Guidance and Advisory


The Statement on Internal Control – Guidance for Directors of Public Listed Companies was first issued in December 2000. The objective of the document is to provide guidance to directors in formulating the Statement on Internal Control in their annual report in accordance with Bursa Malaysia’s Listing Requirements.

An industry led Task Force was established to revise the Guidance to reflect the changing regulatory environment and evolving approaches to corporate governance issues that have made disclosure an important regulatory tool. Reporting by boards of directors on the risk management and internal control system within their companies has become an important part of corporate governance disclosure requirements.

Public consultation has become a regular feature of the process of regulatory change of corporate governance and financial reporting in laying the foundations of a good corporate governance framework. This document has undergone due consultative process including focus group meetings attended by company directors. We would like to thank the many companies, professional bodies and individuals who provided input and shared their experiences in order to improve earlier drafts of this document.

These guidelines are intended to guide directors of listed issuers in making disclosures concerning risk management and internal control in their company’s annual report pursuant to the paragraph 15.26(b) of the Listing Requirements. In making the statement, companies are required to explain their governance policies, including any special circumstances which have led them to adopting a particular approach. It sets out the obligations of management and the board of directors with respect to risk management and internal control. It also provides guidance on the key elements needed in maintaining a sound system of risk management and internal control, and describes the process that should be considered in reviewing its effectiveness.

We trust that these guidelines will provide directors with the necessary information to assist them in complying with the specific provisions of the Listing Requirements and aid in good corporate governance.

Effective date: For financial year ending on or after 31 December 2012.

Please click here to download the pdf version of the Statement on Risk Management & Internal Control – Guidelines for Directors of Listed Issuers.

The IIA’s blueprint for the profession that offers practitioners a full range of internal audit guidance, including the Core Principles, Standards, Code of Ethics, Implementation and supplemental guidance, position papers and other resources.The International Professional Practices Framework (IPPF) is the conceptual framework that organises authoritative guidance promulgated by The Institute of Internal Auditors (IIA). A trustworthy, global, guidance-setting body, The IIA provides internal audit professionals worldwide with authoritative guidance organised in the IPPF as mandatory guidance and recommended guidance.


Find the guidance resources you need in such areas as Corporate Governance, Risk Management, Expressing an Opinion on Internal Control, COSO Guidance, Establishing an Audit Shop, Sustainable Development, and many more subject areas



Click here

Gain a better understanding of the internal audit profession and help others do the same. We have compiled a list of commonly asked questions for your easy reference and to share with others.


These enquiries may be submitted to

One of the services provided by IIA Malaysia exclusively for members is to provide technical support by assisting members with technical enquiries.

The Institute’s staff shall not respond to queries on the application and interpretation of materials not published by IIA. No enquiries on internal auditing and other professional requirements applicable in jurisdictions other than Malaysia shall be entertained.

The Institute’s staff shall entertain queries only from members of IIA Malaysia (with limited exceptions for regulatory bodies and the news media).

Queries shall be in writing. The query should include the member’s name, membership number, address, contact telephone number during normal office hours.