Skip to content


And Advisory


In a circular dated 26 September 2022, BURSA MALAYSIA SECURITIES BERHAD (BURSA) enhanced the sustainability reporting framework to elevate the sustainability practices and disclosures of listed issuers. BURSA has, among other requirements, announced one for a Statement of Assurance to strengthen the credibility of the Sustainability Statement. A listed issuer may seek two (2) types of assurance, that is, internal review by its internal auditor or independent assurance performed in accordance with recognised assurance standards.

This directive was elaborated in the BURSA Main Market Listing Requirements (BURSA Main LR) in relation to Enhanced Sustainability Reporting Framework – Practice Note 9 Appendix 1 Part III and Appendix 2. Contents of the Sustainability Statement, Section 6.2e are to be read together with Chapter 10, BURSA Sustainability Reporting Guide 3.0. This Frequently Asked Questions (“FAQ”) document aims to provide clarity to internal auditors on the roles they have to play in reviewing the Sustainability Statement.

This FAQ, the first in a series to come, will mainly address the background of BURSA’s requirements, the planning aspects of the internal review followed by the execution of the internal review. It fosters an understanding of the processes, which will be executed in accordance with the International Professional Practices Framework (“IPPF”) 2017, issued by The Institute of Internal Auditors Inc., in order to achieve the desired consistency of quality and standards.

Please take a moment to explore this FAQ document. Should you have any questions or require additional information, we encourage you to reach out to Technical & Quality Assurance Department of The Institute of Internal Auditors Malaysia (IIAM). Together, internal auditors can continue to be an integral part of a listed issuer’s governance, risk and controls policies which includes good sustainability practices.

Please click here  to download the pdf version of the FAQ Internal Review of Sustainability Statement by Internal Auditors.



This Guidance for an Effective Internal Audit Function 2.0 comes as a comprehensively refreshed edition to serve as a reference point for everyone who has a duty or interest to uphold the highest level of governance, risk and control in any organisation.

The Board of Directors, Chief Executive Officers, Chief Financial Officers, Management, Chief Audit Executives and every internal auditor of public interest entities, public sector organisations, and private companies and businesses would be able to capitalise on this Guidance as a catalyst to jointly achieve internal audit excellence, as well as a validation of progress achieved.

Departing from existing coverage of governance relating to regulatory requirements of public listed companies which was the mainstay of past publications, this Guidance includes perspectives on internal audit functions of the government and Shariah compliant entities and aims to provide a more inclusive view to unite the entire internal audit fraternity on universal best practices that are hinged on internationally recognised standards and publications, and nationally mandated regulations and sanctioned researches.

In the context of achieving an effective internal audit function, areas deliberated include the duties and responsibilities of various stakeholders, characteristics and requirements of an internal audit function, core principles governing internal auditors, prescribed competency framework for the further development of internal auditors, the contemporary role of internal auditors in Environmental, Social and Governance (ESG), quality assurance and improvement programmes, outsourcing and co-sourcing decisions, and performance measures of the internal audit function.

Please click here to download the pdf version of the Guidance for an Effective Audit Function (GIAF) 2.0.

Please click here  to download the pdf version of the Guidance for an Effective Audit Function (GIAF) 1.0.



This Article is written with the aim of providing objective guidance and assistance to internal auditors of commercial organisations to carry out a review of their organisations’ preparedness in complying with the requirements set out under Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (amended 2018) [“MACC Act”] as well as assessing the adequacy and operating effectiveness of the organisations’ adequate procedures deployed in mitigating corruption risks. Accordingly, this Article is NOT, and should NOT be construed as, an Internal Audit Programme to conduct internal audit assignments pertaining to an organisation’s Anti-Bribery and Corruption Framework/Plan.

To enable internal auditors understand what Section 17A of the MACC Act is all about, including the Ministerial Guidelines on Adequate Procedures (“Ministerial Guidelines”), this Article is written to put into perspectives what Section 17A entails, its ramifications to commercial organisations and those charged with governance and management as well as the contents of the Ministerial Guidelines. Sections D, E and F of this Article set out the roles of Internal Audit, overview of the Ministerial Guidelines, and the suggested focus areas for Internal Auditors to consider vis-à-vis the key contents of Principles in the Ministerial Guidelines, including pertinent questions they should be posing to Management, in their audit coverage respectively.

Please click here to download the pdf version of the Corporate Liability on Corruption Under Section 17A Of The Malaysian Anti-Corruption Commission Act 2009 (Amended 2018).

Please click here to download the pdf version of the Frequently Asked Questions (‘FAQ’) on Corporate Liability on Corruption Under Section 17A Of The Malaysian Anti-Corruption Commission Act 2009 (Amended 2018).


The Statement on Internal Control – Guidance for Directors of Public Listed Companies was first issued in December 2000. The objective of the document is to provide guidance to directors in formulating the Statement on Internal Control in their annual report in accordance with Bursa Malaysia’s Listing Requirements.

An industry led Task Force was established to revise the Guidance to reflect the changing regulatory environment and evolving approaches to corporate governance issues that have made disclosure an important regulatory tool. Reporting by boards of directors on the risk management and internal control system within their companies has become an important part of corporate governance disclosure requirements.

Public consultation has become a regular feature of the process of regulatory change of corporate governance and financial reporting in laying the foundations of a good corporate governance framework. This document has undergone due consultative process including focus group meetings attended by company directors. We would like to thank the many companies, professional bodies and individuals who provided input and shared their experiences in order to improve earlier drafts of this document.

These guidelines are intended to guide directors of listed issuers in making disclosures concerning risk management and internal control in their company’s annual report pursuant to the paragraph 15.26(b) of the Listing Requirements. In making the statement, companies are required to explain their governance policies, including any special circumstances which have led them to adopting a particular approach. It sets out the obligations of management and the board of directors with respect to risk management and internal control. It also provides guidance on the key elements needed in maintaining a sound system of risk management and internal control, and describes the process that should be considered in reviewing its effectiveness.

We trust that these guidelines will provide directors with the necessary information to assist them in complying with the specific provisions of the Listing Requirements and aid in good corporate governance.

Effective date: For financial year ending on or after 31 December 2012.

Please click here to download the pdf version of the Statement on Risk Management & Internal Control – Guidelines for Directors of Listed Issuers.


The IIA’s blueprint for the profession that offers practitioners a full range of internal audit guidance, including the Core Principles, Standards, Code of Ethics, Implementation and supplemental guidance, position papers and other resources.The International Professional Practices Framework (IPPF) is the conceptual framework that organises authoritative guidance promulgated by The Institute of Internal Auditors (IIA). A trustworthy, global, guidance-setting body, The IIA provides internal audit professionals worldwide with authoritative guidance organised in the IPPF as mandatory guidance and recommended guidance.


Find the guidance resources you need in such areas as Corporate Governance, Risk Management, Expressing an Opinion on Internal Control, COSO Guidance, Establishing an Audit Shop, Sustainable Development, and many more subject areas.


Gain a better understanding of the internal audit profession and help others do the same. We have compiled a list of commonly asked questions for your easy reference and to share with others.


These enquiries may be submitted to

One of the services provided by IIA Malaysia exclusively for members is to provide technical support by assisting members with technical enquiries.

The Institute’s staff shall not respond to queries on the application and interpretation of materials not published by IIA. No enquiries on internal auditing and other professional requirements applicable in jurisdictions other than Malaysia shall be entertained.

The Institute’s staff shall entertain queries only from members of IIA Malaysia (with limited exceptions for regulatory bodies and the news media).

Queries shall be in writing. The query should include the member’s name, membership number, address, contact telephone number during normal office hours.