Professional Documents
Culture Documents
No. Group Members Name Student ID No. 1 2 3 4 5 6: SUBMISSION DATE: 16th December 2022
No. Group Members Name Student ID No. 1 2 3 4 5 6: SUBMISSION DATE: 16th December 2022
No. Group Members Name Student ID No. 1 2 3 4 5 6: SUBMISSION DATE: 16th December 2022
Plagiarism Statement
We confirm that the submitted works are all our own work and are in our own
words.
Part C
We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:
Name Signature
Chew Mi Tze Celestine Chew
We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:
Name Signature
Ang Kei Hoong Ang
Part e
We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:
Name Signature
Ang Kei Hoong Ang
I have done the 4.0 Risk Management Framework and include all the relevant reference and
We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees,
please give your reason or reasons below:
Name Signature
Ang Kei Hoong Ang
Chew
Chew Mi Tze Celestine
Soh Yee Leng Leng
Part a, b and f.
We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:
Name Signature
Ang Kei Hoong Ang
Part C
We [√] agree / [ ] disagree to this member’s declaration above. If any member disagrees, please
give your reason or reasons below:
Name Signature
Ang Kei Hoong Ang
Guidance Note
Students are encouraged to refer to some business and/or academic case studies online to learn
the academic writing techniques and skills as well as the case study’s structure, in which this
effort will definitely be helpful in developing this case study.
APPENDIX E: ASSESSMENT CRITERIA & MARK LIST
Assessment Criteria for Group Assignment
Assessment Excellent Good Average Poor Very Poor Marks
Criteria
(a) [25-30] [19-24] [13-18] [7-12] [0-6]
- Critically
analyse and Well focused, Logical, Logical, clear Attempt Little
evaluate convincing justified presentation made to meet evidence of
the argument which argument and with objectives. analysis or
question. demonstrates effective, competent May lack develop an
- Relevance precision of mature style; style; Wide balance or argument;
of the thought; Wide and in research; ability to Little
principles Extensive and depth of Developing develop an beyond
24
and concepts in depth of research; maturity in argument; supplied
that are research; Considerable handling Limited course
highlighted. Maturity in ability and concepts/prin research; materials;
- Depth of handling maturity in c iples; Limited Little or no
research and concepts/ handling Average ability to ability to
knowledge of principles; concepts/princi reliability handle handle
principles Great reliability p les; Good source of concepts/princ concepts/pr
and concepts source of data. reliability data. iples; Poor i nciples;
that are source of data. reliability Very poor
highlighted. source of data. reliability
- Reliable source of
source of data.
data.
(b) [9-10] [7-8] [5-6] [3-4] [0-2]
- Originality/
Creativity of Demonstrates Demonstrate Demonstrate Limited No
Presentation excellent s insight and s synthesis of evidence of originality
(in compliance insight and individual knowledge; thought or ; Very
with creativity; thought; Reasonably originality; little
plagiarism Well-structured Coherent, easy to Some attempt of
requirements) and easily soundly understand. attempt to how to
.
- Clear,
understood. structured. Adequately
structured.
structure. structure.
7
concise and
interesting
presentation
(includes of
grammar and
language
clarity).
(c) [9-10] [7-8] [5-6] [3-4] [0-2]
- Format/ Style
(includes High degree Skilled use of Adequate use Limited use of Very little
references) of skill in use references etc.; of references references; or no
7
of references Good quality etc.; Average Poor quality reference to
etc.; Excellent of formatting. quality of of formatting. the
quality of formatting. literature;
formatting. Very poor
quality of
formatting.
TOTAL 38 / 50
APPENDIX F: OVERALL ASSESSMENT FEEDBACK
FACULTY OF ACCOUNTANCY, FINANCE AND BUSINESS
COURSEWORK FEEDBACK FORM FOR WRITTEN REPORT
The selected industry topic in this report is “consumer products & services industry”
and “financial services industry”. Five food manufacturing companies that have been selected
for the “consumer products & services industry” are Nestle (Malaysia) Berhad, Capital A
Berhad, Sime Darby Berhad, Dutch Lady Milk Industries Berhad and Hup Seng Industries
Berhad. The five banking companies that have been selected for the “financial services
industry” are RHB Bank Berhad, CIMB Group Berhad, Allianz Malaysia Berhad, Hong Leong
Bank Berhad and AMMB Holdings Berhad (AmBank). Furthermore, several topics will be
discussed in this report, including a brief introduction to the nature of both industries, risk
management framework, risk governance and compliance arrangements, and a summary of
risk and compliance management best practices.
1
2.0 Introduction of the Nature of Industry
The consumer products and services industry is defined as a sector that produces and
provides goods and services that are bought mainly for personal, family and household use.
Examples of products are food, groceries, hygiene products and more (Grabner-Kräuter &
Kolb, 2018). The most significant characteristic of the consumer products and services industry
is the wide range of consumer needs and preferences involved. In the sense that there is no one
marketing plan that can successfully satisfy all customer wants, the purchasers might be
thought as fragmented (Gribbins et al., 2001). Moreover, the consumer products and service
industry usually focuses on marketing by promoting their brand name and product features.
This industry is highly competitive as it usually sells common goods as its competitors.
Examples of this industry are food & beverage, beauty and cosmetics, fashion, hospitality and
more (Carnegie Mellon University, 2014).
In-text citations can be more updated.
Financial Services Industry
s
The financial service industry refers to a sector that provides financial and monetary
services to common family households and organisations. Its components include banking
services, deposits & loans, insurance, investment management and many more (Turkekole,
2015). The financial industry plays an important role in the world and is responsible for
economic growth and development by encouraging cash flow throughout every nation.
(Turkekole, 2015). The financial industry is a financial intermediary in society by valuing and
pricing financial assets, keeping an eye on borrowers, managing financial risks, setting up the
payment system, and covering the costs associated with events that people prefer to avoid.
(Segui-Mas et al., 2018). In short, the financial services sector serves as a link between lenders
and borrowers (Watson et al., 2003). Examples of financial services industry businesses include
banks, Insurance companies, real estate investment trust (REITs) and more.
2
3.0 Analysis of Industries’ Risk and Compliance Management Issues
Consumer Product and Service Industry Issues
The first and second issues discuss the Capital A Berhad (Capital A) and Nestle
(Malaysia) Bhd which include regulatory risk and product quality and safety risk
respectively under the consumer product and services industry.
Hence, Capital A has put the effort into maintaining strong involvement with the
regulators of each authority to stay current on all regulatory standards by establishing the GRC
system. Capital A also monitors the regulatory environments of all markets they operate for
revised regulations affecting the Group. Capital A could comply with all relevant regulations
since it had a regulatory team (Capital A 2021). According to reported news, Capital A Berhad
has settled upwards of 90% of refund queries and is determined to resolve the remaining
claims. As evidence, their current refund progress is only 0.03% of the refund requests
received. They plan to complete the refund exercise for all exceptional queries in Malaysia
within the next few months (Daniele 2022).
1
Malaysian Aviation Commission
3
The second issue happened in Nestle (Malaysia) Berhad. The world's largest food
corporation has admitted that more than 60% of its mainstream food and beverage products do
not meet a "recognised definition of health" and that "some of our categories and goods will
never qualify as 'healthy' no matter how much we renovate" (Agencies 2021). This is linked to
product quality and safety risk. This is defined as a major event caused by a serious food
safety, product quality, or another product-related non-compliance issue that negatively
impacted Nestlé's reputation and/or brands. This may result in consumer distrust, penalties,
and/or fines (Nestle 2021).
Hence, Nestlé Quality Policy established to address the risk to ensure quality and food
safety is guided (Policy Mandatory Nestlé Quality Policy 2017) by defining plan to develop
trust by providing products and services that meet consumer expectations and preferences,
comply with all internal and external food safety, regulatory, and quality requirements, achieve
a zero-defect, no-waste attitude by everyone and make quality a group-wide objective. Besides,
Nestlé also established the Quality Management System (QMS) which is the platform to
ensure food safety and quality standards compliance. Independent certification bodies audit
and verify Nestle internal QMS to ensure compliance with internal standards, ISO norms, laws,
and regulatory requirements. Nestle also used Good Manufacturing Practices (GMP) to
ensure quality and food safety. GMP encompasses all aspects of manufacturing, including
standard operating procedures, human resource management and training, equipment
maintenance, and material handling (Nestle 2019).
The problem arose when Allianz Malaysia Berhad (Ambank) was singled out for
liquidity risk in the financial services industry. Liquidity risk is defined in Allianz Annual
Return (2021) as the risk of incurring losses resulting from threat that short-term current or
will not
future payment obligations won't be able to be met or will only be met under different
circumstances, as well as the possibility that, in the event of company liquidity crisis,
refinancing will only be possible at higher interest rates or that assets may need to be liquidated
at a loss. Ambank's quarterly revenue decreased 11.06% from RM2.21 billion to Spacing issue
4
RM1.97 billion. In the most recent quarter, the banking group did not announce a
dividend. For the entirety of the final year 2021, the settlement, impairment costs, and increased
loan provisions led to RM3.83bil net loss. Due to addition of insurance provisions, Core
PATMI (excluding special items and associated legal and professional expenses) was RM
961.6mil, a decrease of 28.3% from previous year (Lim 2021).
5
4.0 Industries’ Risk Management Framework Review
Similarities
Both industries have similarities in adopting the Enterprise Risk Management (ERM)
process. ERM is designed and adapted as reasonably practicable from ISO 31000:2018 Risk
Management Guidelines; the framework aims at establishing a robust risk management process
across companies and ensuring that all business risks are prudently identified, analysed and
effectively managed. Therefore, the financial services and consumer and product industries
adopted this framework. For example, CIMB Bank and Allianz Bank use different terms to
describe ERM, such as enterprise-wide risk management (ERWM). Usually, ERM is linked
with Three-Line Defence; thus, both industries employed the Three Lines of Defence model in
implementing the ERM framework. In-text citation?
Differences
The difference between these two industries is the financial services industry has
practised the guidelines set out in the “Statement on Risk Management and Internal
Control: Guidelines for Directors of Listed Issuers” endorsed by Bursa Malaysia. Example,
RHB Bank (RHB Annual Report 2021). These guidelines are intended to assist directors of
listed issuers in making risk management and internal control disclosures in the company's
annual report following Listing Requirements paragraph 15.26(b) (Bursa Malaysia 2022).
As for Allianz Bank, they have in place a Risk Management Framework Manual
(“RMFM”) for all companies within the Group (Allianz Annual Report 2021). RMFM outlines
the risk management approach, structure, roles, responsibilities, accountabilities, reporting
requirements, and the Group’s risk identification, evaluation, and monitoring process, with the
intent to formalise the Group’s risk management functions, practises and raise employee
awareness of risk identification, measurement, control, ongoing monitoring, and reporting.
Besides, RMFM complies with relevant requirements of guidelines and policies issued by Bank
Negara Malaysia.
6
4.2 Type and Nature of Risk Faced
Similarities
Both industries have similarities in market risk, cybersecurity risk, and compliance risk.
Both industries have a high probability and impact on Market risk. Capital A, for example, is
losing market share because some of its markets have yet to open borders to international travel
(Capital A Annual Report 2021). Besides, despite being vulnerable to global macroeconomic
and geopolitical factors, Sime Darby must compete in industrial equipment and automotive
markets against intense price competition and innovative product offerings. Moreover, RHB
and CIMB Bank face market risk, as the risk of losses resulting from adverse movements in
market indicators such as interest/profit rates, credit spreads, equity prices, currency rates, and
commodity prices (RHB Bank Annual report 2021).
How about CIMB's citation?
Moreover, Compliance risk is high exposure risk for both industries as non-
compliance or breach of local laws, regulations, industry guidelines, or consumer authority
requirements of multiple jurisdictions could lead to revoking their license and operations.
Dutch Lady, Capital A and AmBank are severely cautious of compliance risk. Financial service
industries are faced with a highly dynamic regulatory landscape. Their role as financial services
providers is contingent on a solid corporate governance framework and Spacing issue
7
compliance culture and must prevent losses arising from regulatory sanctions, financial loss or
reputational damage. In-text citation?
Differences
The difference between the two industries include the consumer product and service
industry have strategic, health and safety risks. Strategic risk is the possibility that a company
will make poor business decisions. Example, Dutch Lady, Hup Seng and Sime Darby are
prepared to take calculated risks to realise their performance objectives and long-term goals.
s
Nestle, Hup Seng, and Dutch Lady are also cautious of health and safety risks and food Safety
a
Assurance is an important principle for them as this risk may cause severe impact on the
company’s operation and reputation. In-text citation?
s
The financial service industry has credit, liquidity, bribery, and corruption risks.
s industry has
Financial service industries have a high probability and exposure to Credit risk and Liquidity
risk due to these two types of risks creating potential losses and depleting financial capital,
adversely affecting business continuity and compromising the bank’s ability to allocate
adequate investments to manage material matters. Bribery and corruption risk is highly
exposed because banks are used to strong regulation, but they are lagging with regard to their
anti-corruption preparedness. Therefore, the impact of bribery and corruption on poverty,
inequality and social injustice directly affects reputation and profitability. That is why all banks
must follow Anti Money Laundering and Terrorism Financing Act and activities to mitigate
this risk. In-text citation?
Similarities
Both industries have shared similarities in using Scenario Analysis to assess risk
evaluation. Examples include Top Glove and CIMB Bank. Top Glove conducted its first
c
climate change scenario analysis in FY2022 across value chain (Appendix 1) because Climate
change presents a range of risks and opportunities that could impact and benefit Top Glove.
Besides, CIMB risk management teams are involved at the early stage of strategy discussion
and risk-taking process by providing independent inputs, including relevant Spacing issue
8
valuations and scenario analysis, to make more accurate probability and impact values for
extreme events. In-text citation?
Differences
The difference between these two industries is consumer products and service industries
???
use Risk registers to assess their risk. Example, Hup Seng and Dutch Lady use risk registers
(Appendix 2) to store and monitor results of risk assessment activities. Risk registers/profiles
are updated regularly by Dutch Lady management team and business leaders (Appendix 2).
The above should be risk monitoring not assessment.
y
For financial services industries, Stress testing is used. Example, RHB Bank risks are
measured, assessed and aggregated using comprehensive qualitative and quantitative risk
measurement methodologies: stress testing. The process is essential to assess capital adequacy
and solvency (RHB Annual Report 2021). Stress testing assesses the effect extreme movements
in financial and economic variables may have on RHB Bank's income statement, balance sheet,
capital adequacy and the company's solvency. Besides, AmBank also used stress testing to
evaluate risk assessment (Appendix 3).
y
Furthermore, financial services industries used Risk and Control Self-Assessment.
Allianz Bank and Hong Leong Bank use risk and control self-assessment (Appendix 4)
(Appendix 5) to provide a systematic means for identifying control weaknesses and gaps that
may threaten the achievement of objectives or operational efficiency of systems and processes.
A key output is the production of action plans that help to allocate scarce resources to address
control gaps or weaknesses where the benefits of doing so (in terms of reduced residual risk
exposure) exceed the associated costs of increased control. In-text citation?
Similarities
Both industries have similarities in using risk appetite statements, structured by how
many principal risk categories have been identified. Each has been assigned a qualitative risk
appetite statement supplemented by various principal risk metrics. For example, Sime Darby
9
B
(Appendix 6), Allianz bank (Appendix 7) and AmBank (Appendix 8). Companies mentioned
above focus on achieving sustainable and profitable growth within the risk management
framework by ensuring sound risk practices and business outcomes are achieved and aligned
through limits and controls, policies and procedures to safeguard the Group’s sustainable risk-
taking and sufficient returns. In-text citation?
Differences
The first difference between these two industries is consumer and service industries
has
have structured risk appetite statements with zero-tolerance risk policies. The structure of
Dutch Lady and Hup Seng explains in the risk appetite statement that risk has zero appetites
(tolerance). For example, Dutch Lady complies with a zero-tolerance policy to compliance risk
(Appendix 9). At the same time, some risks take a certain degree that does not fall over their
appetite, which is a strategic risk. In-text citation?
s
For the financial service industry, RHB Bank used probability and impact
boundaries to show preferred risk tolerance limits and make strategic decisions to avoid taking
activities that fall into amber and red zones (Appendix 10). Risk should be controlled when in
the amber range to prevent the level of exposure from moving to red. Moreover, RHB Bank
and CIMB Bank stated their organisation’s value in their risk appetite statement and created a
risk culture for stakeholders. For example, RHB Bank believes that “Risk and Compliance is
Everyone’s Responsibility,” and thus, risk management is a core responsibility of the
respective businesses and operating units. In-text citation?
Similarities
Both industries have shared similarities in using the best ways to control market risk
f
which identity, measure, monitor and manage market risk within the approved risk
a
appetite as well as the confines of the Market Risk Policy Framework, Automation of market
10
risk monitoring and assessment tools to enhance coverage and increase efficiencies. Examples
such as Allianz Bank, AmBank, Capital A and Nestle. In-text citation?
Differences
The distinction between these two industries is the use of different risk control strategies
for cyber risk. Capital A implemented a strong information security system based on ISO/IEC
27001 process and methodology to secure all systems. To ensure cyber resilience, these
systems undergo regular security assessments, penetration tests, and source code reviews
(Capital A Annual Report 2021). For RHB Bank, the rapid adoption of digitalisation introduced
new inherent risks that did not exist in a traditional on-premises computing system. The
current security infrastructure needed to be updated. Example, consider gradually
deploying digitally friendly cloud-based security infrastructure and hiring support personnel
with cloud security skill sets. Continuous assessment of third-party cybersecurity postures
and a subscription to threat intelligence services to understand the current cyber landscape
better. In-text citation?
11
5.0 Risk Governance and Compliance Arrangements
Similarities
The mandatory statutory act for both industries is the CA2016. CA2016 includes the duties and
liabilities of directors in the company, legal duty to act in the best interest of the company (Shih
2018).
MMLR objective includes promoting clear, relevant and practical requirements on the
corporate disclosure policies and safeguarding shareholder interest by addressing gaps and
Board of listed companies are to adhere to MMLR (Malaysian Bar 2019).
on
3. Malaysian Code of Corporate Governance 2021 (MCCG 2021)
Listed companies in Malaysia must ensure that the board of directors provide an
overview statement on applying principles as set out in MCCG in the annual report (SC 2022).
MCCG 2021 promotes ethical behavior, accountability, transparency and sustainability.
When preparing the financial statements, companies from both industries are to comply
with approved accounting standards including MFRS and IFRS (Deloitte 2022). Companies
are to prepare financial statements according to IFRS when listed in Bursa Malaysia (Deloitte
2022), with the aim to enhance financial reporting credibility and transparency in Malaysia
(PWC 2022).
12
5. Personal Data Protection Act 2010 (PDPA 2010)
Companies are to respect privacy, safeguard data and promote privacy and data
protection best practices (Henriquez 2022), which is related to data privacy risk. In Malaysia,
PDPA 2010 is enforced to regulate personal data being collected and processed for commercial
and other purposes to safeguard consumers' rights to personal data (Shahwahid & Miskam
2015).
Both industries are recommended to adopt ISO 9001:2015. ISO 9001:2015 emphasises
the quality management system on the need to demonstrate ability to meet customer, statutory
and regulatory requirements on providing products and services and enhance customer
satisfaction by improving the system and providing assurance of conformity to customers,
statutory and regulatory requirements through effective system application (ISO 2022).
Differences
1. Financial Services Act 2013 (FSA 2013) and Islamic Financial Services Act 2013
(IFSA 2013)
FSA 2013 and IFSA 2013 are regulated by Bank Negara Malaysia and are applicable
to financial service companies (BNM 2022). FSA 2013 is the legislation to promote financial
stability and ensure fair, professional and responsible business products (Ahmed & Ibrahim
2018). Furthermore, as financial services companies are conducting business in Malaysia
which comprises Muslim consumers, companies conducting Islamic financial transactions are
to comply with IFSA 2013 to promote financial stability and to achieve compliance with
Shariah (IFSA 2013).
13
2. Bank Negara Malaysia (BNM) Guidelines
BNM has various guidelines for the companies operating in financial services (BNM
2022). This includes Payment Cards Framework to ensure that the interchange fee for payment
service providers and merchants are fair and transparent (BNM 2022).
Companies producing food in the consumer products and services industry are to adopt
the FSSC 22000 and ISO22000. Both are international standards relating to ensuring food
safety (Kiwa 2022). The standards integrate the Hazard Analysis and Critical Control Point
system to ensure food safety from harvest to consumption (Alberta 2022).
Similarities
The roles and responsibilities of the industry's governance and compliance gatekeepers,
including the board of directors, audit committee, internal audit, and staff members, are similar
in both sectors. The board of directors provides the highest level of corporate governance. The
board's responsibilities include providing leadership, approving the organisation's long-term
strategic direction to maximise shareholder value, directing and supervising the management
team as they implement the organisation's strategic plans and Spacing issue
14
desired culture in accordance with its core values, and reviewing, approving, and monitoring
the group's risk management systems across all of its businesses. In-text citation?
Besides, the internal audit function is similar in both industries. Internal audit
frequently collaborates with the compliance function to complete compliance reviews, which
thoroughly examine the safeguards in place to guarantee compliance with laws and regulations.
Internal audit should be expected to express any concerns about the company's overall
compliance management or its exposure to specific compliance risks. For example, Dutch Lady
as a consumer product services industry has an in-house internal audit and internal control
department to conduct investigations into any complaints that have been received and to offer
independent assurance of the sufficiency and effectiveness of the risk management, internal
control, and governance processes (Appendix 15), while financial services industries such as
The Group Corporate Assurance Division (GCAD) at CIMB conduct independent evaluations
of the sufficiency, effectiveness, and efficiency of risk management. The GCAD adopts a risk-
centric audit plan that is authorised by the Audit Committee and it identifies new risks,
including elevated risks as a result of the COVID-19 pandemic (Appendix 16). In-text citation?
15
department?
The two industries also share similarities in risk management. It supervises the
management of any compliance risks relating to laws and regulations and supports the
compliance function and other specialised functions by offering guidance on how to manage
compliance risks. For example, Capital A's risk management committee recommends the ERM
strategies for managing risks faced by the group for the financial year. In addition, the risk
department also identified and established Crisis Management Teams to minimise significant
operational disruptions in the event of a crisis (Appendix 17). AmBank invests in group
compliance in the financial services industry to foster a positive compliance culture and reduce
risk exposure (Appendix 18). In-text citation?
Hence, there is no difference since both industries have the same similarities.
According to Ng et al. (2017), their research revealed that all food and beverage
industry and food manufacturing industries in Malaysia adopted these standards which are
HACCP (Hazard Analysis Critical Control Point) food safety management systems and GMP
(Good Manufacturing Practice) food hygiene practices. Both of these practices were based on
the standards of ISO 9001, which is a quality management system that will help this industry
to prevent or reduce risk and to mitigate any potential side effects of an undesirable outcome
to accomplish its intended outcomes. (ISO Global, 2022). These practices were exercised by
Hup Seng, Nestle, Dutch Lady Milk Industries and other food manufacturers.
s
Financial Service Industry
According to Bank Negara Malaysia (BNM) (2018), BNM issued a Credit Risk policy
document for banking institutions, financial and monetary service companies, insurance firms
and takaful operators, named “Best Practices for the Management of Credit Risk Guidelines”.
This guideline further advances credit risk management procedures throughout the sector,
considering changes in product diversity and scale, increased financial system globalisation,
and the expanding significance of domestic capital markets as an alternative funding source.
One of the “Best Practices for the Management of Credit Risk Guidelines” guidelines is the
16
Pillar 3 disclosure requirements. As seen in RHB bank, CIMB bank and other banks, their best
risk practice is adhering to the Pillar 3 guidelines issued by BNM. The objectives of Pillar 3
disclosure requirements are to promote transparency by establishing the minimal standards for
information on banking institutions' risk management procedures and capital adequacy that
must be disclosed to the market. According to Malay Mail (2018), CIMB bank won the
“Achievement in Enterprise Risk Management” award as they adhered to Enterprise-Wide
Risk Management Framework which gave a summary of each risk detected to support
transparent and accountable risk management practices and to improve readiness and
compliance with regulatory standards. In-text citation?
17
Incorrect reference format, no numbering is needed.
7.0 References
1. Agencies 2021, Nestle papers show over 60% of its food portfolio is ‘unhealthy’,
Business Standard India, viewed 24 November 2022, < https://www.business-
standard.com/article/international/nestle-papers-show-over-60-of-its-food-portfolio-
is-unhealthy-121060100038_1.html. >
2. Allianz Malaysia 2021, Annual Report 2021, viewed 26 November 2022, <
https://www.allianz.com.my/content/dam/onemarketing/azmb/wwwallianzcommy/pdf
/financial-reports/annual-reports/AllianzAnnualReport2021.pdf >.
3. Alberta 2022, Hazard Analysis Critical Control Point Programme Planning, viewed
15 December 2022, <https://www.alberta.ca/hazard-analysis-critical-control-point-
program-planning.aspx>.
4. Ahmed, H & Ibrahim, IR 2018, ‘Financial consumer protection regime in Malaysia:
Assessment of the legal and regulatory framework’, Journal of Consumer Policy, 41(2),
pp.159-175.
5. AmBank Group Malaysia 2022, Integrated Annual Report 2022, viewed 26 November
2022, <
https://www.ambankgroup.com/eng/InvestorRelations/AnnualReports/Documents/20
22/AMMB%20IR22%20Website.pdf >.
6. Bank Negara Malaysia 2022, Financial Stability, viewed 12 December 2022,
<https://www.bnm.gov.my/market-conduct>.
7. Bank Negara Malaysia 2022, Payment Systems, viewed 15 December 2022,
<https://www.bnm.gov.my/payment-systems>.
8. Bank Negara Malaysia 2022, Prudential Regulation, viewed 15 December 2022,
<https://www.bnm.gov.my/prudential-
regulation#:~:text=The%20prudential%20regulatory%20framework%20emphasises,t
o%20the%20circumstances%20and%20exposures>.
9. Bursa Malaysia 2022, Statement on Risk Management & Internal Control: Guidelines
for Directors of Listed Issuers, viewed 03 December 2022,
https://www.bursamalaysia.com/sites/5bb54be15f36ca0af339077a/assets/5bb54d0a5f
36ca0c341f0028/Statement_on_Risk_Management___Internal_Control_-
_Guidelines_for_Directors_of_Listed_Issuers.pdf >.
Seen
18
10. Bursa Malaysia 2022, Guidance on effective audit and risk management, Corporate
Governance Guide Pull-out II, viewed 9 December 2022,
<https://www.bursamalaysia.com/sites/5bb54be15f36ca0af339077a/assets/5bb54d1a5
f36ca0c341f0066/Pull-out_II.PDF>
11. Capital A 2021, Annual Report 2021, viewed 26 November 2022, <
https://www.capitala.com/misc/Capital_A_ar2021.pdf >.
12. CIMB Bank 2021, Integrated Annual Report 2021, viewed 26 November 2022, <
https://www.cimb.com/content/dam/cimb/group/documents/investor-relations/annual-
general-meeting/2022/final/cimb-ar-2021.pdf >.
13. Control Union Certification 2022, ISO 22000 Food Safety Management System, viewed
15 December 2022, <https://certifications.controlunion.com/en/certification-
programs/certification-programs/iso-22000-food-safety-management-system>.
14. Daniele, U. 2022, AirAsia faces backlash over delayed pandemic refunds, viewed 24
November 2022, < https://www.aljazeera.com/economy/2022/5/23/airasia-faces-
customer-backlash-over-delayed-pandemic-refunds. >
15. Deloitte 2022, Financial Reporting Framework in Malaysia, viewed 15 December
2022, <https://www.iasplus.com/en/jurisdictions/asia/malaysia>.
16. Dutch Lady Milk Industries 2021, Annual Report 2021, viewed 26 November 2022, <
https://www.dutchlady.com.my/wp-content/uploads/2022/04/DLMI-AR2021.pdf >.
17. Fam 2022, AirAsia allegedly hit with ransomware attack, data of five million
passengers and employees reportedly compromised (Updated), Star 23 November,
viewed 26 November 2022, < https://www.thestar.com.my/tech/tech-
news/2022/11/23/airasia-allegedly-hit-with-ransomware-attack-data-of-five-million-
passengers-and-employees-reportedly-compromised >.
18. Laws of Malaysia, 2013, Financial Services Act 2013, viewed 15 December 2022,
<https://www.bnm.gov.my/documents/20124/820862/Financial+Services+Act+2013.
pdf>.
Incorrect citation format
19. Hassani, Bertrand, and Bertrand K. Hassani, 2016. Scenario analysis in risk
management. Springer International Publishing Switzerland.
Seen
19
20. Henriques, M 2022, Data Privacy Day: Raising Awareness and Encouraging
Compliance, <https://www.securitymagazine.com/articles/96948-data-privacy-week-
raising-awareness-and-encouraging-compliance>.
21. Hong Leong Bank 2022, Annual Report 2022, viewed 26 November 2022, <
https://www.hlb.com.my/content/dam/hlb/my/docs/pdf/About-Us/Investor-
Relations/annual-quaterly-reports/2022/annual-report/hlb-annual-report-2022.pdf >.
22. Hup Seng 2021, Annual Report 2021, viewed 26 November 2022, <
https://disclosure.bursamalaysia.com/FileAccess/apbursaweb/download?id=215383&
name=EA_DS_ATTACHMENTS >.
23. Ishak, Naharul 2022, The issues regarding AirAsia’s Air Service Licence, viewed 24
November 2022, < https://themalaysianreserve.com/2022/10/17/the-issues-regarding-
airasias-air-service-licence/ >
24. Laws of Malaysia, 2013, Islamic Financial Services Act 2013, viewed 15 December
2022, <https://www.bnm.gov.my/documents/20124/8102422b-e6dd-d149-8db0-
e3637e89ed5c>.
25. ISO 2022, ISO 9001:2015 Quality Management Systems – Requirements, viewed 15
December 2022, <https://www.iso.org/standard/62085.html>.
26. Kiwa 2022, Difference between FSSC 22000 and ISO 22000, viewed 15 December
2022, <https://www.kiwa.com/en/themes/fssc-22000-food-safety-management-
system/difference-fssc-22000-and-iso-22000/>.
27. Malaysian Bar 2019, Issuance of Amendments to Main Market Listing Requirements
and ACE Market Listing Requirements on 8 May 2019, viewed 15 December 2022,
<https://www.malaysianbar.org.my/cms/upload_files/document/Circular%20No%201
07-2019.pdf>.
28. Nestle 2019, Quality and safety, viewed 24 November 2022, <
https://www.nestle.com/aboutus/quality-and-safety >.
29. Nestle Malaysia 2021, Corporate Governance & Financial Report 2021, viewed 26
November 2022, < https://www.nestle.com.my/sites/g/files/pydnoa251/files/2022-
03/CGFR-NESTLE-AR21.pdf >.
Seen
20
30. Laws of Malaysia, 2010, Personal Data Protection Act 2010, viewed 15 December
2022,
<https://www.kkmm.gov.my/pdf/Personal%20Data%20Protection%20Act%202010.p
df>.
31. Policy Mandatory Nestlé Quality Policy 2017, Nestle Quality Policy, viewed 24
November 2022, < https://www.nestle.com/sites/default/files/asset-
library/documents/library/documents/suppliers/quality_policy_nestle.pdf. >
32. PWC 2022, Overview of MFRS, viewed 15 December 2022,
<https://www.pwc.com/my/en/services/assurance/mfrs.html#:~:text=Overview%20of
%20MFRS&text=It%20is%20fully%20compliant%20with,milestone%20for%20the
%20capital%20market.>.
33. RHB Bank 2021, Integrated Annual Report 2021, viewed 26 November 2022, <
https://www.rhbgroup.com/~/media/files/malaysia/investor-relations/annual-
reports/rhb-bank-ir-2021.ashx >.
34. Securities Commission Malaysia 2022, Frequently Asked Questions on the Malaysian
Code on Corporate Governance, viewed 15 December 2022,
<https://www.sc.com.my/api/documentms/download.ashx?id=a9ae6572-32c1-483a-
ae20-
52ebc18ac63d#:~:text=As%20stated%20in%20MCCG%2C%20while,the%20practic
es%20in%20the%20MCCG>.
35. Shahwahid, FM & Miskam, S 2015, ‘Personal Data Protection Act 2010: Taking the
First Steps towards Compliance: Akta Perlindungan Data Peribadi 2010: Mengambil
Langkah Awal ke arah Pematuhan’, Journal of Management and Muamalah, 5(2),
pp.64-75.
36. Shih, L 2018, ‘Navigating the Directors’ Duty to Act in the Best Interest of the
Company: the Petra Perdana Decision and the Companies Act 2016’.
37. Sime Darby 2022, Annual Report 2022, viewed 26 November 2022, <
https://www.simedarby.com/sites/default/files/annualreport-
pdf/sime_darby_ar2022_interactive_221017.pdf >.
38. Sweity, RM & Yeon, AL 2017, ‘The Application of Corporate Disclosure Policy among
Public Listed Companies in Properties Business’, International Journal of Economics,
Business and Management Research, Vol. 1, No. 04.
39. Top Glove 2022, Annual Report 2022, viewed 13 December 2022, <
https://www.topglove.com/annual-report >.
Seen
21
40. Carnegie Mellon University, Consumer products, viewed 13 December 2022,
<https://www.cmu.edu/career/documents/industry-guides/consumer-products-tip-
sheet.pdf>.
41. Grabner-Kräuter, S & Kolb, R, 2018, The SAGE Encyclopedia of Business Ethics and
Society, SAGE Publications, Inc, viewed 13 December 2022,
<https://www.researchgate.net/publication/326059029_Consumer_Goods>.
42. Segui-Mas, E, Polo-Garrido, F & Bollas-Araya, HM, 2018, Sustainability Assurance in
Socially-Sensitive Sectors: A Worldwide Analysis of the Financial Services Industry,
Economic and Business Aspects of Sustainability, vol. 10, no. 8, viewed 13 December
2022, <https://www.mdpi.com/2071-1050/10/8/2777>.
43. Turkekole, T, 2015, Strategic Approach to Financial Services Industry, Bogazici
University, viewed 13 December 2022,
<https://www.researchgate.net/publication/286777573_Strategic_Approach_to_Finan
cial_Services_Industry>.
44. Watson, T, Blair, D & Laurence, J, 2003, Financial Services: A Report on the Industry,
Industrial College of the Armed Forces National Defense University, viewed 13
Deember 2022,
<https://www.researchgate.net/publication/235044876_Financial_Services_A_Report
_on_the_Industry>.
45. Gribbins, M, Chandrasekar Subramaniam & Shaw, MJ, 2001, e-Business in Consumer
Packaged Goods Industry: A Case Study, Department of Business Administration,
University of Illinois at Urbana-Champaign, viewed 13 December 2022,
<https://www.academia.edu/2030799/E_business_in_consumer_packaged_goods_ind
ustry_a_case_study>.
46. Bank Negara Malaysia, 2018, Credit Risk, viewed 13 December 2022,
<https://www.bnm.gov.my/-/credit-risk-22012018>.
47. Malay Mail, 2018, CIMB recognised for strong risk management, viewed 13 December
2022, <https://www.malaymail.com/news/money/2018/06/17/cimb-recognised-for-
strong-risk-management/1642740>.
22
48. Ng, KS, Lim HC & Abdul Rahman Ahmad, 2017, Quality Assurance Practices of the
Food Manufacturers in Malaysia, Journal of Computational and Theoretical
Nanoscience, vol. 23, no. 15, viewed 13 December 2022,
<https://www.researchgate.net/publication/314256520_Quality_Assurance_Practices_
of_the_Food_Manufacturers_in_Malaysia>.
49. ISO Global, 2022, Risk Management and ISO 9001 Quality Management, viewed 13
December 2022, <https://isoglobal.com.au/articles/risk-management-iso-
9001/#:~:text=According%20to%20ISO%209001%2C%20planning,effects%20of%2
0an%20undesired%20outcome.>.
50. Lim, S. 2021, ‘AmBank slips into the red in 4Q, no thanks to 1MDB settlement and
impairments’, viewed 15 December 2022,
<https://www.theedgemarkets.com/article/ambank-slips-red-4q-no-thanks-1mdb-
settlement-and-impairments>.
51. Allianz 2021, Annual Report 2021, viewed 15 December 2022,
<https://www.allianz.com.my/content/dam/onemarketing/azmb/wwwallianzcommy/p
df/financial-reports/annual-reports/AllianzAnnualReport2021.pdf>.
23
8.0 Appendices
Appendix 1: Top Glove Annual report 20212 stated that they use scenario analysis to assess
the risk assessment. Source?
Appendix 2: Dutch Lady Annual Report 2022 stated that they have prepare a risk profile to
assess their risk evaluation and updated it regularly and then tabulated it inta o heat map for
risk monitor purpose. Proper source citation?
24
Appendix 3: AmBank in the Annual report 2022 used stress testing in semi-annual to
conduct their risk assessment. Proper source citation?
Appendix 4: Allianz Bank Malaysia Berhad using the Risk and Control Self-Assessments to
undertake their risk assessment activities. Proper source citation?
Appendix 5: From the Hong Leong Bank Annual report, they are using risk and control self-
assessment to evaluate their risk assessment.
Proper source citation?
25
Appendix 6: Sime Darby inaugural risk appetite statements, risk tolerance and key risk
indicators were developed in FY2020 and are tracked on a quarterly basis. There are a total of
14 risk appetite statements covering 12 sub-enterprise risk areas. There were no critical
breaches of risk tolerance limits during the year. Risk tolerance that encroached alert level
(code yellow) were notified to the RMC and acted upon by the management.
Proper source citation?
Appendix 7: Allianz Bank Annual report 2021 stated the principal risk that they will faced.
Appendix 9: Dutch Lady risk appetite statement contains zero tolerance policy
28
Appendix 11: Capital A Annual report 2021 and Nestle Annual Report 2021 stated that they
have business Continuity Management Plan to deal with their operational risk- System Outages
(Capital A) and Business Disruptions risk (Nestle).
Proper source citation?
Appendix 12: Nestle Corporate Governance & Financial Report 2021 (p. 6)
29
Appendix 13: Dutch Lady Annual Report 2021 (p.65)
30
Appendix 14: Alliance Bank Annual Report 2022 (p.78)
31
Appendix 15: Dutch Lady Annual Report 2021 (p.57)
32
Appendix 16: CIMB Annual Report 2021 (p.138)
33
Appendix 17: Capital A Annual Report 2021 (p.178,179)
34
Appendix 17: Capital A Annual Report 2021 (p.178,179)
35
Appendix 18: Ambank Annual Report 2022 (p.154,156)
36