Layar.Consult
Client Reflections

— Client Reflections

What Boards and Committees Have Said After Engagement

The observations below are drawn from clients across Malaysian regulated industries. Names and roles are presented with permission; organisational names are withheld in line with our confidentiality practice.

← Return to Home

— Client Observations

In Their Own Words

"What we received from the posture engagement was not what we expected — which is to say it was more useful. The document named things directly that our internal reports had been circling for some time. The audit committee was better placed for its review because of it."

YC

Yap Chee Weng

Audit Committee Chair · Kuala Lumpur

April 2025

"The governance advisory was delivered within the agreed timeline and the recommendations were practical — not the sort of list that requires a separate consultant to interpret. We have been working through the sequenced items at each committee meeting since delivery."

SR

Siti Rohani Abdullah

Chief Risk Officer · Selangor

March 2025

"We brought Layar Consult in specifically because we needed an independent view that had no interest in selling us anything afterward. The posture note was candid about two exposures that our previous reports had not addressed clearly. That was what we needed."

NK

Nageswaran Krishnan

Independent Director · Kuala Lumpur

April 2025

"The Risk Committee Workshop was two days well used. Our committee had been meeting quarterly for three years and had settled into habits that no longer served the oversight purpose well. The handbook that came out of the workshop has been in use since May."

FH

Faridah Hasim

Risk Committee Chair · Johor Bahru

May 2025

"The governance review was thorough and the adviser was accessible throughout the engagement. The one observation I would make is that the process requires genuine engagement from the organisation — it is not a passive exercise. But the outcome was worth the time."

RL

Raymond Lim

Group Company Secretary · Penang

February 2025

"We used the posture note directly in our risk committee presentation to the board. The chair described it as the clearest technology briefing the board had received in several years. The language was right for the audience in a way that our internal team's reports had never quite achieved."

ZO

Zulaikha Omar

Head of Internal Audit · Kuala Lumpur

April 2025

— Selected Engagements

Three Engagements, Each at a Different Stage of Organisational Need

Challenge

A Malaysian financial institution's audit committee was receiving detailed technology risk reports from management but found the information difficult to weigh against their oversight responsibilities. The committee chair described a gap between the volume of reporting and the committee's sense of what the significant exposures actually were.

Engagement

Technology Risk Posture Conversation. We reviewed the institution's technology risk reports, the committee's recent minutes and the relevant policy documentation. We interviewed the CTO and the head of information security. We then wrote a posture note in three sections: the five principal exposures, the controls in place, and the questions the committee had not yet asked.

Outcome

The posture note was tabled at the following audit committee meeting. The committee resolved to request management's response to two of the identified exposures. The chair subsequently engaged Layar Consult for a governance advisory engagement in the following quarter. Duration: three weeks from scoping to final delivery.

"We finally had a document we could actually use at the committee table rather than a report we needed someone else to summarise."

— Audit Committee Chair, financial institution, Kuala Lumpur

Challenge

A listed infrastructure company was preparing for an upcoming BNM examination and wished to have an independent view of whether its technology governance customs would withstand scrutiny. The company secretary had concerns that the documentation of certain approval processes was incomplete.

Engagement

Technology Governance Advisory. We reviewed committee charters, board papers from the preceding two years, technology project approval records and the company's technology policy suite. We conducted structured interviews with the technology committee chair, CFO and head of technology. The governance review was produced with a sequenced set of twelve recommendations, ordered by regulatory materiality.

Outcome

The company addressed eight of the twelve recommendations before the examination. The examination process proceeded without adverse findings on technology governance. The company secretary described the governance review as the document she most referred to during the examination preparation period. Duration: five weeks.

"The recommendations were ordered in a way that made the preparation tractable. We knew what to address first and why."

— Company Secretary, listed infrastructure company, Selangor

Challenge

A professional services organisation's technology risk committee had been meeting for two years and had accumulated meeting habits — a standing agenda, a reporting format, a particular dynamic between the chair and the technology team — that members recognised were no longer producing useful oversight outcomes. The board wished to address this without disbanding the committee or replacing the chair.

Engagement

Risk Committee Workshop. We reviewed six months of committee papers and minutes before the workshop. The two-day session was attended by the full committee membership. We examined the agenda structure, the supporting paper format, the presentation dynamic and the decision record. By the end of day two the committee had written the first draft of its handbook together.

Outcome

The committee handbook was finalised within two weeks of the workshop and has been in active use through three subsequent committee meetings. The chair reported that the meeting dynamic had changed and that discussions were more substantive. The organisation has since retained a copy of the handbook in the company's governance documentation library.

"Two days of careful conversation produced something three years of meeting had not — a shared understanding of what the committee is actually for."

— Risk Committee Chair, professional services group, Kuala Lumpur

— Reach Us

Contact Details

— Numbers

Practice at a Glance

60+

Engagements

4.8

Avg. Client Rating

6

Years in Practice

100%

On-Scope Delivery

— Credentials

Points of Professional Standing

MICG Recognised Contributor

Malaysian Institute of Corporate Governance recognised contributor to board technology literacy education, 2024.

Certified Risk Management Professionals

All lead advisers hold CRMP certification and maintain continuing professional education in Malaysian regulatory developments.

Regulatory Framework Literacy

Advisers maintain current working knowledge of BNM's Risk in Technology Policy Documents, SC governance expectations and SSM's corporate governance code.

— Your Organisation

A Brief Conversation to Determine Fit

The engagements described in these reflections are not suitable for every organisation at every stage. A short preliminary conversation will clarify whether one of our three services addresses what your board or committee currently needs.

Request a Conversation