STATEMENT ON RISK MANAGEMENT

& INTERNAL CONTROL

Code of Conduct

AAB has a Code of Conduct (“the Code”) which governs the conduct of its employees. The Code sets out the standards and ethics that all

employees are expected to adhere to in the course of their work. It highlights AAB’s expectations on their professional conduct which includes -

●

the environment inside and outside of the workplace;

●

the working culture;

●

conflict of interest;

●

confidentiality and disclosure of information;

●

good practices and controls; and

●

duty and declaration.

The Code also sets out the circumstances in which an employees would be deemed to have breached the Code and disciplinary actions that

can be taken against such an employee. Moving forward, AAGB would adopt the same Code.

Whistleblowing Policy

The Board approved the Whistleblowing Policy in 2013. The Whistleblowing Policy provides a platform for employees or third parties to

report instances of unethical behaviour, actual or suspected fraud or dishonesty, or a violation of AAB’s Code of Conduct. It provides protection

for the whistle-blowers from any reprisals as a direct consequence of making such disclosures. It also covers the procedures for disclosure,

investigation and the respective outcomes of such investigations. The Group expects its employees to act in AAB’s best interests and to maintain

high principles and ethical values. The Group will not tolerate any irresponsible or unethical behaviour that would jeopardise its good standing

and reputation. Moving forward, AAGB would adopt the same Whistleblowing Policy.

Conclusion

The Board has received assurance from the GCEO, GDCEOs and CEO of AAB that AAB’s risk management and internal control system are

operating adequately and effectively in all material aspects. For areas which require improvement, action plans are being developed with

implementation dates monitored by the respective Heads of Department. The Board also receives quarterly updates on key risk management

and internal control matters through its Board Committees. Based on assurance received from the Management and updates from the Board

Committees, the Board is of the view that the Group risk management and internal control systems was operating adequately and effectively

during the financial year under review up to the date of approval of this statement.

The Group’s associate companies are in the process of fully adopting AAB’s risk management and internal controls. The disclosure in this

statement does not include the risk management and internal control practices AAB’s material joint ventures.

For the financial year, no assurance was sought from AAGB as it remains a dormant company.

Review of the Statement by External Auditors

As required by Paragraph 15.23 of the MMLR, the External Auditors have reviewed this Statement on Risk Management and Internal Control.

Their limited assurance review was performed in accordance with Audit and Assurance Practice Guide (“AAPG”) 3 issued by the Malaysian

Institute of Accountants. AAPG 3 does not require the External Auditors to form an opinion on the adequacy and effectiveness of the risk

management and internal control systems of the Group.

This statement is in accordance with the resolution of the Board of Directors of AAB on 12 April 2018 and AAGB on 7 May 2018.

[ ]

AirAsia Group Berhad

REPORTS AND FINANCIAL STATEMENTS

202