Advanced filters

In line with IRBM’s aspiration to become a high-performing tax administration agency that contributes to national development, corporate governance serves as a fundamental element in ensuring transparent, accountable and effective operations. It provides assurance to stakeholders that IRBM consistently upholds good governance practices and maintains high standards of integrity.

The three core elements underpinning effective governance in IRBM are:

  • Integrity Management
  • Risk Management
  • Internal Control

Organisational risk management in IRBM is implemented through a comprehensive governance and risk management structure to ensure that organisational risks are systematically identified, assessed, monitored and managed in alignment with the organisation’s strategic objectives.

The organisational risk management structure comprises:

  • Organisational Risk Management and supported by three main functions:
    • Corporate Risk Management (Enterprise Risk Management – ERM);
    • Business Continuity Management (BCM); and
    • Occupational Safety, Health and Environment (OSHE).

  • Tax Compliance Risk Management (TCRM) TCRM serves as a strategic control framework that guides the process of identifying, assessing and managing risks that may affect taxpayers’ compliance with national tax laws and regulations.

  • To facilitate top management in making strategic decisions.

  • To identify risks within core activities that may undermine the achievement of IRBM’s objectives.

  • To minimise the impact of disruptions or disasters on service delivery and to ensure operational continuity during crisis situations.

  • To protect and enhance the image and reputation of IRBM as a high‑performing tax administrator.

The Risk Management Procedure in IRBM is a structured and systematic process for identifying, analysing, evaluating and treating risks arising from internal and external contexts that may impact the achievement of organisational objectives and stakeholder expectations.

This procedure is adopted by IRBM to support the implementation and compliance of the Quality Management System (SPK HASiL) in accordance with MS ISO 9001:2015 and the Anti‑Bribery Management System (ABMS) in accordance with MS ISO 37001:2025, as defined in the IRBM Integrated Management System Manual (MSPB HASiL).

The Chief Risk Officer (CRO) is led by the Deputy Chief Executive Officer (Management) and is responsible for overseeing strategic and integrated organisational risk management to support IRBM’s objectives, service continuity and integrity.

Organisational risk management in the IRBM is implemented through an integrated approach involving several management functions. Enterprise Risk Management (ERM) and Tax Compliance Risk Management (TCRM) utilise the Risk Information Management System 2.0 (i‑RIS 2.0) to identify, assess, monitor and manage organisational and tax non‑compliance risks, while Business Continuity Management (BCM) and Occupational Safety, Health and Environment (OSHE) focus on operational continuity and workplace safety. Together, these functions strengthen governance, organisational resilience and effective service delivery.

The implementation of Enterprise Risk Management (ERM) in Lembaga Hasil Dalam Negeri Malaysia is carried out systematically and continuously to ensure organisational risks are managed efficiently and effectively in line with organisational and government strategic directions.

Corporate risk management covers key risk categories that may impact the organisation, including:

  1. Strategic Risk;
  2. Financial Risk;
  3. Operational Risk;
  4. Compliance Risk;
  5. Corruption Risk; and
  6. Project Risk.

The effectiveness of ERM implementation is strengthened through a governance structure that supports risk monitoring, reporting, communication and treatment actions, including:

  • Risk Management Documentation Enhancement
    • Preparation of Risk Management Plans;
    • Review of risk management documentation such as the Risk Management Manual and Risk Management Plan; and
    • Preparation of Corporate Risk Profile Reports for LHDNM Top Management.

  • Implementation of Corporate Risk Management
    • Management of the corporate risk register;
    • Analysis of organisational risks and escalation to process owners; and
    • Preparation of the Annual Corporate Risk Profile to monitor risk treatment actions.

  • Risk Communication and Consultation
    • Acting as a coordinator between risk owners and process owners; and
    • Participation in workshops, courses, conventions and meetings related to risk management.

  • Risk Management Awareness Programmes
    • Implementation of the Risk Alert Programme;
    • Risk Management Workshops and consultation sessions with the Risk Care Officer (RCO Community);
    • Briefings under the Program Semaian HASiL;
    • Sharing of best practices through agency engagement sessions; and
    • Academic collaboration initiatives with higher learning institutions.

  • Secretariat Functions
    • Management of the Risk Management Committee Meeting (MJKPR), conducted at least twice a year.

Agency Visits and Engagement Sessions

  1. Applications for agency visits and engagement sessions related to organisational risk management may be submitted via email to:

    Director, Integrity and Risk Management Department
    HASiL Directory

  2. Applications for academic research related to risk management from Higher Learning Institutions (HLIs) may be submitted via email to:

    Tax Operations Sector
    teamdata.JOC@HASIL.GOV.MY