Accountability & Audit

• Principle 9: Risk Management and Internal Controls

   
  The Board is responsible for the governance of risks and for ensuring that management maintains a sound system of risk management and internal controls with a view to safeguarding the Company’s assets and shareholders’ interests.
  
  Accountability
  F&N prepares its financial statements in accordance with the Singapore Financial Reporting Standards (International) (“SFRS (I)”) prescribed by the Accounting Standards Council. The Board is responsible for presenting a balanced and understandable assessment of the Group’s performance, position and prospects and the Board provides shareholders with financial statements and business updates in compliance with the requirements under the Listing Rules.
  
  The Board releases its financial results through announcements, press releases and presentation packs to the SGX-ST. In communicating and disseminating its results, the Board aims to present a balanced and clear assessment of the Company’s performance, position and prospects. The Company has ceased to announce quarterly financial statements and has instead adopted half-yearly reporting of its financial statements beginning from the date of release of the Company’s first half financial statements for the period ended 31 March 2020. During the year, the Company provided voluntary business updates for the first and third quarter performance of the Group and by way of these updates the Company kept the investing public informed of material developments concerning the Group during the relevant periods, including details on the impact of the COVID-19 pandemic on the Group’s business operations and performance.
  
  In order to enable the Board to obtain adequate and timely information, management provides the Board Exco with management accounts at every Board Exco meeting. Minutes of all such Board Exco meetings are circulated to the Board. This is in addition to such other information as the Board may require from time to time to make a balanced and informed assessment of the Company’s performance, position and prospects.
  
  Sustainability and Risk Management Committee and Audit Committee
  During the year, the Board, through the Audit Committee and the Sustainability and Risk Management Committee, reviewed the adequacy and effectiveness of the Company’s internal controls and risk management systems.
  
  Internal Controls
  The Audit Committee (“AC”), with the assistance of internal and external auditors, reviews and reports to the Board on the adequacy and effectiveness of the Company’s system of internal controls (including financial, operational, compliance and information technology controls) established by management. In assessing the adequacy and effectiveness of internal controls, the AC ensures primarily that key objectives are met, material assets are properly safeguarded, fraud or errors in the accounting records are prevented or detected, accounting records are accurate and complete, and reliable financial information is prepared in compliance with applicable internal policies, laws and regulations.
  
  The importance and emphasis placed by the Group on internal controls is underpinned by the fact that the key performance indicators for management’s performance takes into account the findings of both internal and external auditors and the number of unresolved or outstanding issues raised in the process.
  

  Risk Management Systems
  The Sustainability and Risk Management Committee (“SRMC”), reviews and reports to the Board on the adequacy and effectiveness of the Group’s risk management framework to ensure that robust risk management and internal controls systems are in place.
  
  The Company has adopted an enterprise-wide risk management (“ERM”) framework to enhance its risk management capabilities. An outline of the Group’s ERM framework and progress report is set out here.
  
  Key risks, mitigating measures and management actions are continually identified, reviewed and monitored as part of the ERM process. Financial and operational key risk indicators are in place to track key risk exposures. Key business risks are thoroughly assessed by management and each significant transaction is comprehensively analysed so that management understands the risks involved before it is embarked upon.
  
  The SRMC also assists the Board in carrying out its responsibility of overseeing the Company’s risk management framework and policies, in determining environmental, social and governance factors (“ESG Factors”) identified as material to the business, monitoring and managing of ESG Factors and overseeing standards, management processes and strategies to implement sustainability practices which are in compliance with the SGX-ST Listing Manual. The SRMC is responsible for, among other things, reviewing the Group’s ERM framework, processes and procedures for identifying, measuring, reporting and mitigating key risks in the Group’s businesses and operations. Together with the AC, the SRMC helps to ensure that management maintains a sound system of risk management and internal controls to safeguard the interests of shareholders and the assets of the Group. The SRMC also provides guidance to management, and renders assistance to the Board to oversee the ERM framework and for determining the nature and extent of significant risks which the Board would be willing to take in achieving the Group’s strategic objectives and value creation. The meetings of the SRMC are attended by senior management of the Company’s business divisions, and serve as a forum to review and discuss material risks and exposures of these businesses and their strategies to mitigate risks.
  
  Periodic updates are provided by senior management of the Company’s business divisions to the SRMC on the Group’s risk profile, and on the status of key enterprise risk management and business continuity initiatives. These updates include the assessment of the Group’s key risks by major business units, risk categories, and the status and changes in plans undertaken by management to manage key risks. Risk tolerance statements, which set out the nature and extent of significant risks which the Group is willing to take in achieving its strategic objectives, are monitored and reported to the SRMC.
  
  The SRMC comprises the following members:

  • Mr Koh Poh Tiong (Chairman)
  • Mr Thapana Sirivadhanabhakdi (Member)
  • Mr Sithichai Chaikriangkrai (Member)
  • Mr Michael Chye Hin Fah (Member)
  • Mr Prapakon Thongtheppairot (Member)

  To assist the Company in ascertaining the adequacy and effectiveness of the Group’s internal controls and risk management systems, management implements a control self-assessment exercise. Management also maps out key risks with the existing assurance processes in a comfort matrix every year. Using a comfort matrix of key risks, the material financial, operational, compliance and information technology risks of the Company have been documented and presented against strategies, policies, people, processes, systems, mechanisms and reporting processes that have been put in place.
  
  The Board has received assurances from:
  
  (a) Financial Records and Financial Statements
  the CEOs, the chief financial officers or financial controllers of each of the Group’s business divisions (“Heads of Finance”) and the Company’s Director, Group Finance (“the Director, Group Finance”) that, as at 30 September 2022, the financial records of the Group have been properly maintained and the financial statements for the year ended 30 September 2022 give a true and fair view of the Group’s operations and finances; 
  
  (b) System of Internal Controls
  the CEOs, the Heads of Finance and other key management personnel who are responsible in each of the Group’s business divisions, and the Director, Group Finance that, as at 30 September 2022, the system of internal controls in place for the Group is adequate and effective to address financial, operational, compliance and information technology risks which the Group considers relevant and material to its operations; and
  
  (c) Risk Management Systems
  the CEOs, the Heads of Finance and other key management personnel who are responsible in each of the Group’s business divisions, and the Director, Group Finance that, as at 30 September 2022, the risk management system in place for the Group is adequate and effective to address risks which the Group considers relevant and material to its operations.
  
  Based on the internal controls established and maintained by the Group, work performed by internal and external auditors, reviews performed by the AC and SRMC and assurance from the CEOs, the Heads of Finance and other key management personnel who are responsible in each of the Group’s business divisions, and the CFO, the Board is of the view that, as at 30 September 2022, the Group’s internal controls were adequate and effective to address financial, operational, compliance and information technology risks, which the Group considers relevant and material to its operations.
  
  Based on the enterprise-wide risk management framework adopted by the Company, reviews performed by the SRMC and assurance from the CEOs, the Heads of Finance and other key management personnel who are responsible in each of the Group’s business divisions, and the CFO, the Board is of the view that, as at 30 September 2022, the Group’s risk management system was adequate and effective to address risks which the Group considers relevant and material to its operations.
  
  The Board notes that the system of internal controls and risk management provides reasonable, but not absolute, assurance that the Group will not be adversely affected by any event that could be reasonably foreseen as it works to achieve its business objectives. In this regard, the Board also notes that no system of internal controls and risk management can provide absolute assurance against the occurrence of material errors, poor judgment in decision making, human error, losses, fraud or other irregularities.
  
  The AC concurs with the Board’s view that as at 30 September 2022, the Group’s internal controls (including financial, operational, compliance and information technology controls) and risk management systems were adequate and effective to address risks which the Group considers relevant and material to its operations.

• Principle 10: Audit Committee

   
  The AC, on behalf of the Board, undertakes the monitoring and review of the system of internal controls. Its main responsibilities are to assist the Board in the discharge of its oversight responsibilities in the areas of internal controls, financial reporting, operational, compliance and information technology controls. Significant findings are reported to the Board.
  
  The AC is guided by written Terms of Reference endorsed by the Board which clearly sets out its authority and duties. It is duly authorised to investigate any matter within such Terms of Reference, and has full access to and the co-operation of management, as well as the full discretion to invite any Director or executive officer to attend its meetings. Under the Terms of Reference of the AC, a former partner or director of the Company’s existing auditing firm or auditing corporation shall not act as a member of the AC (i) within a period of 2 years commencing on the date of his ceasing to be a partner of the auditing firm or director of the auditing corporation; and in any case (ii) for so long as he has any financial interest in the auditing firm or auditing corporation.

  The AC comprises the following three members: 

  • Mr Ng Tat Pun¹ (Chairman)
  • Mr Chan Heng Wing² (Member)
  • Mr Sithichai Chaikriangkrai (Member)

  Notes:
  1 As announced on 25 May 2022, Mr Ng Tat Pun was appointed as the Chairman of the AC with effect from 1 June 2022.
  2 As announced on 25 May 2022, Mr Chan Heng Wing was appointed as a Member of the AC with effect from 1 June 2022.
  
  The AC is made up of non-executive Directors, the majority of whom, including its Chairman, are independent Directors. The members of the AC, including its Chairman are appropriately qualified and have recent and/or relevant accounting and related financial management expertise or experience. Their collective wealth of experience and expertise in accounting and financial management enables them to discharge their responsibilities competently.
  
  The AC has reasonable resources to enable it to discharge its functions effectively. None of the members of the AC were previous partners or directors of the Company’s auditor, KPMG LLP (“KPMG”), and none of the members of the AC hold any financial interest in KPMG.
  
  During the year, the key activities of the AC included the following:

  • Reviewing the financial statements and related SGX-ST announcements, including the external auditors’ report for the full-year and significant financial reporting issues and assessments, to safeguard the integrity in financial reporting, and to ensure compliance with the requirements of the SFRS (I). In the review of the financial statements, the significant matters referred to in Table A were reviewed by the AC and discussed with management and external auditors.
  • Reviewing and approving the internal and external audit plans to ensure the adequacy of the audit scope. 
  • Recommending, for the approval of the Board, the financial results and related SGX-ST announcements.
  • Reviewing the independence, adequacy and effectiveness, scope and results of the Group’s internal audit function, including the adequacy of internal audit resources and its appropriate standing within the Group.
  • Assessing the impact of the COVID-19 pandemic and ensuring adequate cash flow to sustain the Group’s operations on an ongoing basis.
  • Reviewing the assurance from the CEOs and the Heads of Finance of each of the Group’s significant business divisions and the Company’s Director, Group Finance on the financial records and financial statements.
  • Reviewing with internal and external auditors, the scope and results of the audit reports and their recommendations, and monitoring the timely and proper implementation of any required corrective or improvement measures.
  • Reviewing and evaluating with internal and external auditors, and reporting to the Board at least annually on the adequacy and effectiveness of internal control systems, including financial, operational, compliance and information technology controls and together with SRMC, risk management systems.
  • Reviewing the whistle-blowing policy and any whistle-blowing investigations within the Group and ensuring appropriate follow-up actions, if required.

  The AC also meets with internal audit and KPMG in each case, without the presence of management at least once a year, to obtain feedback on the competency and adequacy of the finance function, to review the assistance given by the Company’s management to internal and external auditors and to ascertain if there are any material weaknesses or control deficiencies in the Group’s financial reporting and operational systems. In addition, updates (if any) on changes in accounting standards and treatment are prepared by KPMG and circulated to members of the AC.
  
  The AC reviews and approves the remuneration and terms of engagement of KPMG. The AC also makes recommendations to the Board regarding the appointment, re-appointment and removal of the Company’s external auditor. Upon the Board’s approval, the relevant recommendations are tabled for approval by shareholders.
  
  During the year, the AC conducted a review of the adequacy, effectiveness, scope and results of audit by KPMG, and their cost effectiveness, as well as the independence and objectivity of KPMG. It also reviewed all non-audit services provided by KPMG, and the aggregate amount of audit fees paid/payable to them. For details of fees paid/payable to KPMG in respect of audit and non-audit services, please refer to Note 4 of the Notes to the Financial Statements on page 129 of F&N's Annual Report 2022. The AC is satisfied that neither their independence nor their objectivity was put at risk, and that they were able to meet the audit requirements and statutory obligations of the Company. The AC is also satisfied with the aggregate amount of audit fees paid to KPMG. Accordingly, the AC has recommended the re-appointment of KPMG at the AGM of the Company. In recommending the re-appointment of the auditors, the AC considered and evaluated a variety of factors including the audit engagement partner to be assigned to the audit, the number and experience of supervisory and professional staff to be assigned to the audit and the size and complexity of the Group, its business and operations.
  
  The Company has complied with Rule 712 of the Listing Rules which requires, amongst others, that a suitable auditing firm be appointed by the Company, having regard to the factors set out therein. The Company has also complied with Rule 715 of the Listing Rules which requires that the same auditing firm of the Company audits its Singapore-incorporated subsidiaries and significant associated companies, and that a suitable auditing firm be engaged for its significant foreign-incorporated subsidiaries and associated companies.
  
  Whistle-Blowing Policy
  
  The Group has in place a Whistle-Blowing Policy (“Policy”). This Policy provides an independent feedback channel through which matters of concern about any possible improprieties, misconduct or wrongdoing relating to F&N in matters of financial reporting or other matters may be raised by staff and any other person in confidence and in good faith, without fear of reprisal. F&N will treat all information received confidentially and protect the identity of all whistle-blowers. It is also committed to ensuring that whistle-blowers will be treated fairly, and protected against detrimental or unfair treatment for whistle-blowing in good faith. Details of this Policy and the procedures for raising concerns have been disseminated and made available to all employees. This Policy is also available on the Company’s website. The improprieties that are reportable under the Whistle-Blowing Policy include:
  
  (a) financial or professional misconduct;
  (b) improper conduct, dishonest or unethical behaviour;
  (c) any irregularity or non-compliance with laws/regulations or the Company’s procedures, policies and codes of conduct including but not limited to those relating to financial reporting, accounting, audit and/or internal controls;
  (d) violence at the workplace, or any conduct that may threaten health and safety;
  (e) conflicts of interest;
  (f) corruption or bribery;
  (g) mismanagement of the Company’s resources;
  (h) conduct that may cause loss (whether financial or otherwise) to the Company;
  (i) sexual harassment; and
  (j) any other improprieties or matters that may adversely affect shareholders’ interests in, and assets of, the Company and its reputation.
  
  All whistle-blowing complaints are independently investigated and appropriate actions taken. The AC, which is responsible for oversight and monitoring of whistle-blowing, reviews and ensures that independent investigations and any appropriate follow-up actions are carried out.
  
  Internal Audit
  The Internal Audit (“IA”) Department is an independent function within the Company. It conducts objective and independent assessments on the adequacy and quality of the Group’s system of internal controls. The Head of IA, who is a Chartered Accountant of Singapore, reports directly to the AC.
  
  The Head of IA is an appointed member of the Board of Governors of the Institute of Internal Auditors, Singapore. The IA Department has adopted and complied with the International Standards for the Professional Practice of Internal Auditing (“IIA Standards”) laid down in the International Professional Practices Framework issued by The Institute of Internal Auditors. To ensure that the internal audits are effectively performed, it recruits and employs suitably qualified staff with the requisite skills and experience. Such staff are also given relevant training and development opportunities to update their technical knowledge and auditing skills. Key staff members of the IA Department also attend relevant technical training and seminars organised by the Institute of Internal Auditors, Singapore and other professional bodies. All senior internal audit staff are required to enroll as members of the Institute of Internal Auditors, Singapore or the Information Systems Audit and Control Association, upon confirmation of their employment.
  
  The IA Department operates within the framework stated in its Terms of Reference, which is approved by the AC. Under its Terms of Reference, the AC has the authority to approve the hiring, removal, evaluation and compensation of the Head of IA. The IA Department has unfettered access to all the Company’s documents, records, properties and personnel including access to the AC. The IA Department adopts a risk-based audit methodology to develop its audit plans, and its activities are aligned to key risks of the Group. Based on risk assessments performed, greater focus and appropriate review intervals are set for higher risk activities, and material internal controls, including compliance with the Company’s policies, procedures and regulatory responsibilities.
  
  During the year, the IA Department conducted its audit reviews based on the internal audit plan approved by the AC. At each quarterly meeting with the AC, the Head of IA presents on the status of the internal audit plan and proposes adjustments to the plan with a view to enhancing agility and relevance of audits performed. All audit reports detailing audit findings and recommendations are provided to management who would respond on the actions to be taken. The audit reports are also circulated to the AC and the external auditors. Each quarter, the IA Department also presents to the AC, a summary of the key audit findings and actions taken by management on such findings, including tracking of implementation of audit recommendations for past audit reports to ensure proper closure of agreed action plans by management. The AC monitors the timely and proper implementation of required corrective, preventive or improvement measures undertaken by management.
  
  The IA Department has a Quality Assurance and Improvement Programme (“QAIP”) in place to ensure that its audit activities conform to the IIA Standards. An external Quality Assurance Review (“QAR”) is carried out at least once every five years by qualified professionals from an external consulting firm to be approved by the AC and, under the QAIP, an internal self-assessment QAR is conducted once every two years. Based on the external QAR that was last carried out by Ernst & Young Advisory Pte Ltd during the financial year ended 30 September 2018, the internal audit function had been rated to have conformed with the IIA Standards. The next external QAR will be conducted during the financial year ending 30 September 2023.
  
  The AC is satisfied that the internal audit function is independent and effective and that the IA Department has adequate resources and appropriate standing within the Company to perform its function effectively.