Statement on Risk Management and Internal Control

The Board of Directors of GTB is pleased to provide the following Statement on Risk Management and Internal Control (“Statement”) pursuant to paragraph 15.26(b) of the Bursa Malaysia Securities Berhad’s Main Market Listing Requirements. The Board is guided by the Statement on Risk Management and Internal Control - Guidelines for Directors of Listed Issuers in making disclosures concerning the main features of the Risk Management Framework and Internal Control System of the Group and is committed to fulfilling its responsibility in maintaining a sound system of risk management and internal control in the Group. The Statement outlines the nature and state of risk management and internal control of the Group during the year.

The Board recognises the importance of having a risk management framework, a sound system of internal control and good corporate governance practices. The Board affirms its overall responsibility for the Group’s system of risk management and internal control, and for reviewing the adequacy and effectiveness of those systems. In view of the inherent limitations in any system of internal control, internal controls are designed to manage, rather than eliminate the risk of failure to achieve the goals and objectives of the Group. In pursuing these objectives, internal controls can only provide reasonable rather than absolute assurance against material misstatement of financial information, financial losses, fraud and breaches of laws or regulations.

The Group’s risk management framework and system of internal control involve relevant management and staff from the business units of its respective subsidiaries. The Board is responsible to determine key strategies for significant risks and control issues, whilst functional managers of the subsidiaries are responsible to implement the Board’s strategies effectively by designing, operating and monitoring the controls to manage risks.

GTB has established an Enterprise Risk Management (“ERM”) Framework in line with the Committee of Sponsoring Organizations of the Treadway Commission’s (“COSO”) ERM framework. This serves as a platform to provide guidance in identifying and managing risks pertaining to the Group’s goals and objectives. The framework is summarised as follows:

The assessment of business risks is carried out primarily by the Executive Directors and Business/Operation Risk Review Committee (“BORRC”) through their participation in management meetings, desktop reviews, deliberation and communication with key management staff to ensure the adequacy and integrity of the system of internal control. These initiatives would ensure the Group has in place an ongoing process to identify measures in managing the significant risks that affect the achievement of its business objectives.

The process includes activities relating to risk identification, risk assessment and measurement, risk response and action, monitoring and reporting. The Group’s risk management structure to assign responsibility for risk management and facilitate the process for assessing and communicating risk issues from transactional levels to the Board is summarised in the diagram below:

During the financial year under review, the Group has identified fifteen key risks in relation to sustainability, operational, financial and compliance and the Group has evaluated the potential impact of these risks. The Risk Register was updated, and meetings were held to communicate and deliberate the issues or risks and where appropriate, controls and action plans were implemented to ensure continuous risk mitigation and risk management.

The principal risks for financial year 2022 reviewed by the Board of Directors are as follows:

With increasing awareness on environmental, social and governance, particularly concerning global warming, climate change and infringement of human rights, there are greater expectations and demands by stakeholders for the Group to operate in a sustainable and responsible manner. The Group’s sustainability governance is led by the Board and supported by the Sustainability Steering Committee that focus on four segments which include economic environment, social and governance. Each of the segment’s subcommittee has implemented business strategies, programs and activities to ensure the sustainable performance of the Group and as set out in the Sustainability Statement on pages 23 to 58. The Group’s Sustainability Policy is available on the Company’s website at www.globetronics.com.my.

The Group’s performance is highly dependent on its customers’ performance. Therefore, one of the key roles of the senior management team is to lookout for ways in managing this risk, monitoring customers’ performance and build relationships with customers.

The Group is exposed to financial risks relating to credit risk, liquidity risk, interest rate risk and foreign currency risk. The Group’s risk management objectives and policies and the required quantitative and qualitative disclosures relating to financial risks are set out in Note 26 to the financial statements on pages 138 to 147.

The Group’s business is governed by relevant laws, regulations and standards. There are frequent changes and updates to the regulations and standards from time to time and there may be a risk or exposure to non-compliance. The Group is kept informed of such changes by receiving or subscribing to e-mail alerts and written materials from >governing and professional bodies and also attending seminars and trainings for updates on latest developments.

One of the Group’s strategic objectives is to create additional revenue streams by venturing into new businesses >or expanding its existing business. Nonetheless, the Group recognises the risk and repercussions involved in poor investment decisions and the exposure to new businesses. To manage this risk, all major or material new business proposals and investments will be tabled for Board’s discussion, review and approval. Any major machinery or equipment to be invested will be discussed, reviewed and approved by the Capital Expenditure (“Capex”) Committee before being tabled to the Board for further review and final approval. The members of the Capex Committee are the Executive Chairman, Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”). Further to that, a start-up team is put together to manage new business start-ups and ensure the successful transition from the start-up to mass production phase.

The current business environment is globally interconnected and digitalised, thus increasing the organisation’s exposure to cyber threats. To manage this risk, controls have been put in place to manage and protect the confidentiality, integrity and availability of data and critical infrastructure. Amongst others, industrial standard IT network security layer equipment, encryption protocols, virus scanning tools and applications are in place to protect and secure the access to the Group’s IT environment. The Group will continue to enhance its IT infrastructure.

The Group holds strongly to our key value of integrity at all times to ensure that high ethical standards and good corporate governance are maintained. We believe that sound corporate governance is a key success factor when conducting business in a global, highly competitive, regulated and changing environment. Refer to paragraph “Integrity and Ethical Values” below for details on the Group’s Anti-Corruption and Bribery Policy and Principles of Business Conduct. The Group will continue to promote corporate governance standards to support the Group’s business integrity and ethical conduct.

Changes in the domestic, regional and global economic conditions, such as political or geopolitical conflicts, economic sanctions, trade tensions, human rights issue and growing stagflation fears due to higher global inflation and interest rate that result in uncertainties and volatilities, may have an adverse effect on the demand and supply chain of semiconductor services or components, and hence on the Group’s financial performance and operations.

The Group manages these economic risks through keeping ourselves abreast with economic and market developments, maintaining good relationship with customers and closely following on the latest news on customers’ products performance and business. The Group also seeks to explore new businesses or product expansion or diversification with customers. The Group has allocated more resources to assess investment in new machinery and equipment and embarked on Industry 4.0 Lights Off Project in order to attract new customers.

The Group monitors its supply chain in tandem with its production plan for any potential disruption in the supply of components and raw materials and where needed, will engage with its customers for contingency plans.

Since Covid-19’s emergence, this pandemic has caused major disruption to economies, businesses and societies around the world although most countries have begun to transition towards treating the virus as endemic and are cautiously easing control measures and opening up the economies on the back of the high vaccination rates. The Group will continue to monitor the latest development on Covid-19 cases in Malaysia and globally.

The Board meets at least quarterly and has a formal agenda on matters for discussion. The Executive Chairman together with the CEO, lead the presentation of board papers and provide explanation on pertinent issues. In arriving at any decision or recommendation by the Management, a thorough deliberation and discussion by the Board is a prerequisite. In addition, the Board is kept updated on the Group’s activities during the meeting.

Annual strategic planning meetings are held at the beginning of the financial year whereby the Group’s yearly strategies and objectives are finalised by the Executive Directors and the key management team of the respective major subsidiaries.

Bi-monthly management meetings are held to identify, discuss and resolve operational, financial and key management issues. The meetings are attended by the CEO, Business and Operation VPs/Directors, key managers and relevant staff.

Monthly BORRC meetings are carried out at the major subsidiaries with the meetings attended by the Executive Chairman, CEO, CFO, its various Business and Operation VPs/Directors and Finance Managers. The Business and Operation VPs/Directors will lead the discussion/presentation on the various areas such as monthly profit and loss for its key product lines, comparison of its actual monthly/year-to-date results versus forecast, business planning and strategies, productivity improvement plans and others.

Organisational Structure with Formally Defined Responsibility Lines and Delegation of Authority

There is an organisational structure with formal defined responsibility lines and authorities to facilitate timely response to changes in the evolving business environment and accountability for operational performance. Capital and operating expenditures and the acquisition and disposal of investments are subject to review by the Management, and where required, approval by the Board.

Management reports are generated on quarterly basis to facilitate the Board and the management to perform financial and operational reviews on the key operating units. The reviews encompass financial and non-financial key performance indicators and variances between budget and actual operating results.

The documented policies and procedures form an integral part of the internal control system to safeguard the Group’s assets against material losses and seek to ensure complete and accurate financial information. The documented policies come in the form of memorandums, circulars, manuals and handbooks that are updated from time to time to meet changing operational needs.

The Board and Executive Management set the tone at the top for corporate behaviour and corporate governance. The Group had formalized its Anti-Corruption and Bribery Policy and Principles of Business Conduct which outlines the Group’s approach in combating bribery and corruption by providing guidelines to Directors, employees and associated persons to act professionally, fairly and with integrity in all business dealings and relationships. The Group’s Principles of Business Conduct and Anti-Corruption and Bribery Policy cover areas such as compliance with local laws and regulations, anti-corruption, anti-bribery, gifts, donations, business conduct, conduct in the workplace, protection of the Group’s assets, conflict of interest and confidentiality.

The Group has in place a Whistle Blowing Policy and Procedures that provides clarity on the oversight and responsibilities of the whistleblowing process, the reporting process, protection and confidentiality to whistle- blowers. The policy sets out a structured channel for employees and stakeholders to raise genuine concerns regarding malpractices and misconduct within the Group for remedial action. This policy is available on the Company’s website at www.globetronics.com.my.

The Internal Audit Function, which reports to the ARMC, conducts reviews on the system of risk management and internal control to identify, manage and evaluate risks. The reviews are conducted on the Group’s major business units/divisions.

Significant findings, recommendations for improvement and management responses were reported to the ARMC, with follow-up on the implementation of action plans. The Management is responsible for ensuring that remedial actions were implemented accordingly.

The internal control systems discussed in this Statement do not apply to the Group’s associate. Nonetheless, the interest of the Group is safeguarded through our representation on the Board of the associate.

The external auditors have reviewed this Statement on Risk Management and Internal Control pursuant to the scope set out in Audit and Assurance Practice Guide (“AAPG”) 3, Guidance for Auditors on Engagements to Report on the Statement on Risk Management and Internal Control included in the Annual Report issued by the Malaysian Institute of Accountants (“MIA”) for inclusion in the annual report of the Group for the year ended 31 December 2022, and reported to the Board that nothing has come to their attention that cause them to believe that the statement intended to be included in the annual report of the Group, in all material respects:

AAPG 3 does not require the external auditors to consider whether the Directors’ Statement on Risk Management and Internal Control covers all risks and controls, or to form an opinion on the adequacy and effectiveness of the Group’s risk management and internal control system including the assessment and opinion by the Board of Directors and management thereon. The auditors are also not required to consider whether the processes described to deal with material internal control aspects of any significant problems disclosed in the annual report will, in fact, remedy the problems.

The Board has reviewed the adequacy and effectiveness of the Group’s risk management and internal control system for the year under review and up to the date of approval of this Statement for inclusion in the Annual Report. The Board is of the view that the system of risk management and internal control instituted by the Group is sound and effective and there were no material losses incurred during the year under review as a result of internal control weaknesses or adverse/non-compliance events. The monitoring, review and reporting arrangement are in place to give reasonable assurance that the Group’s operation of controls are appropriate.

The Board has received assurance from the CEO and CFO that the Group’s risk management and internal control system is operating adequately and effectively, in all material aspects.

Reviews of all the control procedures will be continuously carried out to ensure the ongoing effectiveness and adequacy of the system of risk management and internal control, so as to safeguard shareholders’ investments and the Group’s assets.

This Statement on Risk Management and Internal Control was approved by the Board of Directors on 3 April 2023.