Turning SORMIC 2025 into a Governance Advantage: What Boards Should Do Next

The release of the SORMIC Guide 2025 presents a new opportunity for Boards of listed companies to strengthen governance practices, enhance stakeholder confidence, and elevate the quality of risk oversight across the organisation.

While the Statement on Risk Management and Internal Control (SORMIC) has long been a mandatory disclosure requirement under Bursa Malaysia Listing Requirements, the updated Guide reflects the growing expectations placed on Boards in today’s rapidly evolving business environment. Increasingly, investors, regulators, and stakeholders are looking beyond compliance — seeking assurance that companies are managing risks proactively, responding effectively to emerging challenges, and embedding sound governance practices throughout the organisation.

The SORMIC Guide 2025 supports this evolution by providing clearer guidance on how Boards can demonstrate effective oversight of risk management and internal control systems in a more structured, transparent, and forward-looking manner.

A More Strategic and Forward-Looking Approach

One of the most significant developments in the new Guide is the broader emphasis on governance quality and organisational resilience.

The Guide encourages companies to move beyond traditional financial and operational controls by incorporating:

• ESG and sustainability-related risks,
• climate and nature-related considerations,
• cyber security and digital disruption,
• artificial intelligence and technology-related risks,
• business continuity and supply chain resilience, and
• enhanced Board oversight and assurance processes.

In doing so, the SORMIC Guide 2025 aligns Malaysian listed companies more closely with internationally recognised frameworks such as COSO, ISO 31000, ISSB, and TCFD.

This evolution reflects a positive shift in corporate governance — where risk management is increasingly viewed not merely as a control function, but as an enabler of sustainable value creation and better strategic decision-making.

Why Boards Should Start Early

The updated Guide places greater emphasis on:

• ongoing and annual assessments of risk management and internal controls,
• evidence-based Board oversight,
• effectiveness reviews,
• CEO and CFO assurance, and
• meaningful disclosures tailored to the company’s actual practices and risk environment.

As a result, Boards may benefit from taking a more structured approach before drafting the next SORMIC disclosure.

Conducting a SORMIC gap analysis assessment serves as a valuable governance health check and can help companies:

• understand how current practices align with the new Guide,
• identify opportunities to enhance governance and reporting,
• strengthen the basis for Board and Management assurance,
• improve integration of ESG and emerging risks into enterprise risk management, and
• enhance the overall quality and credibility of disclosures.

Building Stronger Governance for the Future

As governance expectations continue to evolve, companies that proactively strengthen their risk management and internal control frameworks will be better positioned to navigate uncertainty, respond to emerging risks, and support sustainable growth.

The SORMIC Guide 2025 provides a valuable framework for Boards to enhance governance effectiveness, improve organisational resilience, and demonstrate accountability in a changing business environment.

Boards that align their risk oversight with the 2025 SORMIC guide will not only be better positioned for future reporting cycles but also be able to leverage the Guide as a catalyst for stronger governance practices and to reinforce stakeholder trust and confidence in the organisation’s leadership and governance culture.

IA Essential supports listed companies in conducting SORMIC readiness and gap assessments, strengthening governance and risk management frameworks, and preparing Board-ready SORMIC disclosures aligned with the expectations of the SORMIC Guide 2025 and Bursa Malaysia.