSIAN CODE OF CORPORATE
GOVERNANCE (MCCG)
• The Malaysian Code on Corporate Governance (MCCG) introduced in 2000 has
been a significant tool for corporate governance reform and has influenced
corporate governance practices of companies positively.
• The MCCG reflects global principles and internationally recognised practices of
corporate governance which are above and beyond the minimum required by
statute, regulations or those prescribed by Bursa Malaysia.
• The MCCG permits a more constructive and flexible response to raise standards
of corporate governance. It recognises that there are aspects of corporate
governance where statutory regulation is necessary and others where self-
regulation complemented by market regulation is more appropriate.

5
THE MALAYSIAN CODE OF CORPORATE
GOVERNANCE (MCCG)

• The MCCG was reviewed and updated in 2007, 2012, 2017 and 2021 to ensure
that it remains relevant and is aligned with globally recognised best practices
and standards.
• The 2017 edition of the MCCG, which supercedes the 2012 edition, took on a
new approach to promote greater internalisation of corporate governance
culture. Key features of the approach are listed in Diagram 1.

6
KEY FEATURES OF THE MCCG (DIAGRAM 1)

7
2021 UPDATES • Introduces best practices and guidance to:
• Improve board policies and processes

OF THE MCCG including those related to director

selection, nomination and appointment
• Strengthen board oversight and the
integration of sustainability
considerations in the strategy and
operations of companies and
• Encourage the adoption of the best
practices, particularly those found to
have relatively lower levels of adoption,
as highlighted in the SC’s Corporate
Governance Monitor report.

8
 • As listed companies are not a homogeneous
group, it is necessary to provide flexibility
and proportionality in the application of
certain best practices. Certain practices are
applicable only to Large Companies.
LARGE • Large Companies are:
COMPANIES • • Companies on the FTSE Bursa Malaysia Top
100 Index; or
• • Companies with market capitalisation of
RM2 billion and above,
• at the start of the companies’ financial year.

9
 • Once a company is under the category of Large Companies, it
will remain as one for the entire financial year regardless of
the change in its status during the financial year.
• These companies should continue applying the practices even
if they fall out of the FTSE Bursa Malaysia Top 100 Index or
LARGE their market capitalisation decreases below the prescribed
threshold. Other listed companies may consider adopting the
COMPANIES practices identified for Large Companies if they aspire to
achieve greater excellence in corporate governance.

(con’t) • While the MCCG is targeted at listed companies, non-listed

entities including state-owned enterprises, public companies,
small and medium enterprises (SMEs) and capital market
intermediaries are encouraged to embrace this code on
corporate governance. Non-listed entities should consider
applying the practices in the MCCG to enhance their
accountability, transparency and sustainability.

10
COMPREHEND, APPLY AND REPORT

• WHY CARE?
• Comprehend, Apply and Report or CARE encourages companies to clearly identify the thought processes
involved in practising good corporate governance, including providing fair and meaningful explanation of
how the company has applied the practices.
• CARE aims to reinforce mutual trust between companies and their stakeholders by promoting fair and
meaningful disclosures that will be relied upon by stakeholders to have effective engagements with the
company. It also promotes a culture of openness and mutual respect that benefits both the company and its
stakeholders.
• CARE will help generate greater interest in corporate governance best practices, facilitate assessments and
stimulate conversations on corporate governance. Collectively, these outcomes will raise the standard of
corporate governance culture of the market overall.

11
CARE

12
PRINCIPLE B- EFFECTIVE AUDIT AND RISK
MANAGEMENT
• RISK MANAGEMENT AND INTERNAL CONTROL
• Proper risk management and internal control are important aspects of a company’s governance,
management and operations. Risk management focuses on identifying threats and opportunities
while internal control helps counter threats and takes advantage of opportunities. Proper risk
management and internal control assist companies in making informed decisions about the level
of risk that they want to take and implement the necessary controls to effectively pursue their
objectives. Successful companies integrate effective governance structures and processes with
performance-focused risk management and internal control at every level of the company and
across all operations.
• The board of directors is responsible for the company’s risk management and internal control
systems. It should set appropriate policies on internal control and seek assurance that the
systems are functioning effectively. The board must also ensure that the system of internal
control manages risks and forms part of its corporate culture.

13
PRACTICES

• The board should establish an effective risk management and internal control framework.13
• The board should disclose the features of its risk management and internal control
framework, and the adequacy and effectiveness of this framework.

Step Up
• The board establishes a Risk Management Committee, which comprises a majority of
independent directors, to oversee the company’s risk management framework and policies.

14
 11.1 The Audit Committee should ensure that
the internal audit function is effective and able
to function independently.
11.2 The board should disclose–
• whether internal audit personnel are free from
any relationships or conflicts of interest, which
PRACTICE could impair their objectivity and independence;
• the number of resources in the internal audit
department;
• name and qualification of the person
responsible for internal audit; and
• whether the internal audit function is carried
out in accordance with a recognised framework.

15
Guidance (UPDATED 28/4/2021)
G11.1
An internal audit function helps a company to
accomplish its goals by bringing an objective and
disciplined approach to evaluate and improve
the effectiveness of risk management, internal
control, anti-corruption, whistle-blowing and
governance processes. This function serves as an
important source of advice for the Audit Committee
and the board concerning areas of weaknesses or
deficiencies in internal processes to facilitate
appropriate remedial measures by the company.

16
 • Internal audit should be carried out objectively
and is independent from the management of
the company and the functions which it audits.
Thus, the person responsible for the internal
audit reports must directly to the Audit
Committee.
GUIDANCE • The Audit Committee should also decide on
among others the –
• appointment and removal;
• scope of work;
• performance evaluation; and budget;
• for the internal audit function.

17
GUIDANCE
• In developing the scope of the internal audit function, the Audit Committee should satisfy itself that–
• the person responsible for internal audit has relevant experience, sufficient standing and
authority to enable him to discharge his functions effectively;
• internal audit has sufficient resources and is able to access information to enable it to carry out its
role effectively; and
• the personnel assigned to undertake internal audit have the necessary competency, experience
and resources to carry out the function effectively.
• Internal auditors should continuously keep abreast with developments in the profession, relevant industry
and regulations to ensure they are able to perform their role effectively including undertaking root-cause
analysis to provide strategic advice and suggest meaningful business improvements.

18
End of topic

19