CapitaLand Malaysia Mall Trust | Annual Report 2020

relevant professional IT certifications. The IT auditors are also members of the Information System Audit and Control Association (ISACA) Singapore Chapter, a professional body administering information system audit & security certifications that is headquartered in the USA. The ISACA Information System Auditing Standards provide guidance on the standards and procedures to be applied in IT audits. CL IA identifies and provides training and development opportunities for its staff to ensure their technical knowledge and skill sets remain current and relevant. The AC reviews the internal audit reports and activities on an on-going basis. The AC also reviews and approves the annual internal audit plan with respect to CMMT. The AC is of the view that the internal audit function performed by CL IA is adequately resourced, effective and independent. Information about CL IA is on pages 103 to 104 of CMMT’s Annual Report 2020. The scope of the internal audit function for FY 2020 included the following: (a) Carried out scheduled audit assignments in accordance with the 2020 annual internal audit plan approved by the AC; (b) Reported to the AC on key findings and management’s agreed actions; (c) Updated the AC on the implementation status of management’s agreed actions on a quarterly basis; (d) Reviewed RPT including RRPT and presented the findings of the review to the AC on a quarterly basis; (e) Reporting whistle-blowing cases and investigated various matters when required and as directed by the AC; (f) Updated AC on the key observations on the effectiveness of IA function of listed issuers by Bursa Securities; and (g) Prepared the 2021 annual internal audit plan for submission to the AC for approval. The AC has put in place a whistle-blowing policy to provide employees of the Manager with procedures and accessible channels to report suspected fraud, corruption, dishonest practices or other similar matters relating to CMMT and the Manager and also for independent investigation of any reports by employees with the appropriate follow up action. This whistle- blowing policy has been established and is being reviewed periodically to promote fraud awareness and to encourage the reporting of such matters in good faith, with the confidence that employees making such reports will be treated fairly and, to the extent possible, be protected from reprisals. The adopted whistle-blowing policy is further explained on page 92 of CMMT’s Annual Report 2020. The AC reviews, monitors and evaluates the effectiveness and adequacy of CMMT’s internal controls and financial and risk management issues raised by the external and internal auditors, regulatory authorities and Management. The AC also reviews written reports issued by the internal and external auditors and ensures that appropriate and prompt remedial actions are taken by Management where deficiencies in internal controls have been identified. In FY 2020, the issues raised were attended to and responded by Management to the internal and external auditors with agreed actions to be undertaken by Management. The AC also convenes meetings with both external and internal auditors without the presence of Management. In addition, the AC has undertaken an assessment of the scope, functions and competency of the internal audit function. The AC also reviews and evaluates the procedures established to ensure compliance with applicable legislation, the REITs Guidelines and the Listing Requirements. The Board reviews and approves, inter alia, the following reports from Management, upon recommendation of the AC and Exco, on a periodic basis: (a) CMMT Group’s quarterly financial results and major variance explanation against the approved budget for the relevant period; (b) Status update of major asset enhancement works carried out on the properties as planned; (c) Status update of treasury matters including debt profile, maturity and interest rate management; and (d) Status update of other operational matters. Based on these reviews, the Board opined, with the concurrence of the AC, that there are adequate internal controls in place within CMMT Group addressing financial, operational, compliance and IT risks. 117 BECAUSE TOMORROW MATTERS