Lembaga Kumpulan Wang Simpanan Pekerja Annual …€¦ · Lembaga Kumpulan Wang Simpanan Pekerja ... Check and Balance ... businesses and investment today and EPF as

Annual Report 2015Lembaga Kumpulan Wang Simpanan PekerjaEmployees Provident Fund Board

73

74 StatementonCorporateGovernance

80 RiskManagement

86 StatementonRiskManagementandInternalControl

90 BoardAuditCommitteeReport

93 StatementonInternalAudit

95 StatementonInvestmentRiskManagement

Check and Balance

TheInvestmentPanelRiskCommitteemustbeabletoidentifysituationsofpotentialconflictofinterest,givenitsindependentroleandstructure.Themembersconsistofprofessionalsandindependentdirectorswithextensiveexperiencewhopracticegoodethicalstandardsandhighlightanypotentialareaofconflict.

Chairman, Investment Panel Risk CommitteeDato’ Sri Mohamed Nazir Abdul Razak


74

StAtEMENt oN coRPoRAtE GovERNANcE

TheGuardianofRetirement-IntegrityandGovernance -LeadingtheWay-GivingValueBack-CheckandBalance

-TheFinancials-AdditionalResources

Sustainability and responsible investing has beenin the limelight in the investment communityin 2015 with the rise in corporate governanceissues in the region. Sustainability is shapingbusinesses and investment today and EPF asMalaysia’s largest pension fund is striving to betheforefrontinchampioningsustainableinvestingand incorporating Environmental, Social andGovernance in its investment consideration. TheEPF believes that a sound corporate governanceframeworkpromotesstrongleadershipbytheBoardofDirectorsandgoodmanagementpractices,whichwill in turn contribute to enhancing accountability,transparencyandlongtermsuccessofthecompanies.

The EPF continues to regard good governancepractices as integral to protect the interestof all stakeholders and the reputationof the Fund. As a trustee with assets of RM684.53 billion, sustainability is a key factorin fortifying the alignment of interests betweenthe EPF as a long-term investor with its fiduciaryduties, the Government in its supervisory anddevelopmentalrole,and itscontributingmembersas beneficiaries. With the continuous innovationand movement in corporate governance andsustainableinvesting,theEPFhasmovedintandemby getting involved in a number of initiatives inchampioningsoundcorporategovernance.Amongothers,engagementandactivevotingisbecomingan intrinsicpartofourequity investmentprocess.TheEPFwillengageandvoteonanyissueaffectingthelongtermsustainabilityofacompanywhichithasinvestedin.

During the year, theEPFhas alsobeen involved ineffortstoenhancecorporategovernanceawarenessand the adoption of good corporate governancepractices.Theinitiativesinclude:

• Corporate Governance Programmes TheEPFregularlyparticipatesininternational

forumsoncorporategovernanceinordertobeup-to-datewithcurrentpracticessuchastheASEANAnnualCorporateGovernanceSummitby the Malaysian Institute of CorporateGovernance(MICG).

• Institutional Investors Council and Working Group Committee of The Malaysian Code for Institutional Investors

TheEPFhasbeenplayinganactiveroleintheformationandestablishmentoftheMalaysianCode for Institutional Investors 2014 whichwaslaunchedon27June2014.Thisinitiativeaims to outline broad principles of effectivestewardship by institutional investors,accompaniedwith comprehensive guidelinestoimplementtheprinciples.In2015,theEPFwaspartoftheInstitutionalInvestorsCouncilandWorkingGroup committee. This aims toprovide a platform for Institutional Investorstodiscussissuesofcommoninterest.

• ESG Index In 2015, EPF pioneered its first in-house

Environmental, Social and Governance(ESG) corporate equity rating tool in orderto integrate the element of sustainability,governanceandintegrityintoourinvestmentprocesses. This rating mechanism does not

BoARd ANd INvEStMENt PANEL

Minister of finance(Government)

Board Investment Panel

Board Committee Investment Panel Committee

Management Management Investment Committee

Related Departments Investment Departments

only extend beyond the traditional focus oncorporategovernance,butalsoaimstocapturea more holistic picture of what and how acompany isperforming from theperspectiveofenvironmentalandsocialneeds.

• Corporate Integrity Pledge The EPF together with its wholly owned

subsidiary KWASA Land Sdn. Bhd. signed aCorporate Integrity Pledge on 7th December2015 as a continued effort to support bestpractices in business ethics, in line with thebestpracticesofglobalgovernance.

TheEPFcorporategovernancestandardsaredrawnfrom various best practices, particularly from thefollowingreferences:

i) MalaysianCodeonCorporateGovernanceii) CGGuide:TowardsBoardroomExcellenceby

BursaMalaysiaiii) Malaysian Code for Institutional Investors

2014


75


Board Appointment Process

MembersoftheBoardandtheInvestmentPanel,aswellastheChiefExecutiveOfficer(CEO),areappointedbytheMinisterofFinance.TheMinisterappointsonlythosewhohaveproventrackrecordsofintegrity,competencyandreliabilitytoundertaketheirobligationseffectively.Appointmentsareforatwo-yeartermaswerecognizetheimportanceofbringinginfreshperspectiveintotheBoard.TheMinisterofFinancealsoreviewstheperformanceandeffectivenessofmembersoftheBoardandInvestmentPanel.

Board Composition

TheEPFAct1991dictatesthatitsBoardmembershipshouldnotbemorethan20persons,inclusiveoftheChairmanandCEO.In2015,therewere18membersontheEPFBoardrepresentingvariousstakeholderswhichinclude:

(i) TheChairman,(ii) FivemembersrepresentingtheGovernment,includingarepresentativeof

theMinistryofFinanceasDeputyChairman,(iii) FourmembersrepresentingEmployers,(iv) FourmembersrepresentingEmployees,(v) Threeprofessionalmembersfromvariousbackgrounds,and(vi) TheCEOasanex-officiomember.

The Investment Panel, headed by the Chairman of the EPF Board, comprisessevenmembers:

(i) TheChairman,(ii) OnerepresentativefromtheMinistryofFinanceasDeputyChairman,(iii) OnerepresentativefromBankNegara,(iv) Threeprofessionalmembers,and(v) TheCEOasanex-officiomember.

TheEPFBoardmembersconsistofindividualswithdistinguishedachievements,diverseskills,competenciesandexperience.

Roles and Responsibilities of the Board and Investment Panel

TheBoardassumesanumberofspecificresponsibilitiessuchasoverseeingtheimplementationofpoliciesrelatedtotheoperationsoftheEPF,identifyingkeyriskareasandtakingappropriatestepstomanagetheserisks,aswellasreviewingtheadequacyandintegrityoftheinternalcontrolsystems.

The EPF Act 1991 provides for the establishment of an Investment Panel toprovide strategicdirectionon investment related issues.The InvestmentPaneldetermines and approves investment activities in linewith existing guidelines,policiesonriskcontrolandassetallocation.

TheBoardreliesontheintegrityandduediligenceofseniormanagement,externalauditorsandadvisorstooverseetheEPF’soverallperformanceandattainmentofitsobjectives,keyoperationalinitiatives,financialplansandannualbudget,majorinvestments,divestmentandfundingproposals,financialperformancereviews,riskmanagementandcorporategovernancepractices.

Chairman and Chief Executive Officer

The roles and responsibilities of the Chairman and CEO are kept separate inaccordance with best practices and to ensure appropriate balance of powerand supervision of the management, increased accountability and greaterindependence.

The Chairman leads and ensures effective and comprehensive discussion onmattersbroughttotheBoard,includingstrategicissuesandbusinessplans.TheChairmanensuresthattheBoard’sdecisionsaretranslatedintoexecutiveaction.

TheCEO’sprimaryroleistomanagetheEPF’soperationseffectivelyinaccordancewithitsstrategiesandpoliciesandprovidecloseoversight,guidance,adviceandleadershiptoseniormanagement.

Board Effectiveness Evaluation (BEE)

TheEPFcarriesoutBoardEffectivenessEvaluation(BEE)toassesstheperformanceof the Board, including the Chairman and CEO, the Investment Panel, AuditCommitteeandRiskManagementCommittee.Thisisinadditiontotheselfandpeerevaluationofthedirectors.BEEcomprisesofanoverallevaluationoftheeffectivenessoftheBoardandInvestmentPanel.Thereviewiscarriedoutonceineverytwoyearsbyanindependentprofessionalbody.

Board Diversity

Inlinewithgoodgovernancepractice,theEPFiscommittedtoensuringdiversityfor theefficient functioningof theBoard.TheBoardbrings togetheradiverserangeofexperience,skills,knowledge,industrybackgrounds,ethnicityandgendertooptimallyachieveitsinvestmentobjectivesandgovernanceperformance.




76


Board Attendance

Atotalof10Boardand21InvestmentPanelmeetingswereheldin2015.Detailsofmembers’attendanceatthesemeetingsareasfollows.

TanSriSamsudinOsman(Chairman) 10/10 - - 3/3 - - - 2/2

GovernmentRepresentatives

Dato’MatNoorNawi(Servicecompletedwitheffectfrom31May2015)DatukDr.SundaranAnnamalai(Appointedwitheffectfrom1July2015)DatukAhmadBadriMohdZahir(AlternateMember)

5/9 3/5 - 2/3 - - - -

TanSriMohamadZabidiZainalDato’MohtarMohdAbdRahman(AlternateMember)

10/10 - - - - 4/4 - -

DatukSeriHajiSaripuddinDato’HajiRomliHajiHassan(AlternateMember)(Servicecompletedwitheffectfrom31May2015)Dr.GazaliAbas(AlternateMember)(Appointedwitheffectfrom1September2015)

8/10 - - - 2/3 - 2/2 -

TanSriDatukAmarHajiMohamadMorshidiAbdulGhaniDatuHajiMisnuHajiTaha(AlternateMember)

4/10 - 2/5 - - - 1/2 -

TanSriHajiSukartiWakimanDatukHajiNordinSiman(AlternateMember)

4/10 - - - - - - 1/2

EmployersRepresentatives

TanSriAzmanShahHaron 8/10 - 5/5 - - 1/2 - -

DatukMohdHasnolAyub 7/10 - - 2/3 - - - 1/2

TanSriDatukYongPohKon(Servicecompletedwitheffectfrom30June2015) 3/5 1/2 - - 1/1 - - -

TanSriDr.LimWeeChai(Appointedwitheffectfrom1July2015) 3/4 - 1/3 - 1/2 - - -

DatukAbangHajiAbdulKarimTunAbangHajiOpeng 10/10 7/8 - - - - - 2/2

EmployeesRepresentatives

Mr.MohdKhalidAtan 10/10 - - - 1/3 - - 2/2

DatukLokYimPheng 10/10 6/8 - - 3/3 - - 2/2

Ms.HadiahLeen 10/10 - - 3/3 - - 2/2 -

Ms.CatherineJikunan 10/10 - 4/5 - - 4/4 - -

ProfessionalsRepresentatives

TanSriLeeLamThye(Servicecompletedwitheffectfrom31May2015) 5/5 - - - 1/1 - - 1/1

Mr.ZainalAbidinKassim(Appointedwitheffectfrom1June2015) 5/5 2/3 - - 1/2 - - -

TuanHajiMd.JafarAbdulCarrim 10/10 5/5 2/3 3/3 3/3 - - 1/1

DatukThomasGeorge 10/10 8/8 1/2 - - 4/4 2/2 -

Ex-Officio

DatukShahrilRidzaRidzuan 10/10 - 5/5 3/3 2/2 4/4 - -

Pers

onne

l, Ap

poin

tmen

t &

Ser

vice

Com

mitt

ee

Stra

tegy

Com

mitt

ee

Fina

nce

& D

evel

opm

ent

Com

mitt

ee

Risk

Man

agem

ent

Com

mitt

ee

Audi

tCo

mm

ittee

Boar

d

disc

iplin

ary

Com

mitt

ee

disc

iplin

ary

Appe

al

Com

mitt

ee




77


InvestmentPanelMeeting InvestmentPanelRiskCommittee

TanSriSamsudinOsman(Chairman) 21/21 -

DatukAhmadBadriMohdZahir 18/21 -

DatukNorShamsiahMohdYunus(Resignedon29December2015) 8/21 -

Dato’SriMohamedNazirAbdulRazak 13/21 6/6

Dato’MohammadAzlanHashim(ServiceCompletedwitheffectfrom31May2015) 8/10 2/3

Mr.DavidLauNaiPek 16/21 4/6

PuanRossanaAnnizahAhmadRashid(Appointedwitheffectfrom1June2015) 8/11 -

DatukShahrilRidzaRidzuan(Ex-Officio) 21/21 6/6

Board Remuneration

Boardmembersarepaidamonthlyhonorariumandattendanceallowanceforeachmeetingattended.DetailsofremunerationofeachBoardmemberduringthefinancialyearareasfollows:

hoNoRARIUM ANd AttENdANcE ALLoWANcE of BoARd ANd INvEStMENt PANEL MEMBERS

types of Allowance

Allowance(RM)

Board InvestmentPanel

Board/InvestmentPanel/BoardAu-ditCommittee/BoardRiskManage-mentCommittee/InvestmentPanel

RiskCommittee

OtherBoardCommittees

Honorarium(PerMonth) 3,000 3,000 - -

ChairmanofMeeting - - 2,000 1,500

MeetingAttendance-IncludingAlternateMembers

- - 1,500 1,300

Fortheyear2015,thetotalhonorariumandallowancespaidtotheBoardandInvestmentPanelmemberswasRM1,661,550.00.

Emolument of top Management

Position Emolument(RM)

ChiefExecutiveOfficer/DeputyChiefExecutiveOfficers 4,220,833.07

Quality and Supply of Information to the Board

ToassisttheBoardindischargingitsdutiesandtokeepmembersabreastoftheEPF’soperationalandfinancialperformance,keyissues,challengesandopportunities,themanagementreleasesadequateoperationsandinvestmentreportsaswellasfinancialstatementstotheBoardonaregularandtimelybasis.




78

BoARd coMMIttEES

TheBoardandInvestmentPanelhaveestablishedvariousCommitteestooverseespecificmatterspertainingtoorganisationaloperations.Eachcommitteeoperateswithinclearlydefinedtermsofreference:

BoardCommittee Composition Function

AuditCommittee Fivemembers,includingtheChairman •assiststheBoardinevaluatingtheeffectivenessoftheinternalcontrols,riskmanagement(exceptinmakinginvestmentdecisions)andgovernanceprocesses

•overseesthefinancialreportingprocessandqualityoffinancialreportingoftheannualandinterimfinancialstatements

•reviewstheappropriatenessoftheEPF’saccountingpoliciesandchanges•heldeightmeetingsin2015todeliberateonthereportsoftheinternalandexternalauditors,reviewmattersincludingtheinternalauditfunctionsandtheauditplanfortheyear

•maintainsaformalandprofessionalrelationshipwiththeexternalauditorsandconvenedtwomeetingswiththeexternalauditorstheminyear2015withoutthepresenceofthemanagement

RiskManagementCommittee

Sixmembers,includingtheChairman • responsibleforassistingtheBoardtooverseealloperationalriskmanagementactivities(exceptformakinginvestmentdecisions)

• heldfivemeetingsin2015

InvestmentPanelRiskCommittee

Fourmembers,includingtheChairman • overseeinginvestmentrisk,whichincludesrecommendingtheaggregateriskappetitefortheInvestmentPaneltosignoff,approvingriskmanagementpoliciesandlimits,reviewingriskexposureandprovidingdirectioninrelationtoriskmanagementpracticeswithintheinvestmentfunction

• heldsixmeetingsin2015

FinanceandDevelopmentCommittee

Sixmembers,includingtheChairman • responsibleforrecommendingtheannualbudgettotheBoardandoverseestheEPF’sannualbudget

• assiststheBoardinapprovingmattersrelatingtofinancialimpactsuchaswrite-offsoflosses

• heldthreemeetingsin2015

StrategyCommittee Eightmembers,includingtheChairman • reviewingindetailproposedamendmentsandpolicychangesrelatedtotheEPFScheme

• endorsesanyrecommendationsandpolicychangestotheBoardforapproval• heldthreemeetingsin2015

Personnel,AppointmentandServicesCommitee

Sixmembers,includingtheChairman • assistingtheBoardtoconsiderandapprovemattersrelatingtoemploymentwhichincludesemploymenttermsandconditions

• heldfourmeetingsin2015

DisciplinaryCommittee Fivemembers,includingtheChairman • responsibleforanydisciplinaryproceedingsandimposespenaltiesonemployeesasprovidedundertheEPFRulesandRegulations(ConductandDiscipline)1993

• heldtwomeetingsin2015

DisciplinaryAppealCommittee

Sevenmembers,includingtheChairman • considersanyappealbyemployeesagainstthedecisionsmadebytheDisciplinaryCommittees

• heldtwomeetingsin2015

ProcurementBoardCommittee

ConsistofrepresentativesfromtheMinistryofFinanceandPublicWorksDepartmentapartfromkeypersonnelmanagement

• consistofProcurementBoardAandProcurementBoardB• responsibleformattersrelatingtotheprocurementofworks,servicesandsupplyofgoods

• held15meetingsin2015





79

MANAGEMENt coMMIttEES

ApartfromthemainBoardandInvestmentPanelcommittees,othermanagementcommitteeshavebeenestablishedandreportdirectlytotheCEOorrelevantkeyseniormanagementmembers.

ManagementCommittee Function

ManagementInvestmentCommittee

• recommendsinvestmentactivitiestotheInvestmentPanelinlinewiththeEPF’sguidelines,policiesonriskcontrolandassetallocation

• consistsof12members,includingtheChiefExecutiveOfficer(orDeputyChiefExecutiveOfficerofInvestmentintheabsenceoftheCEO)asChairman

• held57meetingsin2015

ManagementProcurementCommittee

• responsibleformattersrelatingtoprocurementofworks,servicesandsupplyofgoodsforcontractsvaluedatlessthanRM500,000.00

• consistsofkeyseniormanagementincludingtheChiefExecutiveOfficerasChairman• held13meetingsin2015

AccoUNtABILIty ANd AUdIt

Financial Reporting

TheBoardaimstoprovideaclear,accurateandcomprehensiveassessmentoftheEPF’sfinancialperformanceandprospectsthroughtheannualfinancialstatement.Thisisinadditiontoprovidingtransparentandup-to-datedisclosuresontheEPF’sfinancialperformanceandprospectsthroughquarterlyannouncementofresultstostakeholders.

Risk Management and Internal Control

TheBoardandmanagementarefullycommittedtoarobustinternalcontrolsystem,proceduresandpoliciestoensurestakeholders’interestsandtheEPF’sassetsaresafeguarded.

corporate Responsibility

TheEPFbelievesthatthereshouldbeabalancebetweenvaluecreationandcorporateresponsibility.

coMMUNIcAtIoN WIth StAKEhoLdERS

TheEPFbelieves that communicationwith stakeholders formsan importantpart of the corporate governance framework andacknowledges theneed tobetransparenttoitsstakeholders.TheEPFdisclosesquarterlyreportsonitsinvestmentactivitiescomprisinginformationonassetallocation,revenuegeneratedfromeachassetclass,totalfundsizeandoutlookforthefollowingquarter.Italsodisclosesthetop30equityinvestmentsonaquarterlybasistoensuretransparencyandprovidestakeholderswithinformationontheEPF’sholdingsinpubliclistedcompaniesinMalaysia.

TheEPFcontinuestoholddialogueswithitsinvesteecompanies.In2015,managementvisited32companies(local:21,overseas:11).TheEPFalsoattendedandvotedactivelyin108annualgeneralmeetings(AGM)and49extraordinarygeneralmeetings(EGM)ofitsinvesteecompanies.

As the EPF becomesmore active in overseeing its investments, the organisation has appointed nominees on the boards of listed and unlisted companies. Asat31December2015,theEPFhasnomineesinninelistedcompaniesand44unlistedcompanies.




Refer to page 103 of this Annual Report.


80

RISK MANAGEMENt

1.0 ovERvIEW

TheEPFembracesriskmanagementasanintegralcomponentofitsinvestments,operationsanddecision-makingprocess.With itscommitmentto implementsoundriskmanagementpracticesandgovernance,theEPF isabletosustainexcellentperformancein linewithitsMissiontoprovidethebestretirementsavingsscheme.Whethertheriskrelatestostrategy,credit,market, liquidityoroperations, theEPF continues to leverageon its robust riskmanagementculture and integrated risk management framework to take advantage ofpotentialopportunitiesinordertocounterallpossiblethreats.TheEPFadoptsaproactiveapproachinidentifyingandmanagingrisksinthefaceofuncertaintyintheoperatingenvironmentandvolatilitiesinthefinancialmarket.

“effective risk management is critical for the ePF to achieve sustainable returns and long term growth in

today’s globalised and interlinked macroeconomic and financial environment.”

TheRiskAppetiteStatementsdefinesthelevelofrisksthattheEPFiswillingtotolerateandformsthebasisoftheallocationoffundsforinvestment.TheassetallocationisregularlyreviewedtoensurefundsareinvestedwithintheEPF’sriskappetite.

2.0 RISK MANAGEMENt GovERNANcE StRUctURE

The EPF adopts a ‘top-down’ and ‘bottom-up’ approach, whereby thedepartments, spokes and management continue to engage in healthydiscussions on key risk matters and processes, thus creating a robust riskpractisingculture.Supportingtheriskgovernancestructure,formalpolicyandproceduresaredevelopedtoaddressallkeyriskareas.

3.0 thE BoARd ANd thE INvEStMENt PANEL

The EPF’s risk management structure provides clear lines of responsibilityandaccountabilityfortheriskmanagementprocessesaswellasoutlinestheprincipalriskmanagementandcontrolresponsibilities:

the EPf Board hasoverallresponsibilityfortheorganisation’sriskmanagement,exceptforactivitiesrelatedtoinvestmentdecisions.

The Investment Panel (IP) is responsible for overseeing risk managementpertainingtotheEPF’sinvestmentdecisionmakinganddefinesthelevelofrisksthattheEPFiswillingtotoleratethroughitsRiskAppetiteStatements,whichformsthebasisoftheallocationoffundsforinvestment.

BoARd of thE EPf INvEStMENt PANEL

Board Risk Management Committee

Management OperationsRisk Committee

Management RiskCommittee

• Risk Management Department• Investment Compliance Department

Management InvestmentCommittee

Business Units, Spokes and Departments

Investment Panel Risk Committee

establishmentof Risk Policy

Risk Policy Implementation Compliance

ensure Risk Policy Implementation &

Compliance

Board Audit Committee

Supported by Internal Audit Department




81

RISK MANAGEMENt

3.1 thE BoARd RISK MANAGEMENt coMMIttEE ANd INvEStMENt PANEL RISK coMMIttEE

• The Board Risk Management Committee (BRMC) isresponsibleforassistingtheBoardinoverseeingalloperationalriskmanagementactivities except for activities pertaining to making investmentdecisionsandtoensurethattheriskmanagementprocessisinplaceandfunctioningeffectively.

• The Investment Panel Risk Committee (IPRC) is responsible forassistingtheIPinrecommendingtheriskappetiteandappropriateallocation of the risk ‘budget’. The IPRC is delegated with theresponsibilitytoreviewandapproveappropriateriskmeasurement,policies,processesandlimitstoensuretheircontinuedeffectiveness.

3.2 thE dEdIcAtEd coMMIttEES

• The Management Operations Risk Committee (MORC) isestablishedat theManagement level tooversee, implement andexecute the EPF’s operational risk management (which includesstrategies,culture,structure,peopleandprocesses)andtoensurethat the riskmanagement framework is implemented effectivelythroughouttheorganisation.

• The Management Risk Committee (MRC) isaManagement levelcommittee responsible for developing and reviewing risk policiesandappropriatelimitsformanagingtheEPF’sinvestmentrisks.

• The Management Investment Committee (MIC) isaManagement-level committee responsible for evaluating and recommendinginvestmentproposalstotheIP.Italsoevaluatesandrecommendsinvestment strategies and the performance of external fundmanagers.

• The Risk Management Department (RMD)supportstheMIC,MRC,MORC,IPRC,BRMCandIPinallriskmanagementmatterscoveringinvestment risk, operational risk, riskmeasurement, independentassessment,monitoringandreportingofriskexposures.

• The Investment Compliance Department is responsible formonitoringandcomplianceofall investmentrelatedriskpoliciesandlimits.

• The Business units, Spokes and Departments being the first lineof defence, are responsible for managing risks in their respectivefunctions on a day-to-day basis aswell as for escalating significantpotentialriskstotheMORCviatheRiskManagementDepartment.Amongtheprincipalrolesandresponsibilitiesofthebusinessunitsareto:

• Identify,assessandmanagerisks;• Constantlyreviewtheirriskprofilestoensurerelevancyand

appropriateness;• Update the risk status and level of riskmanagement and

controls;• Developandimplementactionplanstomanagerisks;and• Adheretoriskmanagementpracticesandguidelines.

4.0 INvEStMENt RISK MANAGEMENt

Thekeyelementsofinvestmentriskmanagementareasfollows:

• Framework• MarketRiskManagement• CreditRiskManagement• LiquidityRiskManagement

4.1 fRAMEWoRK

The Investment Risk Management Framework governs the EPF’sinvestmentprocessesandensuresthateffectiveriskmanagementcontrolsandproceduresareinplacewithregardtoinvestmentdecisionmaking.

Theframeworkprovidesanapproachtomanagingandanticipatingbothexistingandpotential risksarising in theEPF’s investmentportfolio,andenablestheEPFtohaveastructuredprocesstomeasure,assess,monitorandmanageitsportfoliorisks.ThisensurestheEPFoptimisesitsreturnsonrisk-takingactivitieswithintheriskappetitelevelasapprovedbytheBoard.

Theriskgovernanceframeworkisillustratedinthefollowingchart:

Risk Measurement• Absolute Risk• Relative Risk

Investment ProcessStrategic Asset Allocation (SAA)Tactical Asset Allocation (TAA)

Portfolio Management LevelTransaction Level

Risk Policies and Limits• Guidelines and Policies• Mandates and Limits

Independent Assessment• Credit Risk Assessment

Risk Performanceand Reporting

• Performance Dashboard• Investment Risk Compliance

RISK MANAGEMENt oRGANISAtIoN

Risk Processes

Risk Tools and Systems Risk Modeling




82

RISK MANAGEMENt

4.2 MARKEt RISK MANAGEMENt

Marketriskistheriskoflossfromchangesinthevalueofportfoliosandfinancial instruments due tomovements in interest rates, foreignexchangeandequityprices.

The objective of market risk management is to ensure that riskexposuresundertakenbytheEPFarewithintheriskappetite.Thisis done through an annual review of various policies and limits,periodic reports tomonitormarket risk at portfolio level for eachassetclassandindependentvalidationperformedontheunderlyingriskmethodology:

• Name,ownership,countryandsectorconcentrationlimits-toensureappropriatediversificationofriskexposures.

• Value-at-risk (VaR) - a statistical measure of the potentiallosses that couldoccurasa resultofmovements inmarketratesandpricesoveraspecifiedtimehorizonwithinagivenconfidencelevel.

• Duration - tomanage the sensitivity of the price of a fixedincomeinvestmentarisingfrominterestratemovement.

• Tracking error - a standard deviation of the portfolio’sexcess returns relative to a benchmark in measuring andbenchmarkingtheperformanceoftheportfolio.

• Backtesting - a validation process performed to check theaccuracyoftheriskmethodologyusedincomputingVaRforbothfixedincomeandequityportfolios.

• Stresstesting-anexerciseconductedtocapturethepotentialmarket risk exposure of ‘what-if’ scenarios. It incorporatesfactorssuchascorrelation,volatilityandreturnsatdifferentlevels.

4.3 cREdIt RISK MANAGEMENt

CreditRiskistheriskoflosscausedbyacounterparty’soranobligor’sfailuretomeetitspaymentobligations.ExposuretocreditriskarisesfromtheEPF’s investingactivities infixed incomeand realestate.Infixedincomeactivities,creditriskarisesfromthepossibilitythattheobligorsarenotabletofulfiltheirobligationonorbeforetheirrespectiverepaymentduedate. Inrealestateactivities,creditriskariseswhencounterparties,suchastheEPF’s investmentpropertytenantsarenotabletofulfiltheirrentalobligations.Creditriskmayalsoarisewherethedowngradingofacounterparty’sratingcausesthefairvalueoftheinvestmenttofall.

TheEPF’screditriskmanagementinvolvesthoroughcreditanalysisandprudentunderwritingstandards.TheEPFreviewsandupdatesits credit underwriting standards to commensurate with marketplacebestpractices.

Attheportfoliolevel,thefollowingcreditriskmanagementhasbeenputinplacetomanagecreditriskexposure:

• Credit risk limits and Management Action Triggers (MATs)incorporatingminimum broad credit criteria for investmentincludingnameconcentrationandcounterpartyexposures.

• CreditportfoliosystemtomeasurecreditriskoftherelevantportfoliosusingCredit-Value-atRisk(CVaR).

• Periodicreviewofexistinginternalcreditratingtemplatesforobligorstoensuretheirrelevance.

• Strong credit awareness/culture across the investmentpersonnel in the EPF through active engagement with theinvestmentpersonnelatalllevels.

Atthetransaction level, thefollowingcreditriskmanagementhasbeenputinplacetomanagecreditrisk:

• Independent risk assessment is conducted for every newinvestment proposal presented to the ManagementInvestment Committee and Investment Panel meetings fordecision.

• Close monitoring of changes to existing investments viaassessmentsonanad-hocaswellasperiodicbasis.

• Credit rating tool to measure the creditworthiness orprobabilityofdefault(PD)oftheobligors,asfollows:

i. CorporateRatingTemplatewhichprovidesinternalriskratingforcorporateobligors.

ii. Financial institution rating template which providesinternalriskratingforfinancialinstitutionobligors.

iii. Credit tool which measures the Expected DefaultFrequency(EDF)orProbabilityofDefault(PD)toprovideearlywarningsignalsfortheEPF’sclosemonitoringofrespectiveobligors.

4.4 LIQUIdIty RISK MANAGEMENt

LiquidityriskrelatestotheinabilityoftheEPFtomeetitsfinancialcommitmentsandobligationswhentheyfalldue.TheEPF’sliquidityriskislimitedasallcontributionsaremandatedbytheEPFAct1991throughthedeductionofsalariesandmembersareallowedtomakewithdrawalsunderpre-retirementandretirementschemes.TheEPFmanagesitsliquidityrequirementsthrough:




83

RISK MANAGEMENt

• Monitoringofitsdailycashflowandprojectingmonthlycashflowonarolling12-monthbasis;

• Allocating3%of itsasset’svalueforshort-terminstrumentsintheform of cash and placements in financial institutions in order tomeetmembers’withdrawalsandotherfinancialcommitmentsandobligations;and

• Diversifying its investment portfolio by setting the concentrationlimitsonname,sectorandassettype.

Over themediumand longer term, the EPF is able tomeet its liquidityrequirements through itsholdingsof liquid investments suchaspubliclytradedequitiesandavailableforsalefixedincomesecurities.ThematurityprofileoftheEPF’sassetandliabilityisalsomonitoredwithinastipulatedlevel. The Group and the EPF’s financial liabilities are categorised intorelevantmaturitygroupingsbasedontheremainingperiodattheStatementofFinancialPositiondatetothecontractualmaturitydate.

5.0 oPERAtIoNAL RISK MANAGEMENt

Thekeyelementsofoperationalriskmanagementareasfollows:

• Framework• OperationalRiskManagementMethodologyandProcess• CorporateRiskScorecard• BusinessContinuityManagement

5.1 fRAMEWoRK

Operationalriskistheriskoflossresultingfrominadequateorfailedinternalprocesses,peopleorsystems,orfromexternalevents.

TheEPFaimstouseOperationalRiskManagement(ORM)tosupportandenhanceitsactivitiesinalloperationalareas.ORMisanintegralpartoftheEPF’sdecision-makingprocessandcorporateculture.

TheMSISO31000:2010RiskManagement–PrinciplesandGuidelines,a global risk management standard sets the policy, principles,processes and methodology in managing operational risks. EPFadoptsthestandardasamainpracticeguideinitsframeworkwhichisreviewedonaregularbasistoensureitscontinuedapplicationandrelevance.

5.2 oPERAtIoNAL RISK MANAGEMENt MEthodoLoGy ANd PRocESS

Themainelementsoftheoperationalriskmanagementprocessasshowninthefigureareasfollows:

Establishing the context: Articulates the organisation’s objectivesanddefinestheexternaland internalparameters tobetaken intoaccountwhenmanagingrisks.

Risk assessment: The overall process of risk identification, riskanalysisandriskevaluation.

Risktreatment:Actionstobetakentoprevent,detectormanagetheNettRiskstoanacceptablelevel.

Communication and consultation: The two-waydialoguebetweenRiskManagementDepartmentandstakeholderswithregardstotheexistence,nature,form,severity,oracceptabilityofrisks.

Monitoringandreview:Bothactivitiesareplannedandareintegralpartoftheriskmanagementprocessthatinvolveregularcheckingorsurveillance.

Source: MS ISO 31000: 2010Risk Management - Principles and Guidelines

ovERvIEW of thE oPERAtIoNAL RISK MANAGEMENt PRocESS

ESTABLISHING THE CONTExT

Com

mun

icatio

n &

Con

sulta

tion

Monitor &

Review

RISK IDeNTIFICATION

RISK ANALySIS

RISK eVALUATION

RISK TReATMeNT

RISK ASSESSMENt




84

5.3 coRPoRAtE RISK ScoREcARd

TheCorporateRiskScorecard(CRS)methodology,incorporatestheRiskandControlSelf-Assessment(RCSA)modulewhichallowsemployeestoself-assessandupdatetheirriskprofiles.

The CRS is implemented through theOperational Risk (ORM) Systemwhichrecordstheownershipanddetailsofrisks,controls,managementactionsandincorporateschangestotheriskscorecard.Allbusinessunitsusetheriskscorecardasatooltomanagetheirriskseffectively.

Access to the ORM system is provided on an enterprise-wide basisso that all Risk Scorecard Owners, Risk Owners, Control Owners andManagement Action (MA) Owners can undertake RCSA activitieseffectively.Atotalof100riskscorecardswereinplacein2015,consistedofoneCEOriskscorecard,threeDCEOriskscorecards,28departmentriskscorecardsand68spokesriskscorecards.

RISK MANAGEMENt

Risks are monitored and managed through ownership from the linemanagement.ThroughtheCorporateDigitalAssurance(CDA)process,scorecard,risk,controlandMAownersarerequiredtoprovidedigitalassurance six times a year to theManagement that they have beenmanagingriskswithintheirprofilesappropriately.

Keyriskindicators(KRIs)identifiedintheriskscorecardsactasanearlywarningsystem,enablingtheEPFtomonitorpotentialrisksbeforetheyescalateintoseriousconcerns.

The Risk Management Department reports and highlights riskmanagementrelatedissuesintheMORC,BRMCandtheEPFBoardfortheirinformationand/ordecisionmakingonaperiodicbasis.

Theperformancemanagement is integratedwith riskmanagement toidentifyandmonitorkeyrisksimpactingEPF’sbusinessobjectives.

coRPoRAtE RISK ScoREcARd MEthodoLoGy

The level of risk is determined upon the assessment of Gross Risk Rating Control effectiveness Rating and Nett Risk Rating. The risk score of each risk factor derived by adding the rating on possibility and impact.

Risk Scorecard

Risk Owner

Control Owners

MA Owners Note:MA =Management ActionKRI=Key Risk Indicator

Ownership is assigned for every scorecard, risk control and Management Action (MA) to ensure accountability and execution

KRI Owners

Risk Owner Risk Owner

Sources of Risk

•External•Regulatory&Legal

•CorporateGovernance

• Financial•Customers•Product&Services

•Suppliers•Operations•HumanCapital

establishing the context include considering internal and external parameters relevant to the organisation as a whole, as well as the background to the particular risks being assessed. All these contexts are described as “The 9 Sources of Risks”.

Gross Rating control Effectiveness

Nett Rating

•Identificationofcausesandconsequences

•Worstcasescenario

•Nocontrolorcontrolstotallyineffective

•ReduceCause•Preventiveanddetectivecontrols

•ReduceConsequences

•Detectiveandcorrectivecontrols

•Aftertakinginconsiderationcontrolseffectiveness

Risk Scoring

VeryHigh

5 6 7 8 9 10High

4 5 6 7 8 9Medium

3 4 5 6 7 8Low

2 3 4 5 6 7VeryLow

1 2 3 4 5 6Insignificant

1Minor

2Moderate

3Major

4VerySignificant

5

Impact

Poss

ibili

ty




85

6.0 BUSINESS coNtINUIty MANAGEMENt

TheBusinessContinuityPlan(BCP)Frameworkservestodevelopawell-coordinatedandconsistentBCPthatwouldallowtheEPFtorespondeffectivelytobusinessdisruption,resumeessentialoperationswithinrequiredtimeframesandminimisethecostofdamageandinterruptionstobusinessoperationsfromtheeffectsofadisaster.

TheillustrationbelowshowsthecomponentsoftheEPF’sBusinessContinuityManagement(BCM)Framework:

RISK MANAGEMENt

decisionDrivers

design

Implementation

Business vision and Strategy

Business continuity Management Structure

Seni

or M

anag

emen

t com

mit

men

t

training and Awareness Program

meProgramme Initiation &

Information GatheringRisk Assessment &

Business Impact AnalysisPlan Development

& RevisionStrategy

Developmentexercise of BCP Plans

& Maintenance

Policies and Standards

Crisis Management & Business Continuity Plans

Technology Strategy& Usage

Business Initiatives & Processes

Vulnerability & Risk Assessment

TheimplementationofBCPintheEPFisbasedonthreecomponentsnamely:

• Human Resource Readiness – this refers to the development ofknowledgeandskillsinmanagingdisasters.Implementationisthroughtraining on BCP readiness, tutorials, walkthroughs, call trees, crisissimulationsexerciseandBCMi-learning.

• Infrastructure Readiness – this refers to testing the system to ensureoptimalreadinessandfunctionalityintheeventofadisaster.Thisisdonethroughequipmentandsystemtestingwhichisperformedtwiceayear.

• PlanReadiness–thisreferstothereadinessoftheBCPtoensuretheplanisup-to-dateandrevisescontinuouslybasedoncurrentworkfunctions.

Activation of the BCP follows three disaster codes to signify the level of adisaster.Codegreenmeansthatthereisnodisaster.CodeYellowmeansthatanincidenthasoccurredandisunderinvestigation.CodeRedmeanstheBCPis activated and relevant teams will have to execute the relevant recoveryproceduresincludingactivationoftheRecoveryCentre.

Aspartofacontinuousprocessofenhancingdisasterpreparedness,twocrisissimulationexerciseswereconductedinEPFMelakaandIpoh.ThepurposeoftheseexerciseswastoevaluatethereadinessofbranchemployeesinhandlingcustomersandITsystemrecoveryintheeventofanydisaster.

7.0 KEy RISK MANAGEMENt INItIAtIvES IMPLEMENtEd IN 2015

• Introduced the Strategic Risk Culture Index as a KPI for the EPFCorporateScorecardtoemphasisetheimportanceofleadershipandtopmanagement’sroleinriskmanagementtoensureongoingeffectiveness.This strategic KPI complements the existing risk culture KPI in alldepartmentsandspokestofurtherenhanceriskawarenessandcultureintheEPF.

• Embarkedonriskvalidationinitiativetofacilitateinidentifyingemergingrisks and enhancing controls for departments and spokes. These willthenbeincorporatedintotheriskscorecardtoensurethatthescorecardremainsrelevantanddynamic.

• Subscribedanewrisksystemthatallowsthedecompositionofriskintomeaningfulsources,relativetoanybenchmarkaswellastheabilitytoanalysefactorsaffectingequityreturns.

• ReviewedandvalidatedtheEPF’sinternalratingtemplatesforfinancialinstitutionsandcorporateissuerstoensuretheirrelevance.

• Expandedtheforeignexchangecurrencyhedgingpolicytoincludeglobalequityportfolio.

• Performed stress testing and establishedmanagement action plan to

bettermanageanypotentialadversemarketmovements.

threats




86

StAtEMENt oN RISK MANAGEMENt ANd INtERNAL coNtRoL

INtRodUctIoN

TheEPFhas issued thisStatement inaccordancewith the“StatementonRiskManagement & Internal Control - Guidelines for Directors of ListedIssuers”(theGuidelines)issuedbyanindustry-ledtaskforcesupportedbyBursaMalaysiaandtheSecuritiesCommissionMalaysia.Thisistopromotegood corporate governance, as theGuidelines are not a requirement fortheEPF.

The Guidelines are in line with Principle 6 of the Malaysian Code onCorporateGovernanceissuedinMarch2012,whichstatesthattheBoardshouldestablishasoundriskmanagementframeworkandinternalcontrolsystem.

RESPoNSIBILIty

The Board acknowledges its overall responsibility for the adequacy andeffectiveness of the EPF’s riskmanagement and internal control system.TheEPF’sriskmanagementframeworkisdesignedtoidentify,analyseandevaluatesignificantrisksthathindertheachievementoftheorganisation’spoliciesandobjectives.Accordingly,theinternalcontrolsystemisinplaceto manage rather than to eliminate those risks. It can, therefore, onlyprovidereasonableandnotabsoluteassurance.

Three committees have been delegated the responsibility for overseeingtheadequacyandeffectivenessoftheEPF’sriskmanagementandinternalcontrolsystem:

• The Board Audit Committee (BAC) on the internal controls, riskmanagementandgovernanceprocesses.

• TheBoardRiskManagementCommittee(BRMC)ontheriskmanagementactivities,exceptactivitiesinmakinginvestmentdecisions.

• The Investment Panel Risk Committee (IPRC) on investment riskmanagementmatterscoveringriskappetite,riskmeasurement,policiesand limits, except activities involving investment operations. Furtherinformation on IPRC is provided in the Statement on Investment RiskManagementintheAnnualReport.

TheManagement’sroleincludes:

• IdentifyingrelevantrisksinachievingtheEPF’sobjectivesandstrategies;

• Designing, implementing and monitoring the risk managementframeworkandsystemof internal control inaccordancewith theEPF’sstrategicvisionandoverallriskappetite;and

• Identifyingchangestorisksoremergingrisks,takingactionasappropriate,andkeepingtheBoardinformedonatimelybasis.

RISK MANAGEMENt ANd INtERNAL coNtRoL fRAMEWoRK

The EPF has in place a sound risk management and internal controlframeworkaspartofgoodcorporategovernancepractice.

The key systems and processes that the Board has established forthe purpose of reviewing the adequacy and effectiveness of the riskmanagementandinternalcontrolsystemareasfollows:

Risk Management Framework

The Board has adopted an Operational Risk Management (ORM)FrameworkbasedontheMSISO31000:2010RiskManagement–Principlesand Guidelines, which outlines the principles, policies and processes inmanagingtheEPF’soperationalrisks.

The EPF has established clear lines of responsibility and accountabilityfortheriskmanagementprocessaswellasoutlinedtheprincipalriskandcontrolresponsibilitiesundertheriskmanagementstructure.

(a) The Board Risk Management Committee (BRMC) oversees alloperationalriskmanagementactivitiesandensuresthatappropriateriskmanagementprocessesareinplaceandfunctioningeffectively.TheCommitteereviewsandrecommendsriskmanagementstrategiesandassessestheadequacyoftheriskmanagementframework.

(b) TheBRMCisassistedbytheManagementOperationalRiskCommittee(MORC),whichreviewstheriskmanagementframeworkandensuresthatitisimplementedeffectivelythroughouttheorganisation.

TheEPFadopts theThreeLinesofDefenceModel.Thedepartmentsandbranches,beingthefirstlineofdefence,areresponsibleforensuringthatariskcontrolenvironmentisestablishedandoperatingeffectivelyaspartofday-to-dayoperations.

The second line of defence is the RiskManagement Department, whichdevelops the risk management framework, policy, methodologies andtoolsforthemanagementofkeyrisksintheorganisation.Adetailedscopeof work regarding the riskmanagement function is provided in the RiskManagementsectionintheAnnualReport.




87


The InternalAuditDepartment, being the third lineof defence, providesthe Board Audit Committeewith independent and reasonable assuranceon the adequacy and effectiveness of the riskmanagement and internalcontrolsystem.

The Risk Management Governance Structure is provided in the RiskManagementsectionintheAnnualReport.

Internal Control Framework

The system and framework are based on the Committee of SponsoringOrganisations of the Treadway Commission (COSO) Internal ControlIntegrated Framework, an internationally recognised benchmark on riskmanagementandinternalcontrols.

TheBoardAuditCommitteeassiststheBoardinevaluatingtheeffectivenessof the internal controls, risk management (except risk managementactivities inmaking investmentdecisions,whichcomeunderthepurviewoftheInvestmentPanel)andgovernanceprocessesoftheEPF. Itreviewsinternal control issues identified in reports prepared by the internal andexternal auditors, and evaluates the effectiveness and adequacy of theinternal control system, operational risk management and governanceprocesses. It further reviews the internal audit function with particularemphasis on the internal audit’s independence, scope, resources andqualityofinternalaudits.

Details of the activities undertaken by the Committee are set out in theBoardAuditCommitteeReportoftheAnnualReport.

The Internal Audit Department reviews the key activities of the EPF’sbusinessesbasedontheannualinternalauditplanasapprovedbytheBoardAuditCommittee.AdetailedscopeofworkoftheInternalAuditFunctionisprovidedintheStatementonInternalAuditintheAnnualReport.

KEy ELEMENtS of INtERNAL coNtRoL

KeyelementsofinternalcontrolinplacewithintheEPFareasfollows:

Control Environment

The control environment sets the tone of an organisation, influencingthe control consciousnessof its people. It is the foundation for all othercomponentsofinternalcontrol,providingdisciplineandstructure.Relevantkeyactivitiesinclude:

• Terms of Reference ClearlydefinedtermsofreferenceontherolesandresponsibilitiesofallBoardcommitteesandtheInvestmentPanel,asstatedintheStatementonCorporateGovernance.

• Organisational Structure The structure has clearly defined lines of accountability, delegation ofresponsibilityandlevelsofauthorisationforallaspectsofthebusiness.Managementcommitteesmeetonaregularbasistoidentify,discussandresolve operational, financial, investment and keymanagement issuesandperiodicallyreporttotheBoard,InvestmentPanelanditsrespectivecommittees.

• Human Resource Policies and Procedures Proper guidelines within the organisation for hiring and terminationof staff, staff trainingprogrammes, annual performanceappraisals andotherrelevantprocedurestoensurethatemployeesarecompetentandadequatelytrainedincarryingouttheirresponsibilities.

• Culture of Integrity Entrusted with managing members’ savings, various programmes andinitiatives are inplace to inculcateanduphold the cultureof integrity,suchastimelydeclarationsofassetsbystaff,declarationsofconflictofinterestinbothprocurementandinvestmentprocessesaswellasano-giftpolicy.TheIntegrityandGovernanceDepartmentistaskedtohandlemattersonintegrityandgovernance.

• Corporate Integrity Pledge TheCorporate IntegrityPledge,signedon7December2015,augmentsthe commitment by the EPF to uphold integrity, which is essential tocreateabusinessandoperatingenvironmentthat istransparentandinlinewithglobalbestpracticesingovernance.

Risk Assessment

Riskassessmentinvolvesadynamicandongoingprocessofidentifyingandassessingrisksthatmayhindertheachievementofobjectives.Relevantkeyactivitiesinclude:

• Corporate Risk Scorecard (CRS) The Corporate Risk Scorecard (CRS) methodology is a detailed riskmanagementapproachwhererisksareidentifiedbasedoninternalandexternalsources,andareanalysed,evaluated,treatedandmonitored.

TheCRSallowsforcontinuousRiskandControlSelf-Assessment(RCSA)tobeperformedsothatemployeescanself-assessandupdatetheirriskprofiles.




88


Control Activities

Control activities are the policies and procedures that help ensuremanagementdirectivesarecarriedouteffectively.Theyensurenecessaryactionsaretakentomitigatetherisksthathindertheachievementoftheorganisation’sobjectives.Relevantkeyactivitiesinclude:

• Business Performance Management TheEPFusestheBalancedScorecard(BSC)methodologytooperationaliseitsstrategies,alignedtoitsvisionandmissionandtodriveperformance.

ThebusinessperformanceismeasuredthroughasetofKeyPerformanceIndicators(KPIs),integratedwithriskmanagementtoenabletheEPFtoidentifyandmonitorkeyrisksimpactingthebusinessobjectives.

• Annual Corporate Plan The 2015 Annual Corporate Plan has incorporated the pertinentoutcomes,keyprioritiesandstrategic initiativestobe implementedforthe next three (3) years tomeet both the immediate andmedium- tolong-termobjectivesof theorganisation. It is reviewedby therelevantmanagementcommitteesandapprovedbytheBoard.

• Strategic Risk Culture Index StrategicRiskCulture Index is incorporatedasaKPIwith theobjectivetowardsenhancingriskmanagementpracticesintheEPF.

• Policies and Procedures Policiesandprocedurestoensurecompliancewithinternalcontrols(suchassegregationofduties,independentchecks,verificationprocessesandsystemaccesscontrols)assetoutinoperationmanuals,guidelinesanddirectivesissuedbytheEPFareupdatedregularlyandsignedoffbytherespective Heads of Departments and the CEO. Policy guidelines anddelegated authority limits are also imposed on theManagement withregardstoday-to-dayoperations.

• ICT Security Policy An ICT Security Policy outlining appropriate policies and proceduresto ensure confidentiality, integrity and availability of information andsystem application has been put in place. Data Loss Protection (DLP),monitoring, hardening, assessment and other IT security controls arein place tomitigate the IT security risk. To further assess and improveIT security controls, a Cyber Security Maturity (CSM) assessment isinitiatedin2015toevaluateandfurtherstrengthentheInformationandTechnologysecuritypostureintheEPF.

• Chinese Wall Policy The Chinese Wall Policy and its procedures are issued to safeguardagainst any compromise on the tenets of integrity, transparency andaccountabilitybycontrolling,restrictingandmanagingtheflowofpricesensitiveinformation.

• Business Continuity Management (BCM) BCM plans and systems are continuously monitored, tested andcommunicatedtoalllevelstoensurethattheorganisationispreparedintheeventofacrisisordisaster.

• Insurance Coverage Adequate insurance coverageofmajor assets is in place to ensure theEPF’sassetsareprotectedagainst incidentthatcouldresult inmaterialloss.

Information and Communication

Information and Communication support all other control componentsbycommunicatingcontrol responsibilities toemployeesandbyprovidinginformation ina formandtimeframethatallowpeopletocarryouttheirduties.Relevantkeyactivitiesinclude:

• Fraud Control Management Plan TheFraudManagementCommitteeoverseestheEPF’soverallapproachon fraud control under the Fraud Control Management Plan, whichincludesAnti-FraudandWhistleblowerProtectionPolicies.




89


• Communication of Operational Risk Management (ORM) ORMprinciples,frameworkandprocessesadoptedbytheEPFhavebeendisseminated to all employees at all levels for better understandingofthepracticesadopted.

Monitoring

Ongoingmonitoringandevaluationoftheeffectivenessofinternalcontrolare built into business processes at different levels of the organisation.Relevantkeyactivitiesinclude:

• Operational Risk Management System An integrated operational riskmanagement system is used tomonitorand manage the EPF’s risk exposure. Key risks are identified and theeffectivenessofinternalcontrolisassessedandelectronicallyconfirmedby the respective departments andbranches on a timely basis.Wherethe mitigated risks are not within acceptable levels, individual actionplansare identifiedandtheir implementationaremonitored to reducethegap.

• Regular reporting Adequateprocessesare inplace todiscuss issueson riskmanagementand internal control deficiencies, which are reported regularly to theManagement through various committees. TheManagement evaluatesandcommunicatestopartiesresponsiblefortakingcorrectiveactioninatimelymanner.

• Monitoring Activities by Internal Audit The results of all audit engagements are reported to the Board AuditCommittee (BAC)andcommunicated to theManagement.The InternalAudit Department maintains a follow-up process to monitor and helpensurethatalltheagreedauditobservationsandresolutionshavebeenpromptlyaddressed.

• Quality Management Standard AlltheEPF’scoreprocessescomplywiththeMSISO9001:2008standard.

ASSURANcE oN RISK MANAGEMENt ANd INtERNAL coNtRoL

The Board is of the opinion that the EPF’s riskmanagement and systemof internal control are sound and sufficient to safeguard the interests ofmembers.TheBoard’sreviewoftheeffectivenessoftheriskmanagementandsystemofinternalcontrolissupportedby:

• TheBoardRiskManagementCommittee,whichmeetsaminimumoffourtimesayeartooverseeriskmanagementactivities.

• The Board Audit Committee, whichmeets aminimum of four times ayear and reviews the findings and recommendations of the internalauditorandtheAuditorGeneral.

• The Auditor General’s issuance of the annual audit certificate on thefinancialstatements.

• The Management’s assurance that the EPF’s risk management andinternal control system are operating adequately and effectively in allmaterialaspects.

This statement ismade inaccordancewith the resolutionofmembersoftheBoarddated1March2016.




90

BoARd AUdIt coMMIttEE REPoRt

1. MEMBERShIP

TheBoardAuditCommitteeconsistsofthefollowingmembers:

a) Forterm1June2015to31May2017

No. (A)

Board Audit Committee Members

(B)

Representative(c)

i. DatukThomasGeorge Chairman–Professionals

ii. DatukDr.SundaranAnnamalai

DeputyChairman–Government

iii. DatukAbangHajiAbdulKarimTunAbangHajiOpeng

Employers

iv. DatukLokYimPheng Employees

v. Mr.ZainalAbidinKassim Professionals

b) Previousterm,from1June2013to31May2015

No. (A)

Board Audit Committee Members

(B)

Representative(c)

i. TuanHajiMd.JafarAbdulCarrim

Chairman–Professionals

ii. Dato’MatNoorNawiDatukAhmadBadriMohdZahir(AlternateMember)(appointedon 1May2014)Dato’SitiZauyahMohdDesa (AlternateMember)(completedserviceon 1May2014)

DeputyChairman–Government

iii. DatukAbangHajiAbdulKarimTunAbangHajiOpeng

Employers

iv. DatukLokYimPheng Employees

v. DatukThomasGeorge Professionals

2. MEEtINGS

TheBoardAuditCommitteeholdsmeetingsatleastfour(4)timesayear.Inaddition, itmeetswithexternalauditorsat least twiceayear in theabsenceoftheManagement.

Duringthefinancialyear2015,theBoardAuditCommitteemettentimes(four(4)SpecialBoardAuditCommitteemeetings,four(4)BoardAuditCommitteemeetingsandtwo(2)BoardAuditCommitteemeetingswiththeAuditorGeneral).

FurtherdetailsoftheBoardAuditCommitteeattendancearesetoutintheStatementofCorporateGovernance.

3. tERMS of REfERENcE

TheBoardAuditCommitteeisgovernedbyitsowntermsofreference.A summaryof the latestBoardAuditCommittee’sTermsofReference,whichwasapprovedbytheBoardon16July2012,isasbelow:

3.1 Duties and Responsibilities

ThedutiesandresponsibilitiesoftheBoardAuditCommitteeshallbe:

3.1.1 Internal Audit

a. To approve the Internal Audit Charter, definingthe authority, accountability and role given by theManagementtotheinternalauditorsinordertocarryouttheirwork.

b. Toreviewandapprovetheannualauditplanpreparedbytheinternalauditors.

c. To evaluate the internal control system throughreviews of the internal audit reports that highlightany weaknesses in accounting, organisational oroperationalcontrolsandrectificationscarriedoutbytheManagement.

d. To evaluate the effectiveness and efficiency of theInternalAuditDepartmentthroughperiodicmeetings.

e. To evaluate the annual performance of the internalauditorsbasedonthe implementationof theannualauditplanandotherassessmentsasinstructedbytheBoardAuditCommitteefromtimetotime.




91


f. To review and consider the implementation of aqualityassurancereviewoftheinternalauditfunctionby qualified independent reviewers at least once ineveryfiveyears.Findings fromthequalityassurancereviewshallbereportedtotheBoard.

g. To supervise and direct special projects orinvestigations deemednecessary or as instructed bytheBoard.

3.1.2 Risk Management

Toprovideanindependentopinionandreasonableassuranceon the adequacy and effectiveness of risk management,exceptforriskmanagementactivitiesrelatedtoinvestmentdecision-making.

3.1.3 External Audit

a. To evaluate the internal control system throughreviews of the external audit reports that highlightany weaknesses in accounting, organisational oroperationalcontrolsandrectificationscarriedoutbytheManagement.

b. To review and consider the need for a specialmanagementauditbyexternalauditors, thefindingsofwhicharetobereportedtotheBoard.

3.1.4 Audit Reports

a. To review and analyse all audit findings and queriesraisedbytheinternalandexternalauditors.

b. TodeterminethescheduleofperiodicalreportsfromtheManagement,andinternalandexternalauditors,taking into consideration the impact of significantchanges,improvementsonaccountingtreatmentsandreportingrequirementsasproposedbytheaccountingbodiesand/oranyothersignificantissuesthroughanannualreview.

3.1.5 financial Reports

a. To evaluate and endorse the Quarterly and AnnualFinancialReportstotheBoard.

b. To analyse and report to the Board observationsraisedbytheexternalauditorsontheAnnualFinancialReport.

3.1.6 Policies

a. To review the effectiveness and adequacy of theEPF’s accountingpolicies, financialmanagement andproceduresthroughdiscussionsbetweentheinternaland external auditors together with the respectiveexecutives/Management.

b. ToreviewandendorsetotheBoardtheeffectivenessandadequacyofanysignificantchanges in theEPF’sInformationSecurityPolicies.

3.1.7 Related Party Transactions

Toreview,evaluateandreporttotheBoardanyrelatedpartytransactionorconflictofinterestwhichmightariseintheEPFor its subsidiariesor jointventurecompanies inwhich theEPFhascontroloverbusinessmanagement,proceduresandconductwhichmayjeopardisetheManagement’sintegrity.

3.1.8 Other Matters

a. To evaluate the effectiveness and adequacy of theFraudControlManagementPlan.

b. To prepare and establish reporting schedules to theBoard, summarising the Board Audit Committee’sperformanceindischargingitsresponsibilities.

c. TocarryoutanyotherfunctionsasrequestedbytheBoardfromtimetotime.

4. SUMMARy of ActIvItIES

Duringthefinancialyear2015,theBoardAuditCommitteecarriedoutthefollowingactivities:

4.1 Internal Audit

4.1.1 Reviewed theannualauditplan toensureadequatescopeandcomprehensivecoverageoftheEPF’sactivities.

4.1.2 Reviewedtheinternalauditreportstabledduringtheyear,the recommendations made, root causes identified andthe Management’s response to these recommendations.Where appropriate, the Board Audit Committee directedtheManagementtorectifyandimprovetheadequacyoftheinternal controlproceduresandworkflowprocessesbasedontheinternalauditors’recommendationsandsuggestionsforimprovement.




92


4.1.3 Reviewedfindingsofinvestigationsandotherad-hocspecialreviews on specific areas of operations to ascertain therootcausesoftheissuesandtheeffectivenessofcorrectiveactionstakentoaddressidentifiedweaknesses.

4.1.4 Monitoredthecorrectiveactionstakenonoutstandingauditissues toensureall key risksandcontrol lapseshavebeenaddressed.

4.1.5 Reviewedtheeffectivenessoftheauditprocessandresourcerequirementsfortheyear,andassessedtheperformanceoftheInternalAuditDepartment.

4.2 External Audit

Reviewedalltheauditfindingsandqueriesraisedbytheexternalauditors together with the Management’s response to theirfindings.

4.3 financial Reports

4.3.1 Reviewed the quarterly unaudited financial reports of theEPFbeforerecommendingthemforapprovalbytheBoard.

4.3.2 Reviewed the annual audited financial reports of the EPFwiththeexternalauditors’priorsubmissiontotheBoardfortheirapproval.

4.4 Related Party Transactions

Reviewedany relatedparty transactionsentered intoby theEPFanditssubsidiaries.

5. tRAINING

During theyear,membersof theBoardAuditCommitteeattendedthefollowingtrainingprogrammes,conferencesandseminars:

No. (A)

course(B)

1. InternationalSocialSecurityConference2015

2. StrategyWorkshop

3. EPFInvestmentSeminar2015

6. INtERNAL AUdIt fUNctIoN

6.1 The internal audit function is carried out by the Internal AuditDepartmentwhichreportsdirectlytotheBoardAuditCommitteeonitsactivitiesbasedontheapprovedannualinternalauditplan.

6.2 The Internal Audit Department provides independent, objectiveassurance and consulting services designed to add value andimprove the EPF’s operations. The Internal Audit DepartmenthelpstheEPFtoaccomplishitsobjectivesbybringingasystematic,disciplinedapproachtoevaluateandimprovetheeffectivenessoftheriskmanagement,internalcontrolsandgovernanceprocesses.

6.3 Further details of the internal audit function are set out in theStatementonInternalAudit.




93

1. ovERvIEW

TheInternalAuditDepartmentprovidesindependent,objectiveassuranceand consulting services designed to add value and improve the EPF’soperations.TheInternalAuditDepartmenthelpstheEPFaccomplishitsobjectivesbybringingasystematicanddisciplinedapproachtoevaluateandimprovetheeffectivenessofriskmanagement,internalcontrolandgovernanceprocesses.

2. INdEPENdENcE ANd oBJEctIvIty

TheHeadofInternalAuditDepartmentreportsfunctionallytotheBoardAuditCommitteeandadministrativelytotheChiefExecutiveOfficer.Theinternal audit activities are free from interference in determining thescopeofinternalauditing,performingworkandcommunicatingresults.

In the interest of protecting its independent status, the Internal AuditDepartment has no executive or managerial powers, authorities,functionsordutiesexceptthoserelatingtothemanagementofinternalaudit functions. The InternalAuditDepartment is also not responsibleforthedetaileddevelopmentorimplementationofnewsystems,plans,regulations,policiesorprocedures.

3. ScoPE of WoRK

3.1 The Internal Audit Department’s functions include audits of thefinancials, operations, compliance and management of the EPF.Itsscopeofwork,primarily,istodeterminewhethertheEPF’sriskmanagement, internalcontrolsystems,management informationsystemsandgovernanceprocesses,asdesignedandrepresentedbytheManagement,areadequateandfunctioninginamannertoensure:

3.1.1 risksareappropriatelyidentifiedandmanaged;

3.1.2 resources are acquired economically, and employedeffectivelyandefficiently;

3.1.3 assetsaresafeguarded;

StAtEMENt oN INtERNAL AUdIt

“Internal audit activities are governed by the ePF’s Internal Audit Charter which is approved by the Board Audit Committee and is in line with the Institute of Internal Auditors (IIA) Standards. The ePF’s Internal Audit Charter is assessed

at least once every five (5) years, to determine whether the role, authority, responsibilities, scope of work and other areas as incorporated in the Charter

continue to be adequate.”

3.1.4 significantmanagement,financialandoperatinginformationisaccurate,reliableandtimely;

3.1.5 applicable laws and regulations, policies, standards andproceduresarecompliedwith;and

3.1.6 establishedobjectivesandgoalsareachieved.

3.2 InternalAuditDepartment’ssecondaryscopeofworkencompassesthefollowing:

3.2.1 carrying out special investigations requested by theManagement/BoardAuditCommittee;

3.2.2 coordinatingwiththeexternalauditorstoensureadequateauditcoverageandminimalduplicationofwork;and

3.2.3 participating as an observer in selected managementcommitteessetuptodeveloporimplementnewsystemsorprocesses.Suchparticipation is limited toprovidingadviceoncontrolmattersanddoesnotprecludetheInternalAuditDepartmentfromauditingthesystemsorprocesses.

3.3 The InternalAuditDepartmentdeveloped itsauditplanusinganEnhancedAuditRiskScoringModel,prioritisingtheinternalauditactivitiesaccordingtotheauditrisklevel.TheEnhancedAuditRiskScoringModel evaluates audit risks based on the assessment ofinherentrisks,controlrisksanddetectionrisksforeachoperation,functionandinformationtechnologysystem.

3.4 During the year 2015, 125 reportswerepresented to theBoard

AuditCommittee. 4. INtERNAL AUdIt RESoURcES

Asat31December2015,thetotalInternalAuditDepartmentheadcountstood at 89, of whom 11 auditors are professionally qualified in theirrespectivefield.TheBoardAuditCommitteereviewsandapprovestheInternalAuditDepartment’shumanresourcerequirementstoensurethefunctionisadequatelyequippedwithcompetentinternalauditors.




94

StAtEMENt oN INtERNAL AUdIt

Inthelistbelow,theauditorsarecategorisedaccordingtotheirfieldsofexpertiseasat31December2015:

No. (A)

Field of Expertise(B)

No. of Auditors (c)

Percentage(d)

1. FinanceandAccounting 70 79%

2. InformationTechnology 15 17%

3. Management 2 2%

4. Engineering 1 1%

5. QuantitySurveying 1 1%

5. tRAINING

Thecourses,seminarsandconferencesattendedbytheinternalauditorstoincreasetheirknowledgeofauditingandkeepupdatedwiththelatestdevelopmentsinthebusinessareaslistedbelow:

No. (A)

course(B)

(A)In-HouseTraining

1. SkillsandTechniquesin‘ValueForMoneyAuditing’

2. ShariahAwarenessBriefing

3. ImprovingAuditFindings:IdentificationandReporting

(B)ExternalTraining

1. The Institute of Internal Auditors (IIA): National Conference2015 On Governance, Risks And Control – Gearing ForInnovation

2. SimposiumASOSAI:LeveragingTechnologyToEnhanceAuditQualityandEffectiveness

3. RelatedPartyTransactionAudit:InternalControl,RiskandDisclosureRequirements

4. ControlSelf-Assessment(CSA)

5. LeadingPracticalFraudInvestigation

6. InfrastructureAcademy2015

7. RealEstateAcademy2015(Module1)

8. EnhancingMindfulnessandEmotion

9. LeadershipTalk

10. AcceleratedDevelopmentProgram(ADP):Leadership

11. ADP:DesignThinkingBootcamp

12. ADP:HighPerformanceLeadership

13. ADP:MaximisingYourLeadership

14. ADP:PowerAndLeadership

6. QUALIty ANd IMPRovEMENt PRoGRAMMES

6.1 The Internal Audit Department has established and maintaineda quality assurance and improvement programme designed toevaluatetheoperationsofthefunction.Thisprogrammeincludesperiodic internal and external quality assessments and ongoinginternalmonitoring.

Internalassessmentsinclude:

6.1.1 ongoing reviews of the performance of internal auditactivities;and

6.1.2 peer reviews of the audit processes, procedures anddocumentationonaperiodicbasis.

6.2 The Internal Audit Charter stipulates that a Quality AssuranceReview by a qualified independent reviewer is required at leastonceeveryfive(5)years.ThelastQualityAssuranceReviewoftheInternalAuditDepartmentwascarriedoutin2014.

6.3 BasedonthereviewbyKPMGManagement&RiskConsultingSdn.Bhd.,theInternalAuditDepartmenthasgenerallyconformedwithallof the InternationalStandards for theProfessionalPracticeofInternalAuditing (IIA Standards) promulgatedby the InstituteofInternalAuditors.

6.4 The next Quality Assurance Review by a qualified independentreviewerisscheduledinyear2019.




95

StAtEMENt oN INvEStMENt RISK MANAGEMENt

RESPoNSIBILIty

InaccordancewithSection18(1)oftheEmployeesProvidentFundAct1991,theInvestmentPanelisresponsibleformatterspertainingtotheFund’sinvestmentsandacknowledgesresponsibilityfortheinvestmentriskmanagementframework.Theframeworkisdesignedtoprovidereasonableassuranceandtomitigateratherthantoeliminatetheriskofmisstatementorlossincarryingouttheorganisation’sinvestmentpoliciesandobjectives.

INvEStMENt RISK MANAGEMENt fRAMEWoRK

TheEPF’sinvestmentriskmanagementframeworkencompassestheorganisation’sgovernancestructure,riskappetite,assetallocation,policiesandprocesses. Itisreviewedregularlytoensurerelevanceandeffectiveness.

INvEStMENt RISK MANAGEMENt StRUctURE

TheInvestmentPanel(IP)isresponsibleforoverseeingriskmanagementpertainingtotheEPF’sinvestmentdecisionmaking.

TheInvestmentPanelRiskCommittee(IPRC)isresponsibleforassistingtheIPinrecommendingtheriskappetiteandappropriateallocationoftherisk‘budget’.TheIPRCregularlyreviewstheriskmeasurement,policies,processesandlimitstoensuretheircontinuedeffectiveness.

TheIPRCisassistedbytheManagementRiskCommittee(MRC)tomonitorandreviewriskmanagementactivities.

The Risk Management Department supports the MRC, IPRC and IP in risk management related matters covering independent measurement and creditassessment,monitoringandreportingoftheEPF’sinvestmentriskexposures.

rISK coNtRoLS

TheRiskAppetiteStatements,asapprovedbytheIP,broadlyoutlinethelevelsofriskthattheEPFiswillingtotolerateandformthebasisoftheallocationoffundsforinvestment.AssetallocationreviewsareregularlyconductedtoensurefundsareinvestedwithintheEPF’sriskappetite.

Variouspoliciesandlimitsareinplacetoensurerisksareadequatelymitigatedforeachassetclass.RiskandPerformanceSystemshavebeeninstalledandcontinuouslyenhancedtoensurethatrisksaresystematicallymeasuredandmonitored.

coNcLUSIoN

TheInvestmentPanel(IP)isoftheopinionthattheinvestmentriskmanagementpracticesinplacearesoundandsufficienttosafeguardtheEPF’sinvestments.TheIPissupportedbytheIPRC,whichmeetsaminimumoffourtimesayeartoreviewtheriskandcompliancereportsfromthemanagement.

ThisstatementhasbeenmadeinaccordancewiththeresolutionofmembersoftheIPdated25February2016.




96

MEMBERS’ AVERAGE SAVINGS AT AGE 54

MALE fEMALE

yEARNUMBER of MEMBERS

totAL SAvINGS (RM)AvERAGE SAvINGS

(RM)NUMBER of MEMBERS


(RM)

2008 35,415 5,322,180,263.65 150,280.40 17,607 1,705,344,177.95 96,856.03

2009 36,387 5,794,733,416.85 159,252.85 18,552 1,886,638,751.19 101,694.63

2010 40,542 6,507,302,075.54 160,507.67 21,486 2,360,738,880.90 109,873.35

2011 40,004 6,657,338,897.64 166,416.83 22,354 2,647,519,595.35 118,436.06

2012 43,230 7,581,549,702.42 175,377.05 24,921 3,206,896,233.42 128,682.49

2013 45,805 8,427,983,030.27 183,997.01 27,363 3,765,478,721.08 137,612.06

2014 47,135 9,385,899,752.66 199,128.03 29,289 4,382,090,265.86 149,615.56

2015 49,878 10,719,311,180.86 214,910.61 31,768 5,155,803,817.21 162,295.51

ActIvE MEMBERS INActIvE MEMBERS

yEARNUMBER of MEMBERS


(RM)NUMBER of MEMBERS


(RM)

2008 53,022 7,027,524,441.60 132,539.78 130,653 2,860,548,303.03 21,894.24

2009 54,939 7,681,372,168.04 139,816.38 134,556 3,055,433,735.60 22,707.53

2010 62,028 8,868,040,956.44 142,968.35 148,844 3,528,282,764.37 23,704.57

2011 62,358 9,304,858,492.99 149,216.76 146,172 3,418,820,358.90 23,389.02

2012 68,151 10,788,445,935.84 158,302.09 157,425 3,802,693,653.81 24,155.59

2013 73,168 12,193,461,751.35 166,650.20 160,131 4,203,516,072.22 26,250.48

2014 76,424 13,767,990,018.52 180,152.70 166,131 4,578,149,209.30 27,557.46

2015 81,646 15,875,114,998.07 194,438.37 169,425 5,343,743,319.39 31,540.47

Note:TotalSavingsAmountnotinclusive2015annualdividend

ACTIVE MEMBERS’ AVERAGE SAVINGS AT AGE 54 BY GENDER

Lembaga Kumpulan Wang Simpanan Pekerja Annual …€¦ · Lembaga Kumpulan Wang Simpanan Pekerja ... Check and Balance ... businesses and investment today and EPF as

Documents