TERMS OF REFERENCE - Audit & Risk Management Committee

Audit and Risk Management Committee (ARMC) was established by the Board of Directors (Board) of Parlo Berhad (Parlo or Company) on 23 November 2018.

1. Objectives
The principal objective of the ARMC is to assist the Board in discharging its duties and responsibilities relating to accounting and reporting practices of Parlo and its group of companies (Parlo Group or Group) together with identifying principal risks and implementing appropriate systems and risk assessment processes to manage such risks, in line with the Malaysian Code on Corporate Governance issued by the Securities Commission Malaysia and the ACE Market Listing Requirements (AMLR) of Bursa Malaysia Securities Berhad (Bursa Securities).

2. Composition of the ARMC
The ARMC shall be appointed by the Board from among its members that fulfills the following requirements:
  • (a) the ARMC comprises not less than three (3) members.
  • (b) all members of the ARMC shall be Non-Executive Directors, with a majority being Independent Directors.

    In this respect, the Board adopts the definition of “independent director” as defined under the AMLR of Bursa Securities.
  • (c) all members of the ARMC shall be financially literate and include at least one (1) member who is:
    • a member of the Malaysian Institute of Accountants (MIA); or
    • a person with at least three (3) years' working experience and: (i) must have passed the examinations specified in Part I of the First Schedule of the Accountant Act 1967; or (ii) a member of one of the associations of accountants specified in Part II of the First Schedule of the Accountants Act 1967; or (iii) a person who fulfills the requirements as may be prescribed or approved by Bursa Securities.
  • (d) No former key audit partner of the external auditors of the Company shall be appointed as a member of the ARMC without observing a cooling-period of at least three (3) years.
  • (e) No alternate director of the Board shall be appointed as a member of the ARMC.
  • (f) The term of office and performance of the ARMC and each of its members shall be reviewed by the Nomination Committee annually to determine whether ARMC members have carried out their duties in accordance with Terms of Reference.
  • (g) In the event that a member of the ARMC retires, resigns, dies or for any other reason ceases to be a member resulting in the number of members be reduced to below three (3), the Board shall, within three (3) months of that event, appoint such number of new members as may be required to make up the minimum of three (3) members.
  • (h) The members of the ARMC may relinquish their membership in the Committee with prior written notice to the Secretary and may continue to serve as Director of the Company.

3. Chairman of the ARMC
The Chairman/Chairperson of the ARMC is elected among the members of the Committee and must be an Independent Non-Executive Director. The Chairman/Chairperson of the ARMC shall not be the Chairman/Chairperson of the Board.

4. Secretary
  1. 4.1 The Secretary of the ARMC shall be the Company Secretary of the Company.
  2. 4.2 The Company Secretary(ies) shall act as Secretary(ies) of the ARMC and shall be responsible, in consultation with the Chairman/Chairperson, for drawing up the agenda and other supporting explanatory documents for circulation to the ARMC members prior to each meeting.
  3. 4.3 The Secretary(ies) shall be responsible for recording attendance of all members and invitees, keeping the minutes of the meetings, circulating them to the ARMC members and other members of the Board and ensuring compliance with the AMLR of Bursa Securities.

5. Meetings and reporting
  1. 5.1 ARMC shall meet at least four (4) times in each financial year and as and when the ARMC deems necessary.
  2. 5.2 The Chairman/Chairperson may call for additional meetings at any time at the Chairman/Chairperson's discretion.
  3. 5.3 The quorum in respect of a meeting of the ARMC shall be a majority of Independent Directors.
  4. 5.4 The ARMC may invite other directors and employees to the meetings to brief the ARMC on issues that are incorporated into the agenda.
  5. 5.5 The ARMC shall meet with the External Auditors at least two (2) times a year without the presence of the executive Board members, Management or other employees.
  6. 5.6 The ARMC meetings shall be governed by the provisions of the Company's Constitution relating to Board meetings unless otherwise provided for in this Terms of Reference. The ARMC may establish appropriate procedures to govern its meetings, keeping of minutes and administration as and when necessary.
  7. 5.7 The notice and agenda of ARMC meetings shall be given by the Secretary to all the ARMC members at least five (5) working days prior to each meeting unless the ARMC waives such requirement.
  8. 5.8 In the absence of the Chairman/Chairperson, the members present at the meeting shall elect a Chairman/Chairperson amongst themselves for the meeting.
  9. 5.9 Significant results and findings from the ARMC's deliberation shall be put in writing and tabled to the Board. The ARMC shall submit an annual report to the Board summarising its activities and significant findings during the year.

6. Minutes
  1. 6.1 Minutes of each meeting shall be kept at the registered office and shall be opened for inspection by the Board. The ARMC Chairman/Chairperson shall report on each meeting to the Board. Any request by Management or other persons to inspect the minutes shall be subject to the approval of the Chairman/Chairperson if required.
  2. 6.2 The Minutes of the ARMC meeting shall be signed by the Chairman/Chairperson of the meeting at which the proceedings were held or by the Chairman/Chairperson of the next succeeding meeting.

7. Circular resolutions
A resolution in writing signed by a majority of the ARMC, for the time being, shall be as valid and effectual as if it has been passed at a meeting of the ARMC duly called and constituted. Any such resolution may consist of several documents in like form each signed by one (1) or more ARMC members. Any such document may be accepted as sufficiently signed by a Committee member if transmitted to the Company by email, facsimile or other electrical or digital written message/application to include a signature of a Committee member.

8. Duties and responsibilities
The duties and responsibilities of the ARMC include the following:
  • (a) to consider the appointment, resignation and dismissal of External Auditors and the audit fee and any questions of resignation or dismissal and letter of resignation from External Auditors, if applicable;
  • (b) to discuss with the External Auditors before the audit commences, the nature and scope of the audit and ensure co-ordination where more than one audit firm is involved;
  • (c) to review the quarterly and annual financial statements of the Company focusing particularly on:
    • any changes in or implementation of major accounting policies and practices;
    • significant adjustments arising from the audit;
    • significant matters highlighted including financial reporting issues, significant judgements made by Management, significant and unusual events or transactions and how these matters are addressed;
    • the going concern assumption;
    • the integrity of financial statements; and
    • compliance with accounting standards and other legal requirements.
  • (d) to discuss problems and reservations arising from the interim and final audits and any matter the auditor may wish to discuss (in the absence of Management where necessary);
  • (e) to review the External Auditor's management letter and Management's response;
  • (f) to review the annual evaluation of the performance of the External Auditors, including the suitability, objectivity and independence of the External Auditors which takes into consideration the following:
    • the competence, audit quality and resource capacity of the External Auditors in relation to the audit;
    • the nature and extent of the non-audit services tendered and the appropriateness of the level of fees; and
    • written assurance from the External Auditors confirming that they are and have been independent through the conduct of the audit engagement in accordance with the terms of all relevant professional and regulatory requirements.
  • (g) to review the risk profile and risk tolerance in respective business units and the Group;
  • (h) to review the adequacy and effectiveness of the scope, competency and resources of the internal audit function, system of internal control and accounting control system in place to manage risk;
  • (i) to review the internal audit plan and results of the internal audit assessments, and where necessary, ensure that appropriate system is taken on the recommendations of the internal audit function;
  • (j) to review any appraisal or assessment of the performance of members of the internal audit function;
  • (k) to consider the major findings of internal investigations and Management's response;
  • (l) to ensure the internal audit function is independent of the activities it audits, and the Internal Auditors report directly to the Committee. The Internal Auditors will be responsible for the regular review and/or appraisal of the effectiveness of risk management, internal control and governance processes within the Company;
  • (m) to consider related party transactions and review the procedures to ensure appropriateness and adequacy and to perform any other functions as authorised by the Board;
  • (n) assisting the Board to effectively discharge its risk oversight responsibilities by monitoring and overseeing the Group's risk management and processes in identifying, evaluating, monitoring and managing significant risks within the Group;
  • (o) to oversee risk appetite, approve frameworks, policies and processes for managing risk and accept risks beyond the approval discretion provided to the Management;
  • (p) to set reporting guidelines for Management to report to the ARMC on the effectiveness of the Group's management of its business risks;
  • (q) to receive reports from the Executive Risk Management Committee (ERMC) which has been reviewed and/or deliberated by the ERMC concerning:
    • risk management policies, strategies, processes and controls, status of implementation and effectiveness, within the respective departments, and if thought fit, approve or vary them;
    • alignment/integration of risk management activities with other management activities that include formulation of strategies, development of business plans, budgeting, performance reviews, within the respective departments; and
    • identification and management of enterprise risks that could impact the achievement of business objectives;
  • (r) to monitor changes in the economic and business environment, including anticipated and emerging risks, legislative or regulatory changes and other factors relevant to Group's risk profile;
  • (s) to ensure proper risk management awareness and training to every level of the business and assist the Board in embedding risk management into the organisation culture;
  • (t) to review the statement of risk management and internal control for inclusion in the annual report;
  • (u) maintain open lines of communication between the Board and the internal auditors or external auditors for the exchange of views and information, as well as to confirm their respective authorities and responsibilities;
  • (v) determine the adequacy of the Group's administrative, operating and accounting controls;
  • (w) lead Parlo Group's strategic direction in the management of the Group's business risks;
  • (x) review the effectiveness of the risk management framework in identifying and managing risks and internal processes which includes but is not limited to ensuring the adequacy of risk management policies and infrastructure to facilitate the implementation of action plans for risk management in provision of quality services and a risk culture throughout the Group that manage and monitor risks through the achievement of its business objectives.

9. Rights of the Audit and Risk Management Committee
  1. 9.1 The ARMC shall, wherever necessary and reasonable for the Company to perform its duties, in accordance with a procedure to be determined by the Board and at the cost of the Company:
    • has authority to investigate any matter within its Terms of Reference;
    • has the resources which are required to perform its duties as set out in its Terms of Reference;
    • has full and unrestricted access to any information pertaining to the Company and Group;
    • has direct communication channels with the External Auditors and person(s) carrying out the internal audit function or activity (if any);
    • be able to obtain independent professional or other advice, at the expense of the Company;
    • be able to convene meetings with External Auditors (without the presence of executive Board members) at least twice a year and whenever deemed necessary;
    • have unrestricted access to all information and documents, external auditors and all employees of the Company for the purpose of discharging its functions and responsibilities; and
    • approve Term of Reference of the ARMC, including delegating responsibility to manage the audit and risk profile of the Group.
  2. 9.2 The Chairman/Chairperson of the ARMC shall engage on a continuous basis with Senior Management, such as the Board Chairman, the Chief Executive Officer, the Chief Financial Officer, the Internal Auditors and the External Auditors in order to be kept informed of matters affecting the Group.

10. Risk management function
  • 10.1 Key management staff and Heads of Department of the Parlo Group are delegated with the responsibility to manage risks of their respective areas of responsibilities. In the periodic management meetings, key risks and mitigating controls are deliberated. Risks identified are prioritised in terms of likelihood of occurrence and its impact on the achievement of the Group's business objectives. Significant risks affecting the Group's strategic and business plans are escalated to the ERMC at their scheduled meetings.
  • 10.2 The Group has an ERMC which is chaired by an Executive Director or the Chief Executive Officer and comprises the Heads of Department of the Group. The ERMC is assisted by key management staff whose role is to identify, mitigate and manage risks within their respective departments. The ERMC retains the overall risk governance responsibility and risk oversight of the Group. The Risk Management reporting structure is as follows:
Risk management function audit
  • 10.3 The Group's risk management processes establish the context of risks in relation to the Group and its respective departments. The processes include risk identification, analysis, evaluation and treatment with continuous monitoring, review, communication and consultation.

11. Reporting of breaches to the Exchange
Where the Committee is of the view that a matter reported by it to the Board has not been satisfactorily resolved resulting in a breach of Bursa Malaysia Securities Berhad's ACE Market Listing Requirements, the Committee shall promptly report such matter to Bursa Malaysia Securities Berhad.

12. Reporting
  1. 12.1 The Chairman/Chairperson of the ARMC shall report to the Board of Directors, either formally in writing, or verbally, as it considers appropriate on the matters within its Terms of Reference at least once a year, but more frequently if it so wishes.
  2. 12.2 The ARMC shall report to the Board of the Directors on any specific matters referred to it by the Board for investigation and report.

13. Review of the Terms of Reference
The Terms of Reference of the ARMC are to be regularly reviewed by the Board as and when required.

This Terms of Reference is approved and adopted by the Board of Parlo and shall be effective from 22 April 2024 and the Terms of Reference is made available at the Company's website at http://www.parlogroup.com.