Professional Documents
Culture Documents
Venue:
ESPM OFFICE & SITE, YANGON
NATURE DESCRIPTION
Results of review, either individually or in aggregate, indicate weaknesses in
Control (C)
the design or functioning of internal controls.
Areas highlighted represent opportunities for improvement in the
Operational (O) effectiveness or efficiency of the business process or the associated internal
control system.
Findings represent issues associated with regulatory compliances and
Regulatory (R)
adherence to current legislations and regulations.
Results represent issues relating to the administration and documentation
Documentation (D)
requirements of the business process.
Closely follow up with PT CMS to pay the long outstanding balances first or consider to issue reminder letter
Recommendation
to them.
Internal Audit & Compliance
ENRA Group Berhad
FINDINGS & RECOMMENDATIONS
2 OPERATION
COSO Nature Rating
2.1 Documented workflow on Crewing Arrangement Process
CA,IC C,O,D MODERATE
Description Risk Implication
During the course of review, it was observed that some of the
• Risk not properly being managed
mitigating controls committed in risk register (Appendix G)
• Consequence and the impact of the risk will get more severe
were not currently in practise. The objective of risk
if no controls implemented.
management process is to identify, evaluate and manage the
• Appendix H has been signed off, the Head of the
risk. It is important to implement the controls committed in risk
Organization is responsible to ensure the risk is being
register to ensure the risk identified was properly managed.
managed.
Controls that was noted were very general and not directly
relevant to particular risk identified.
Recommendation ensure controls (Positive and negative) committed in risk register to be in place.
Internal Audit & Compliance
ENRA Group Berhad
FINDINGS & RECOMMENDATIONS
3 RISK MANAGEMENT
COSO Nature Rating
3.1 Implementation on positive and negative control RA,CA,IC,MT C,O HIGH
Description Risk Implication
During the course of review, it was observed that some of the
• Risk not properly being managed
mitigating controls committed in risk register (Appendix G)
• Consequence and the impact of the risk will get more severe
were not currently in practise. The objective of risk
if no controls implemented.
management process is to identify, evaluate and manage the
• Appendix H has been signed off, the Head of the
risk. It is important to implement the controls committed in risk
Organization is responsible to ensure the risk is being
register to ensure the risk identified was properly managed.
managed.
Controls that was noted were very general and not directly
relevant to particular risk identified.
Recommendation ensure controls (Positive and negative) committed in risk register to be in place