CHAPTER 3

INTERNAL AUDITING AND

CORPORATE GOVERNANCE
Learning Objectives
After going through this chapter, you should be
able to:
• Define corporate governance.
• Understand the Malaysian Code of Corporate
Governance.
• Understand the roles of internal auditors in relation to
governance of the organization.

2
Introduction
• On April 26th 2017, the Securities Commission Malaysia (SC) unveiled
the latest Malaysian Code of Corporate Governance (MCCG 2017).
• As the MCCG was last reviewed and updated in 2012, the MCCG 2017
introduces certain improvements aimed at strengthening Malaysia’s
corporate culture anchored on accountability and transparency,
creating the conditions needed for retaining and heightening investor
confidence.
Introduction
• The MCCG 2017 is applicable to all public listed companies and the first
batch of companies that are expected to report their application of the
practices set out in the new code will be those with financial year ending
31 December 2017. It is worth noting that non-listed entities – including
state-owned enterprises, small and medium-sized enterprises (SMEs) and
licensed intermediaries – are also encouraged to embrace the code. 
• The code contains 36 practices to support three core principles with
regard to a company’s board, audit and risk management and
stakeholders. It takes on a new approach to promote greater
internalisation of corporate governance culture and encompasses a
number of new feature.
Definition of Corporate Governance

• Is the process and structure used to direct

and manage the business and affairs of the
company towards enhancing business
prosperity and corporate accountability with
the ultimate objective of realizing long term
shareholders value, whilst taking into
account the interest of other stakeholders

5
CG – Whose Responsibility?

6
6
Key Milestones in our Corporate Governance Journey
Key Milestones in our Corporate Governance Journey
Key features of the MCCG
focusing on driving internalization of good corporate governance

1. Positioned as the Malaysian Code on Corporate Governance

2. Adopts the Comprehend, Apply and Report approach (CARE)
3. Intended Outcomes are placed upfront to provide users with line of sight
4. Practices are supported by Guidance to aid implementation and better disclosure
5. Differentiated approach identifying practices and reporting expectations for Large
Companies
6. Step Up practices to encourage companies to achieve CG excellence

Presentation by: Ms Foo Lee Mei, Chief Regulatory Officer Securities Commission Malaysia 26 April 2017
Highlights of 3 major departures from MCCG 2012

1. Explaining alternative practices and timelines

2. Proportionality approach – differentiating large companies

from others
• Composition of board – number of independent directors
• Composition of board – gender diversity

3. Tenure of independent directors

Alternatives and Timelines
MCCG 2012 2017 onwards
Explaining alternatives Comply or explain Apply or explain an alternative
Alternative (if any) Companies which depart from a
practice are expected to have an
alternative practice and explain
how the application of the practice
achieves the intended outcome
Actions and Timelines N/A When Large Companies depart
from a practice, they are also
required to disclose the actions
they have taken or will take, and
the timeframe required to apply
the practice.
The differentiated approach Applying flexibility and
proportionality

• The MCCG identifies practices and reporting expectations for Large

Companies

• Large Companies are companies:

• on the top FTSE Bursa Top 100 Index; or
• with market capitalisation of RM2 billion and above

• Other listed companies may consider adopting the practices identified

for Large Companies if they aspire to achieve greater excellence in
corporate governance.
Transparency in Directors’ Remuneration

• The 2012 code required the board to establish formal and transparent remuneration policies and
procedures for directors and for these policies and procedures to be disclosed in the annual report.
• The MCCG now goes a step further by requiring the company to make available such policies and procedures
on the company’s website.
• The MCCG also requires detailed disclosure on a named basis of the remuneration paid to directors (this
includes all fees, salary, bonus, benefits-in-kind and other emoluments), and the remuneration paid to the
top 5 personnel in senior management within the bands of RM50,000 (this includes all fees, salary, bonus,
benefits-in-kind and other emoluments).
• It is also worth noting that the Companies Act 2016 which came into force recently introduced a new
requirement for all fees of directors and any benefits payable to directors (including any compensation for
loss of employment) of a public company (listed or otherwise) to be approved by the shareholders at a
general meeting.
• The additional disclosure requirement under MCCG reinforces the need for transparency
of board remuneration and accountability to the shareholders.
Participation at General Meetings
• In line with the 2012 code approach in strengthening the relationship between
the company and its shareholders, the MCCG has introduced additional
requirements to improve shareholders participation and engagement with the
board at general meetings:
(a) Notice of annual general meeting to be given at least 28 days before the date
of meeting. The Companies Act 2016 requires only at least 21 days.
(b) All directors should attend general meetings to engage with the shareholders.
(c) Companies with large numbers of shareholders or have meetings in remote
locations to leverage on technology to facilitate electronic voting and remote
shareholders’ participation.
ROLE OF BOARD DIRECTORS IN
CORPORATE GOVERNANCE
• Assessing the scope and effectiveness of the systems established by management to identify,
assess, manage and monitor the various risks arising from the organisation’s activities.
• Ensuring senior management establishes and maintains adequate and effective internal controls.
• Satisfying itself that appropriate controls are in place for monitoring compliance with laws,
regulations, supervisory requirements and relevant internal policies.
• Monitoring and reviewing the effectiveness of the internal audit function.
• Reviewing and assessing the internal audit plan and its progress.
• Ensuring that the internal audit function is adequately resourced and enjoys appropriate
standing within the organisation.
• Considering management’s response to major internal audit recommendations and progress in
their implementation.
• Approving the appointment or dismissal of the head of internal audit.
Risk Management Committee

• Consistent with the approach under the 2012 code, companies should
ascertain the risk appetite for the business by setting appropriate risk
management and internal control policies.
• As a Step Up practice, it is recommended that the board should
establish a Risk Management Committee which comprises a majority
of independent directors to oversee the company’s risk management
framework and policies and its implementation.
Strengthen Independence of Audit Committee

• The chairman of the Audit Committee must not be the

chairman of the board. It is also recommended as a
Step Up practice for the committee to comprise of
independent directors only.
ROLE OF AN AUDIT COMMITTEE IN
CORPORATE GOVERNANCE
• Reviewing corporate policies relating to compliance with laws and
regulations, ethics, conflict of interest, and the investigation of
misconduct and fraud.
• Reviewing current/pending litigation or regulatory proceedings
bearing on corporate governance in which the corporation is a party.
• Reviewing significant cases of employee conflict of interest,
misconduct or fraud.
• Requiring the internal auditor to report in writing annually the scope
of the reviews of corporate governance and any significant findings.
INTEGRITY OF FINANCIAL REPORTING

• The audit committee should ensure financial statements comply with

applicable financial reporting standards and assess the suitability and
independence of external auditors. These recommendations are in
addition to the requirements of an audit committee under the listing
requirements.
ROLE OF INTERNAL AUDIT IN
CORPORATE GOVERNANCE
• An objective evaluation of the existing risk and internal control framework.
• Systematic analysis of business processes and associated controls.
• Reviews of the existence and value of assets.
• A source of information on major frauds and irregularities.
• Ad hoc reviews of other areas of concern, including unacceptable levels of risk.
• Reviews of the compliance framework and specific compliance issues.
• Reviews of operational and financial performance.
• Recommendations for more effective and efficient use of resources.
• Assessments of the accomplishment of corporate goals and objectives.
• Feedback on adherence to the organisation’s values and code of conduct/code of ethics.