Overview

Terms of Reference of the Board Governance and Risk Committee

Download

INTRODUCTION

The Board Governance and Risk Committee (“BGRC” or “Committee”) Terms of Reference (“TOR”) aims to set out the terms of the conduct of the Committee with respect to its delegated responsibilities to assist the Board of Directors (“Board”) in fulfilling the Board's statutory and fiduciary responsibilities in overseeing risk management, legal and compliance, integrity, governance and cybersecurity while ensuring alignment with relevant regulations and best practices, such as the Bursa Malaysia Listing Requirements and the Malaysian Code on Corporate Governance (“MCCG”).

OBJECTIVES

The BGRC’s objective is to oversee KPS Berhad and its subsidiary companies (collectively referred to as KPS Berhad Group) in relation to:

  • Risk Management
  • Legal & Compliance
  • Integrity & Governance
  • Cybersecurity

OTHER ASPECTS OF THE BIRC TOR

  • Constitution
  • Secretary of the Committee
  • Reporting
  • Ethics & Procedures
  • Review of the Terms of Reference

SCOPE

Membership

  • The members of the BGRC shall be appointed by the Board of Directors from amongst the Non-Executive Directors of the Company and shall consist of no fewer than three (3) members, the majority of whom are independent directors.
  • The Chairman of the BGRC shall be an Independent Director who shall be appointed by the Board.
  • No alternate Directors of the Board shall be appointed as a member of the Committee.
  • The appointment of a BGRC member terminates when the member ceases to be a director, or as determined by the Board.

Authority

The Committee is authorised by the Board to have access to professional advice from appropriate external advisers if deemed necessary. The Committee may meet with these external advisers without Management being present.

Roles & Responsibilities:

The Board has ultimate responsibility for risk oversight, risk management, integrity and governance, and compliance oversight. As a sub-committee of the Board, the BGRC is responsible to the Board for:

  1. Risk Management
    • Oversight of the establishment and implementation of an Enterprise Risk Management (“ERM”) framework.
    • Articulating and providing direction on risk appetite, tolerance, organisational control environment and risk culture at KPS Berhad Group.
    • Oversee and advise the Board on the current risk exposures of KPS Berhad Group.
    • Reviewing and recommending risk management strategies and policies for the Board’s approval.
    • Leading KPS Berhad Group’s strategic direction in the management of material business risks.
    • Ensuring infrastructure, resources and systems are in place for Head Risk Management Department (“HRMD”), i.e. ensuring that the staff responsible for implementing risk management systems perform those duties independent of the business risk taking activities of the Company.
  2. To do the following, in relation to the HRMD:
    • Review the adequacy of the scope and plan, functions, and resources of the risk management function, and that it has the necessary authority to carry out its work and are free from constraints and other restrictions.
    • Review any appraisal or assessment of the performance of the HRMD.
    • Approve any appointment or termination of the Head of HRMD
  3. Legal & Compliance
    • Reviewing reports from the Head of Legal and Compliance Department (“HLCD”), highlighting any material regulatory issues or concerns and mitigation strategies for the attention of the Board.
    • Reviewing the adequacy of the scope and plan, functions, and resources of the compliance function, and that it has the necessary authority to carry out its work and are free from constraints and other restrictions.
    • Reviewing periodic evaluation or report on the effectiveness of KPS’s Berhad compliance function.
    • Reviewing assessment of material compliance risks, mitigation strategies to address them and ongoing monitoring.
    • Reviewing finding, material issues or non-compliances highlighted by the HLCD in relation to the regulated businesses of the KPS Berhad Group.
    • Monitoring the progress of material litigation cases, material legal disputes, and other material litigious matters as and when is necessary.
    • Performing any other roles and responsibilities as may be required by the Board from time to time and/or which are related to the objectives of the Committee.
  4. Integrity & Governance
    • Overseeing issues of corruption, fraud, malpractice, and unethical conduct within the Company and KPS Berhad Group; and
    • Assisting the Board in carrying out its responsibilities towards an organisation free from corruption, with integrity and good governance, in addition to overseeing the IGU in achieving its objectives.
    • Considering other governance and compliance matters as defined by the Board.
    • Reviewing the Corporate Governance Overview Statement and Corporate Governance Report to be included in the annual report and recommend for approval by the Board.
  5. Cybersecurity
    • Cyber Risk Strategy & Exposure: Oversee and advise the Board on the Group’s current cyber risk exposure and future cyber risk strategy.
    • Emerging Threats & Risk Identification: Assess the Group’s operational capability to detect, assess, and respond to emerging cyber threats.
    • Cybersecurity Due Diligence in Acquisitions: Oversee cybersecurity due diligence undertaken as part of any acquisition and advise the Board on associated risk exposure.
    • Breach Response & Crisis Management: Review at least annually the Group’s cybersecurity breach response and crisis management plan.
    • Incident Reporting & Remediation: Review reports on significant cybersecurity incidents, including root cause analysis and adequacy of remedial actions.
    • Escalated Risk Issues: Consider and recommend strategic or systemic actions on cyber risk issues escalated by the Head of Information Technology Department (“HITD”) and the compliance function.
    • Cybersecurity Controls & Vulnerability Management: Review the effectiveness of cybersecurity controls and systems in identifying and mitigating vulnerabilities.
    • Patch Management & Technology Lifecycle: Oversee patch management and technology lifecycle practices to ensure timely updates and decommissioning of outdated systems.
    • Regulatory Compliance & Standards Alignment: Monitor compliance with relevant cybersecurity regulations (e.g., PDPA, GDPR, NIST, ISO/IEC 27001) and alignment with industry best practices.
    • Third-Party Cyber Risk Oversight: Oversee third-party cybersecurity risk management, including vendor assessments and contractual safeguards.
    • Ensure the Group conducts cybersecurity awareness and training programs for all employees, including simulated phishing exercises and secure behaviour reinforcement.
  6. Other Responsibilities
    • The HRMD, HLCD and HITD will have a reporting line to the BGRC, alongside an internal reporting line to the Managing Director/Group Chief Executive Officer (“MDGCEO”) and Deputy Chief Executive Officer, Finance and Corporate Services (“DCEOFCS”) respectively and has direct access to the Chairman of BGRC.
    • The Chief Integrity and Governance Officer (“CIGO”) is ultimately responsible for reporting to the Board on the implementation of IGU functions and BGRC to report issues of corruption, fraud, malpractice, and unethical conduct within the Company and KPS Berhad Group. Besides that, the CIGO is administratively reporting to MD/GCEO. In addition, CIGO also report to Bahagian Pengurusan Integriti Agensi (“BPIA”) on IGU’s Four (4) Core Functions/activities every sixth (6) months as required by BPIA.

Meetings and Quorum

  • The Meetings shall be held not less than once every quarter in a financial year of the Company. A member at any time and the Secretary shall on the requisition of a member summon a meeting of the BGRC.
  • Any three (3) members present, the majority of whom must be Independent Directors, shall constitute a quorum.