Masterlist of Non Conformities (NC) & Opportunity for Improvement (OFI) for ABMS Internal Audit October 2021

No NC/OFI Dept/Div Description Response / Actions Taken PIC Status Completion

Date
1 NC CORP [Clause 7.5.3 Control of documented information] [5.3.1 Roles & Responsibility] All Job Description was completed and submitted to HCD on 15/10/21. Rosmah Toha Completed 15/10/2021
Found during the Audit the new Job Description records with the statement on the task Show cause letter had been issued to Manager, Contract Management on
commitment for implementation of ABMS for Contract Management was not 03/11/2021 and reminders will be issued continuously in every monthly
completely signed and being kept adequately. departmental meeting.

2 OFI IAD [4.5 Bribery Risk Assessment] [6.1 Action to Address Risks and Opportunities] The The matter has been discussed with Risk & Integrity Management Abdul Hafizullah bin Completed 10/11/2021
current Corruption Risk Management (CRM) updating is being done on manual basis, Department. IAD's folder in Q-Radar has been created on 21 October 2021. Mat Isa, Manager IAD
not through Q-Radar. It should be standardized with other departments. IAD has updated the details into Q-Radar on 10 November 2021

3 OFI IAD [7.5.3 Control of Documented Information] As stated in the Whistleblowing Policy, As per the MMC Group practice, IAD will only share the relevant i) Siti Nazirah binti Ongoing Monitoring 10/11/2021
record of each disclosure will be stored by HCD and IAD. However, based on interview confidential records related to Whistleblowing matter to HCD. For all Mohamed Nazir, Head
and observation, the records are only kept at Head, IAD office. The statement should be cases that require further involvement by HCD, IAD will provide the IAD
revised accordingly, as it may possibly create misinterpretation on the storage hard/soft copy report and relevant documentary evidences to HCD for ii) Fawzie bin
responsibility. their reference and further actions. The matter will be remained as Badahi@Badli, Senior
practice until there is new update/revision at HQ level. Manager,
Compensation, Reward
& Industrial Relation
Department, HCD

4 OFI RIMD [7.2 Competence] The appointment of the auditor should be based by their experience ABMS Internal Auditors were trained on ABMS Audit training. They were Mohd Rozaily Completed 30/10/2021
and knowledge in auditing. It is observed that the latest appointment is lack of both as selected based on their experience in ISO9001 and ISO45001 audit. Some
per stated. of them had undergo associate ABMS training - ISO37001 Legal and Other
Requirements. An exposure to the new auditors was made by pairing with
senior auditors.

5 OFI RIMD [8.2 Due Diligence] No conflict-of-interest statement been signed by all auditors prior The suggestion will be considered for the next ABMS internal audit Mohd Rozaily Next ABMS internal audit. 30/10/2022
to performing the ABMS internal audit. This is to ensure that all auditors are
independent from the audited person/department.
6 OFI CONTAINER [Clause 7.3 Awareness and Training] The organization shall provide adequate and As said, the 5 processes well shared with process owner through small Fakhrul Azhar Implemented - Container 31/12/2021
appropriate anti-bribery awareness and training to personnel. briefing and cascaded down to respective ground officers over the ops Safety Meeting 2021 (Date:
The audit noted that while staff is constantly reminded and given awareness of the meeting regularly. Moving forward, shall make all this documented as per 22.10.2021)
subject of anti-bribery, these reminders are verbal and can’t be quantified on paper. your true concern. On-going practice
Container Services Department can further improve the ‘verbal’ initiatives by sending
reminders of such controls through email or work on awareness programs with Risk &
Integrity Management Department.

7 OFI HCD [Clause 9.1 Monitoring, measurement, analysis and evaluation] The organization shall The appointments of canteen committees are mainly from ER, Admins and Shamsul Haniff The evaluation/feedback 10/11/2021
determine; what needs to be monitored and measured, and who is responsible for Secretaries. Moving forward, HCD propose to conduct surveys / from canteen users will be
monitoring. It was found that the monthly performance appraisal of canteen operators assessment with canteen users for their feedback on canteen performance counted in CPE November
in Northport was conducted by only one (1) cafeteria committee member for each (complaint/compliment) instead of appointing additional committee 2021
location. Human Capital Division (HCD) to consider appointing more than one (1) members. The result of the survey will be part of the canteen monthly
committee member to monitor and evaluate the performance of canteen operators for assessment by the committee.
each location.
This assessment is currently being verified by HCD.

8 OFI HCD [Clause 7.3 Awareness and Training] The organization shall provide adequate and This OFI should be directed to Risk, Integrity Management Department Rozaily / Norshima As and when requested 01/12/2021
appropriate anti-bribery awareness and training to personnel. The audit noted that (RIMD) as per previous discussion. HCD will assist to arrange the training Jantan
non-executive staff was not provided with awareness and training programs related to requirement once the required modules and training syllabus for non-
anti-bribery and corruption. Human Capital Development Department (HCDD) to executive is made available.
consider collaborating with Risk & Integrity Management Department to conduct anti-
bribery awareness and training session for the non-executives staff.

9 OFI HCD [Clause 7.2.2 Employment Process] In relation to all of its personnel, the organization HCDD to include RIMD for onboarding session effective November 2021. Norshima Jantan/ On Going 01/11/2021
shall implement procedures such that; conditions of employment require personnel to Fawzie Badli
comply with the anti-bribery policy and anti-bribery management system, and give the
organization the right to discipline personnel in the event of non-compliance.
HCDD to consider providing a slot for the Risk & Integrity Management Department to
brief on NMB’s Anti-Bribery and Anti-Corruption Policy and related matters during the
onboarding program for the recruitment of new executives.
Masterlist of Non Conformities (NC) & Opportunity for Improvement (OFI) for ABMS Internal Audit October 2021

No NC/OFI Dept/Div Description Response / Actions Taken PIC Status Completion

Date
10 OFI HCD [Clause 8.4 Non-financial Controls] The organization shall implement non-financial HCD & ISD to discuss on real-time booking system for Northport Resort by Shamsul Haniff Discussion between ISD & 1Q 2022
controls that manage bribery risk with respect to such areas as procurement, next week. HCD has been conducted on
operational, sales, commercial, human resources, legal and regulatory activities. 10 November 2021. The
Processes implemented by the organization to ensure that the non-financial controls development of SPC system
are properly managed. will start to commence upon
It was observed that the company’s holiday resort bookings have been recorded completion of e-Bayplan for
manually using the registration book. HCD to consider using a real-time booking system Operations expected on the
to avoid the occurrence of favoritism in accepting bookings. Apart from real-time 1st Quarter 2022 as ISD
update, online registration system are convenience, highly secured and eco-friendly. resources are tight with
scheduled projects..

11 OFI HCD [Clause 4.5 Bribery Risk Assessment] The organization shall retain documented The appointment of cafeteria operators and suppliers for uniform and Shamsul Haniff / Risk on holiday resorts will 31/12/2021
information that demonstrates that the bribery risk assessment has been conducted apparels are through tender. Thus this concern will be covered under the be registered in Q4 2021.
and used to design or improve the anti-bribery management system. tender process. HCD will nonetheless extend this risk to the appointment
HCD to consider rephrasing the division's Corruption Risk Management (CRM) risk of holiday resorts.
statement "Favoritism and nepotism during selection of training provider"; to be
extended to contractors for company holiday resorts and cafeteria operators, and
suppliers for uniform & apparels.

12 OFI HSSE [5.1.2 h) Promoting an appropriate anti-bribery culture within the organization] Will standardize that all new hired pledge will be under HSSE Division. Resource Management Completed 31/12/2021
Evidence based on observation: (Fadilah/Qistina)
• New PAP recruitment under HCDD but new hired Ms. Qistina pledge under HSE.
Suggestion:
• During reporting duty for new hired recruitment, pledge should be standardized
under HCDD.

13 OFI HSSE [7.4.1 Communication] Posters on 21 type of corruption will be established and communicated to Resource Management HSSE is in the midst of 31/12/2021
Evidence based on observation: all staff. (Fadilah/Qistina) preparing the related
• The staff's understanding of ABMS only covers the issue of giving and receiving bribes. posters.
Suggestion:
• The awareness of 21 types of corruption to explain to personal through any meeting
or toolbox assembly.

14 OFI HSSE [6.1.2 Bribery category identification and assessment of risks and opportunities] Further clarification is needed from the respective internal auditors. Resource Management HSSE will discuss further 31/12/2021
Evidence based on observation: (Fadilah/Qistina) with the internal auditors.
• ABMS risk assessment only covers activities in the SOP.
Suggestion:
• Risk assessment can be extended in admin work flow such as selection of overtime /
leave to staff in the employee’s daily schedule.
• To include any activity (not covered in SOP) in assessment that highly potential to
involved in any corruption

15 OFI CONV [5.3.1 Roles & Responsibility] Job/Position Description for staff, it was observed that a As at 16/11/2021, 143 staff had signed their respective JD and remaining Huzeir/Jabir On-going 31/12/2021
job description given by user was not signing by staff referring to document Supervisor 6 staff (4%) have yet to sign due to long MC. Completed JD for all staff and Supervisor
Billing Operation Northport. Advice CLF division to re-check. Billing Operation Northport had
signed their respective JD

16 OFI CONV [7.4 Communication] Pre-arrival meeting form, it was observed that the pre-arrival Attendance list shall be filled based from participants joined via online Reza Completed 31/10/2021
meeting form for record attendance was not indicated name, contact number and (whatsapp group/TEAMS/GM/etc) and to be circulated via
signing from contractor. Only Northport staff data was completed. Recommended for email/whatsapp together with MoM.
user to remark the details i.e. company, PIC, type of meeting (online meeting), etc

17 OFI LOG [7.5 Documented Information] Corruption Risk Assessment (CRA). Refer to the NDSB Upon extensive review of the process, we will take out the matter from the Hairizad Completed 11/11/2021
process, receiving and packing of container work flow (LOGS002) under process No.1 existing process as the activity now is being carried out by the customers /
(Receive stuffing advice / cargo document), assessment on corruption likelihood for tenants under the new process improvement.
type No.1 (Petty Corruption) indicated risk is shown as 3, but no CRA was created.
Recommended for user to review the CRA if there is any change made.
Masterlist of Non Conformities (NC) & Opportunity for Improvement (OFI) for ABMS Internal Audit October 2021

No NC/OFI Dept/Div Description Response / Actions Taken PIC Status Completion

Date
18 OFI SPP [Clause 8.1 Operations planning & Control] It was noted that SPP ( Corporate Vendor management is in progress of registering Knight Frank into the Nuhairi On-going 30/11/2021
Development ) had appointed Knight Frank Malaysia as land valuer for several projects AVL.
(3 projects) since 2016 through direct appointment. We also took note that the cost of
the works is more than RM10k.
SPP to ensure Knight Frank Malaysia to be registered as an approved vendor list (AVL)
as part of the due diligence process.

19 OFI CCD [Clause 8.7 Gifts, hospitality, donations and similar benefits]
To determine/decide the amount of cash donation is also one of the potential risks of
conflict of interest, the amount shall be reasonable. CCD could establish a guideline or
mechanism considering the receiver's location, sector, and seniority.
The cash donation is discretionary in general due to several factors Mohd Azmi On-going 31/12/2021
including the projects/programs' objectives, location, nature of the
project/programs, and other considerations. However, for schools
requesting for donation, the proposed amount is generally standardised
with the focus given to schools within Klang and Port Klang area. Any
proposal for donation exceeding the standard amount is subject to
Management's advice and approval.

20 OFI CCD [Clause 8.1 Operations planning & Control] It was noted that the Corporate Improvisation has been made on Corporate Sponsorship Due Diligence Mohd Azmi On-going 31/12/2021
Sponsorship Due Diligence Checklist is being used by other User Departments that Form where signatory column has been included into the form effective 2
received requisition for donation or sponsorship from external parties. The user November 2021.
Department is required to conduct due diligence to the requestor and submit it to CCD Notification has also been made to Finance via email on 3 November 2021
for further process. Few samples of the checklist were sighted, and we noticed that to ensure that the Payment/Collection column in Corporate Sponsorship
there was no allocated signatory column for the User Department. User signed at Recommendation Form is filled up by them upon the
different places on the form. CDD to consider further improvement of the checklist as donation/sponsorship cheque/payment is issued.
below:
i. To include a signatory column for User Department.
ii. CCD must ensure that the Payment/Collection is filled when receiving a cheque or
remittance slip from the Finance Division
Samples taken:
i. WCS Warehousing Sdn Bhd ( Contribution of Staff Annual Dinner 2021)
ii. PDRM (Contribution of facemask and glove to frontliner)
iii. SMK Dato Hamzah Baik pulih bilik darjah
iv. PIBG Sek Men Telok Gadong sumbangan untuk internal

21 OFI ISD [Clause 7.3 Awareness and Training] The organization shall provide adequate and To have further discussion with Risk & Integrity Management Department, Shamsul Amriz On-going 31/12/2021
appropriate anti-bribery awareness and training to personnel. to conduct a briefing session to ISD staff on the initiatives that have been
implemented to increase the anti-bribery awareness in the organization.
The audit noted that not all staff are aware of the proper process of the Gift Policy, Risk
& Integrity Management Department can work together to conduct an anti-bribery
awareness and training session for all levels of staff that also covers the process of
receiving and giving a gift.
Samples taken:
i. CRM Risk Register
ii. Gift declaration Form
iii. Corruption Free Pledge

22 OFI CORP [9.2 Internal Audit], [A.20 Planning and implementing changes to ABMS] Status update ● The SPRM vetting and bankruptcy search on company Directors and Siti Zalekha Completed Completed
still on hold from previous SIRIM Stage 2 Audit “Anti-bribery control including due individual shareholders are being conducted on the following ongoing
diligence to appointed vendor has been adequately implemented and could be tenders:-
extended to SPRM vetting and bankruptcy search on the company’s Directors. 1) Supply of Uniforms and Accessories;
(verification)” 2) Feasability Study for Development and Enhancement of Northport and
Southpoint;
3) Supply of Safety Shoes;
4) Upgrading of Underwharf Structure at Berth 11, 18 & 19.

● Similar vetting and search will be carried out for all future tenders.
● Tender SOP will be revised to incorporate the above new process.
Masterlist of Non Conformities (NC) & Opportunity for Improvement (OFI) for ABMS Internal Audit October 2021

No NC/OFI Dept/Div Description Response / Actions Taken PIC Status Completion

Date
23 OFI CORP [8.1 Operation planning & control] Based on sample CWR/412/2020, one of the ● The requirement for Integrity Pact submission has been implemented in Nazual Completed Completed
suppliers (AMN) didn’t submit Integrity Pact. Every quotation must have attached RFQ Exercise since June 2021.
together with the integrity pact. This current method can be quite difficult to comply, ● AMN had been reprimanded for their failure to submit the Integrity Pact.
which Procurement team could take different mechanism to cover this current process. The same has been submitted by AMN to Procurement Department on
21/10/21.
● Purchasing executives have been instructed to follow up with each
vendors closely.
● Refusal to submit Integrity Pact will result in disqualification, and
possible suspension.

24 OFI CORP [8.1 Operation planning & control] Vendor registration process is anticipated as one of The declaration on "Conflict of Interest" by Vendors has been included in Nazual Completed Completed
the potential risk of conflict of interest. Vendor Management Unit could take action to the "Vendor Code of Conduct". This has been implemented since
include declaration on conflict of interest to avoid such case between vendor and 01/11/2021.
Northport under Vendor Code of Conduct form.

25 OFI CORP [8.1 Operation planning & control] [8.2 Due diligence] Two (2) contractor/surveyor ● Q-TWO (M) SDN BHD was invited to participate in an RFQ exercise for Nazual Completed Completed
under claim process which is CAPRICONI MARINE SERVICES SDN BHD and Q-TWO (M) the transloading works along with 3 other Vendors.
SDN BHD need to be registered in AVL as part of due diligence process. ● The value of the works is RM9,100.00.
● Paragraph 12.2.3 (1) of Procurement Guidelines, MMC Procurement
Policy, exempts "Vendors with single transaction value of less than
RM10,000.00 or with a yearly cumulative transaction value of less than
RM50,000.00" from vendor registration.
● Nevertheless, Q-TWO (M) SDN BHD had been duly registered on
09/11/2021.

26 OFI FAC [9.1 Monitoring, measurement, analysis and evaluation] An evaluation guide is proposed to assist the personnel during Abdul Ghani Khan In progress 04/12/2021
Low marks were given in the Contractor Performance Evaluation without sufficient scoring/rating process. Evaluator is required to indicate the basis of
reference. It could possibly lead to bias in giving unfavorable scoring to the contractor. scoring/rating in the Comments/Recommendation column (e.g. KPI,
evidence, support document etc).

27 OFI FAC [6.1 Action to address risks and opportunities] Any potential corruption in the Procurement process is being addressed Azman Mohamed Completed 01/11/2021
Facilities submit the MR to Procurement for briefing and quotation request. accordingly in Corporate Services CRM.
Procurement is responsible to liaise directly with the contractor/supplier which the
leakage of information or favoritism may happen since Procurement is not an
independent party.

28 OFI FIN [7.4 Communication] Finance Division should include the topic on corruption and The communication on the anti-bribery & anti-corruption/integrity Rohafizah On-going 31/12/2021
bribery during its Division meeting to ensure staff are continuously aware of company's matters is being addressed during Finance Division meeting/discussion
zero tolerance to any form of corruptions. from time to time.
29 OFI FIN [5.2 Anti-Bribery Policy] Observed outdated ABAC Policy dated June 2020 is still affixed The updated ABAC Policy has been affixed at Store Office. A checking on Rohafizah Completed 29/10/2021
at Store office. To replace with the latest revision dated January 2021 to ensure the other Finance offices was made to ensure only updated policy is
updated and consistency of information. displayed.
30 OFI FIN [5.3.1 Roles and Responsibilities] Revise Risk Owner/PIC for Store Section referring to PIC for Store Section has been revised to Thinagar Vadivelu, Manager Rohafizah Completed 10/11/2021
responsibility. Inventory Management
31 OFI FIN [7.2.2.1a Employment Process] Incomplete information on IBR IBR for Fatin Nurdiyana and Daniel Ramli had been completed and filed at Rohafizah Completed 29/10/2021
1. Fatin Nurdiyana Human Capital.
2. Daniel Ramli Confidentiality clause prohibiting an employee from using or disclosing
P&C declaration to be signed by all Payroll personnel. any confidential info is included in the offer letter and signed by every
employee. Separate P&C declaration may not required.

CT1
 NC OFI
Audit Type Total
Closed Open Closed Open
Gap Assessment 11 3 0 0 14
Preliminary Assessment 3 4 0 0 7
Internal Audit 9 11 17 60 97
Stage 1 0 0 0 4 4
Division Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
TOD
Marine
ISD
CCD
HCD
Finance
IAD
FEM
Commercial
Corporate
SPP
CEO Office
HSSE