Page 120 - SC Annual Report 2018 (ENG)
P. 120
Securities
Commission
Malaysia
ANNUAL
REPORT
2018
• Feedback channels for stakeholders • The Records Management Policy is
to raise concerns on employee established to give clear guidance of
conduct. This includes the Internal the standards and procedures that
Whistleblowing Procedure established need to be put in place to ensure that
as a safe channel of communication for records are fit to be used as evidence
individuals to expose or report internal and/or information by the SC, in
wrongdoing or suspected breaches of carrying out business operations or
law within the organisation; legal obligations.
• Framework for Handling External 3. Process Risk including risks from inefficient,
Complaints Against The SC Employees inadequate or failed internal processes that may
which sets out the process for handling have negative impact on the SC. Management
complaints made by external parties of such risks are guided through:
against any employee of the SC
in relation to the discharge of his • The Business Process Flows which are
functions; available on the SC’s intranet to serve
as a guide to all staff, particularly new
• There are also Conflict of Interest recruits, in understanding the SC’s
Declaration processes in which Board operations; and
members and employees must comply
with when faced with a conflict • The Policy and Guidelines on
situation; and Procurement (PGP) is currently under
review and is targeted to be effective
• The Compliance Management April 2019. The holistic review of
Guidelines provides a structured the PGP would identify the areas for
approach in ensuring compliance improvement which include reviewing
with laws, regulations and internal the end-to-end procurement process as
governance standards which impact the well as enhancing its governance and
day-to-day operations of the SC. controls.
2. data Risk including managing confidentiality, 4. Infrastructure Risk including adequacy
integrity and availability of data, both and effectiveness of IT, physical assets and
internally and externally. Management of such operating premises. Management of such
risks are guided through: risks are guided through:
• The Data Loss Mitigation Guidelines • The Asset Management Policy and
act as a guide and reference point Guidelines set out the conduct for
for employees in handling both the treatment of assets in the SC to
physical and electronic records ensure that the SC’s fixed assets are
containing sensitive information. safeguarded and properly recognised,
These Guidelines ensure sensitive properly maintained and are in good
information is appropriately secured working condition;
from unauthorised disclosure and
protected from alteration, corruption, • The IT User Policy and IT Policy are
loss or misuse; preventing reputational established to ensure the effective
damage and adversely impacting our protection and proper usage of the SC’s
stakeholders; and computer systems; and
110 | PART 5 »» STATEMENTS, STATiSTiCS ANd ACTiviTiES
NEW_90-222.indd 110 2/21/19 9:30 AM
