Corporate Governance


Responsibility of the Board

The Board is ultimately responsible for FIMM’s systems of internal control, which includes the establishment of an appropriate control environment and framework, as well as reviewing its adequacy and integrity.

The Board has established an ongoing process for identifying, evaluating and managing significant risks faced by FIMM. Whilst the Board maintains ultimate responsibility over risk and control issues, it has delegated to the executive management the implementation of a system of risk management and internal control within an established framework.

In view of inherent limitations in any system of internal control, the Company’s internal control system is designed to manage, rather than eliminate, the risk of failure in achieving corporate objectives. Accordingly, it can only provide reasonable but not absolute assurance against material misstatement or loss.

Risk management framework

The Management has been entrusted by the Board to manage risk and also, to develop, operate and monitor a system of internal control and providing assurance to the Board that it has done so in accordance with policies adopted by the Board.


FIMM adopts a centralised approach to risk management, whereby all employees take ownership and accountability for risks at their respective levels through facilitation with the Internal Audit Department.

A working group, the Risk Working Committee (“RWC”), provides risk management support to Management as a whole. The role of RWC includes periodic reporting of the status of risk mitigation actions, new risks identification and risks that have changed characteristics together with corresponding controls. The RWC comprising key persons from all departments and divisions submits its reports to the Audit Committee on a regular basis. The Audit Committee reports to the Board on any significant changes in the business and external environment which affect key risks

Risk Assessment

The following key elements of a risk management framework have been put in place as part and parcel of embedding a sound system of internal control within the Company:


  • Establishment and yearly review of formalised Risk Management Policy and Procedure on risks;
  • Audit Committee shall assist the Board of Directors (BOD) in discharging its statutory duties and responsibilities relating to Risk Management Policy;
  • Establishment and review of risk management structure, which outlines the reporting framework and responsibility of the Board, Audit Committee, Risk Working Committee, Internal Audit Department, management and risk owners;
  • Reviewing and, where appropriate, revising the risk parameters (qualitative and quantitative) for FIMM and at the individual department to strengthen effectiveness of the risk management process;
  • On-going formal and informal risk management education and training at management and staff levels;
  • Continuous review and refinement of existing risk management framework model to enhance risk awareness within FIMM and facilitate re-affirmation of risk prioritisation and aggregation exercises with various departments;
  • Implementation by Management of a company-wide risk assessment process, which includes the identification of key risks facing each department, the potential impact and likelihood of those risks occurring, the control effectiveness and the action plans to manage those risks to the desired level; and
  • Development of FIMM Risk Profile.
Go to Top

Internal audit function

FIMM’s Internal Audit function provides the Board with the assurance it requires regarding the adequacy and integrity of internal controls. Internal audit independently reviews the internal control processes in the key activities of the Company’s businesses by adopting a risked-based approach and reports directly to the Audit Committee on a quarterly basis or as appropriate. Internal audit also test the effectiveness of the internal controls on the basis of an internal audit strategy and detailed annual internal audit plan presented to the Audit Committee for approval. Reports on internal audit findings, together with recommendations for Management actions, are reviewed by the Audit Committee and reported to the Board by the Audit Committee on a quarterly basis or as appropriate.

Go to Top

Other risk and control processes

Apart from risk management and internal audit, other key elements of the Company’s internal controls system are as described below:

  • Management and the Board are provided with regular and comprehensive financial information, which includes a review of the Company’s financial performance and position;
  • Detailed and systematic budgetary process in which the respective heads of department and division prepare budgets for the forthcoming financial year and subsequent financial quarters; continuous monitoring of results against planned activities and variances are followed up and actions taken, where necessary; and
  • The Chief Executive Officer reports to the Board on significant changes in the business and the external environment.
Go to Top



The Audit Committee will, on behalf of the Board of Directors (Board), discharge its oversight responsibilities to encourage and safeguard the highest standards of integrity, reliable financial reporting, compliance with regulatory matters and effective internal controls of FIMM.

Description of main functions

The Committee reports directly to the Board and as such, the Committee has no executive responsibilities, but it is responsible for performing its duties in accordance with the Audit Committee Charter and in this regard, makes recommendations to the Board on the adequacy of external audit, internal audit, risk management and compliance procedures.

Information on Audit Committee Charter

The audit committee is established with the aim of enhancing confidence in the integrity of an organisation’s processes and procedures relating to internal control and corporate reporting including financial reporting. Audit Committee provides an ‘independent’ reassurance to the board through its oversight and monitoring role. Among many responsibilities the boards entrust the Audit Committee with are the transparency and accuracy of financial reporting and disclosures, effectiveness of external and internal audit functions, robustness of the systems of internal audit and internal controls, effectiveness of anti-fraud, ethics and compliance systems, review of the functioning of the whistleblower mechanism. Audit Committee may also play a significant role in the oversight of the company’s risk management policies and programs.

Go to Top