Page 64 - 2023 Auunal Report - EN
P. 64
ANNUAL REPORT 2023 63
Fifth Rule
Laying Down Proper Systems for Risk Management and Internal Control
• Risk Management Unit
The Company contracted with Boubyan Consulting, which is an independent external office for risk management in or-
der to identify and measure the risks to which the Company is exposed. The Company organizational structure (approved
by the board of directors) comprises the independent unit for risk management, which operates basically for measuring,
following up and controlling all types of risks facing the Company and is directly accountable for the Risk Management
Committee. The external office laid down the effective systems and procedures for risk management by preparing the
working methodology of the Risks Department and the job description of the risk officers in order for the Company to
be capable of performing its main tasks represented in measuring and following all types of risks to which the Company
is exposed. Further, the external office worked to develop the periodical reports system, as it is considered as one of the
significant tools in the process of following up risks and controlling their occurrence. The personnel in charge of the
external office enjoy independence as they are accountable directly to the board of directors. Furthermore, they enjoy a
great extent of authorities in order to carry out their tasks in a perfect manner, and have no financial powers or authorities.
The external office has available the qualified staff possessing the professional competencies and technical capacities. In
the event of the existence of transactions or dealings carried out by the Company with related parties, the external office
reviews the transactions and dealings and presents the suitable recommendations in this respect to the board of directors.
• Risk Management Committee
The Risk Management Committee consisting of three non executive members of the board of directors, including 2 inde-
pendent members, have been re-composed. The board has outlined the membership tenure of the Committee member-
ship and its working method. Further, it has stipulated the powers and duties of the Risk Management Committee within
its charter, approved by the board. The Committee met Seven times in 2023 and discussed several topics related to its
powers and duties, including the review and study of risks related to a number of the Company projects and submission
of reports in this respect.
• Control systems and internal control:
- The Company has control systems and internal control covering all the Company’s activities, which operate to pre-
serve the financial integrity of the Company, accuracy of its data and efficiency of its operations from the various aspects.
Further, the Company organizational structure considered the internal control principles for the double control process
(Four Eyes Principles), represented in the sound identification of responsibilities and powers, complete segregation in
duties and non conflict of interests, inspection and double control, and dual signature, by providing the financial and
administrative authorities structure, policies and procedures for the Company’s operations, in addition to the information
technology systems prepared and designed pursuant to the principle of segregation in duties across the various depart-
ments and concerned functions.
- The Company contracted with an independent office Grant Thornton to evaluate and review the internal control
systems and prepare a report in this respect (Internal Control Report), whereby the office will prepare the ICR report on
the operations of year 2023, which will be submitted to the Capital Markets Authority within 90 days after the end of the
fiscal year.
- The Committee has recommended to the board of directors to approve reappointing of Mr. Nayef Musaaed bazie Al
Yaseen (RSM Albazie & Co.) as an external auditor to the company certified Public Accountants, taking into consider-
ation the mandatory auditor rotation period.
• Internal Audit Unit:
The company contracted with Protiviti to carry out internal auditing of the company in accordance with the rules and
regulations. It is an independent and highly experienced office in the field of internal auditing. The Company organiza-
tional structure (approved by the Board of Directors) comprises of an internal audit unit that reports to the Audit Commit-
tee and hence to the Board of Directors. The assigned Audit Office had prepared internal audit reports on the operations
of the Company's sectors and departments, including the observations, the resulting impact and the recommendations,
in addition to the departmental responses and specific action plans and presented the same to the Audit Committee.