Group Overview Operation and Financial Review Financials Sustainability and Governance Other Information 47 Annual Report 2025 Corporate Governance The IAD is responsible for the internal audits of the Company’s operations in accordance with the guidelines and standards set out in the Professional Practice of Internal Auditing by the Institute of Internal Auditors. It prepares the internal audit schedules in consultation with the Management before submitting the audit plan to the AC & RMC for approval. As part of the audit plan, the IAD also performs independent reviews of the risk control measures identified by the ERM team to provide added assurance on the robustness of the ERM framework. The duties and responsibilities of the IAD in the area of risk management and internal controls are as follows: • Review the risk profile of the Group; • Identify new risks and exposures in the Group’s operations; • Evaluate the effectiveness and cost of the risk control measures in eliminating or mitigating risks and exposures to the Company; and • Establish and maintain the risk reporting and monitoring framework. In 2025, the IAD adopted a risk-based auditing approach that focused on material internal controls to identify and audit the high-risk areas of the strategic business units. The mitigation measures were subsequently proposed by the Management in consultation with the IAD. The findings and recommendations of the IAD, as well as the quarterly updates on the progress of the rectification measures, were presented to the AC & RMC. The AC & RMC was satisfied that the IAD had adequately monitored and managed the key risks and internal controls for the Group. In 2025, the AC & RMC also reviewed the adequacy of the internal audit function, including the IAD’s organisational structure, work scope and audit plans, and was satisfied that Mr Wirawan and the IAD have discharged their respective duties effectively. Additionally, the AC & RMC conducted an annual self-assessment to reflect its adequacy in fulfilling its duties as set out in the terms of reference. The Board conducted a separate review of the performance of the AC & RMC and was satisfied that the AC & RMC was well-qualified to discharge its duties and responsibilities in managing the risks and internal controls of the Company. Whistle-Blowing Policy The Company has established a whistle-blowing policy and system that provides clearly defined channels and procedures for employees, or other interested parties in the Company, to report any misconduct, including suspected fraud, corruption and unethical practices relating to the Company or its officers. The reports will be reviewed and acted upon by either the AC & RMC or the Exco and kept strictly confidential to protect the identities of the whistle-blowers. Complaints and feedback can be sent via a dedicated email at info.wb@simp.co.id. All correspondences are documented, followed up and treated with strict confidentiality by the IAD. All whistle-blowing complaints are independently investigated by the IAD and the result of each investigation is reported to the AC & RMC quarterly. In 2025, the Company received five whistle-blowing reports. Four reports were fully investigated, of which one case related to misconduct and three were closed as unproven. The remaining report is still under investigation. The AC & RMC is responsible for overseeing and monitoring the whistle-blowing channels and processes and ensuring that appropriate follow-up actions are carried out. Enterprise Risk Management As an agribusiness, the Group operates in a VUCA (volatile, uncertain, complex and ambiguous) environment. Its performance is constantly influenced by external variables, such as unpredictable weather conditions, volatile commodity prices, fluctuating exchange rates, shifting consumer needs, economic uncertainties, security threats, international competition, disruptive technologies, geopolitical conflicts and market dynamics. To mitigate the uncertainties of the external environment, the Group has established an integrated ERM framework to proactively manage risks and uncertainties across its operations through a system of “three lines of defence”. The ERM framework enables the Group to stay vigilant and actively monitor its operations for the timely and accurate identification, assessment, mitigation, and reporting of risks and exposures that could have adverse impacts on business operations and results. In doing so, the ERM framework enhances the competitiveness and sustainability of the Group’s operations.
RkJQdWJsaXNoZXIy NTkwNzg=