STRUCTURE AND MECHANISM OF CORPORATE GOVERNANCE

develops alternative control activities (compensative control).

Segregation of functions generally divides the responsibilities of recording, authorizing, and approving transactions, and handling the associated assets. The absence of segregation of functions and compensatory controls will:

1. Making internal control ineffective, hence can lead to fraud;
2. Mitigating the risk of management override, which often occurs when committing fraud;
3. The separation of functions also reduces the risk of fraud by one person and the risk of error because the separate parties do not review each other's work; and
4. However, sometimes separation of functions is impractical or inefficient. In this situation, management establishes and develops alternative internal controls as compensation for not applying the principles of internal control.

Segregation of functions is geared towards reducing errors, fraud, and waste. The separation of functions within the Company is carried out by ensuring that:

1. No one is allowed to control all major aspects of events and transactions from start to finish;
2. Segregation of responsibilities and duties for events and transactions to different employees relating to authorization, approval, processing and recording, payment or receipt of funds, reviews and audits, and asset storage and handling functions;
3. The division of tasks to more than one employee is carried out systematically to ensure that there are checks and balances; and
4. The Board of Directors establishes policies to reduce opportunities for collusion.

Principle 11: Establish and Develop General Controls on Technology

1. Determine the dependence between the use of technology in business processes and general technology control Management understands and determines the dependencies and relationships between business processes, automated control activities, and general technology controls.
2. Establish control activities over technology infrastructure Management establishes and develops control activities over the technology infrastructure, which are designed and implemented to help ensure the completeness, accuracy, and continuity of the technological process.
3. Establish control activities over the security management process Management establishes and develops control activities designed and implemented to limit technology access rights only to authorized users in accordance with their responsibilities and to protect the Company's assets from external and internal threats.