DIRECTORS’ STATEMENT ON INTERNAL CONTROL
In line with the Section 3 (8) (ii) (b) of the Banking Act Direction No. 11 of 2007, the Board of Directors presents this Report on Internal Control.
The Board of Directors (the Board) is responsible for the adequacy and effectiveness of the system of internal controls in place at Commercial Bank of Ceylon PLC (the Bank). However, such a system is designed to manage the Bank’s key areas of risk within an acceptable risk profile, rather than to eliminate the risk of failure to achieve the policies and business objectives of the Bank. Accordingly, the system of internal controls can only provide reasonable but not absolute assurance against material misstatement of management and financial information and records or against financial losses or fraud.
The Board has established an ongoing process for identifying, evaluating and managing the significant risks faced by the Bank and this process includes enhancing the system of internal controls as and when there are changes to business environment or regulatory guidelines. The process is regularly reviewed by the Board and accords with the ‘Guidance for Directors of Banks on the Directors’ Statement on Internal Control’ issued by The Institute of Chartered Accountants of Sri Lanka. The Board has assessed the internal control taking into account principles for the assessment of internal control system as given in that guidance.
The Board is of the view that the system of internal controls in place over financial reporting is sound and adequate to provide reasonable assurance regarding the reliability of financial reporting, and that the preparation of Financial Statements for external purposes is in accordance with relevant accounting principles and regulatory requirements.
The management assists the Board in the implementation of the Board’s policies and procedures on risk and control by identifying and assessing the risks faced, and in the design, operation and monitoring of suitable internal controls to mitigate and control these risks.
Key Features of the Process Adopted in Applying and Reviewing the Design and Effectiveness of the Internal Control System on Financial Reporting
The key processes that have been established in reviewing the adequacy and integrity of the system of internal controls with respect to financial reporting include the following:
- Various appointed committees are established by the Board to assist the Board in ensuring the effectiveness of the Bank’s daily operations and that the Bank’s operations are in accordance with the corporate objectives, strategies and the annual budget as well as the policies and business directions that have been approved.
- The Inspection/Internal Audit Department of the Bank checks for compliance with policies and procedures and the effectiveness of the internal control systems on an ongoing basis using samples and rotational procedures and highlight significant findings in respect of any non-compliance. Audits are carried out on all departments and branches, in accordance with the annual audit plan reviewed and approved by the Board Audit Committee (BAC). The frequency of audits of branches is determined by the level of risk assessed, to provide an independent and objective report. Findings of the internal audit are submitted to the BAC for review at their periodic meetings. During 2016, the Internal Audit Department has initiated ‘online’ auditing process for selected areas enabling the monitoring process to be more effective and timely. This initiative will be further strengthened during the next financial year.
- The BAC of the Bank reviews internal control issues identified by the Internal Audit Department, regulatory authorities and management, and evaluates the adequacy and effectiveness of the risk management and internal control systems. The BAC also reviews the internal audit functions with particular emphasis on the scope of audits and quality of internal audits. The minutes of the BAC meetings are tabled at the meetings of the Board of Directors of the Bank on a periodic basis. Details of the activities undertaken by the BAC of the Bank are set out in the ‘Board Audit Committee Report’ which appears on pages 140 to 142.
- In assessing the internal control system over financial reporting, identified officers of the Bank continued to review and update all procedures and controls that are connected with significant accounts and disclosures of the Financial Statements of the Bank. The Internal Audit Department of the Bank continued to verify the suitability of design and effectiveness of these procedures and controls on an ongoing basis. The assessment included Subsidiaries of the Bank as well.
Since the adoption of new Sri Lanka Accounting Standards comprising SLFRSs and LKASs in 2012, processes that are required to comply with new requirements of recognition, measurement, presentation and disclosures were introduced and implemented in 2013. Continuous monitoring is in progress and steps are being taken to make improvements to the processes where required, to enhance effectiveness and efficiency. The Bank has documented procedures relating to these new requirements and updates the procedure manuals as and when necessary and also obtained approval of the Board Audit Committee and the Board for changes made to the documented procedures. The Bank’s Internal Audit Department commenced testing these processes since first quarter 2013 and continued to do so in 2016 as well.
The Bank commenced automating the processes relating to various computation required under SLFRSs and LKASs, referred to above, including loan impairments and completed all of the activities required to ‘Go live’ by end 2016 and is taking all required steps to use the automated system from 2017 onwards.
The Board also has taken into consideration the requirements of the Sri Lanka Accounting Standard – SLFRS 9 on ‘Financial Instruments’ that has been issued with effective date being January 01, 2018, as it is expected to have a significant impact on the calculation of impairment of financial instruments on an ‘expected credit loss model’ compared to the ‘incurred credit loss model’ currently being applied under the Sri Lanka Accounting Standard – LKAS 39 on ‘Financial Instruments: Recognition and Measurement’. The Bank is currently working with an external consultant to carryout a gap analysis and implement
the processes required to comply with SLFRS 9 on a timely manner.
The comments made by the External Auditors in connection with the internal control system during the financial year 2015 were taken into consideration and appropriate steps have been taken to incorporate them where appropriate.
The Assurance Report of the External Auditors in connection with internal control over financial reporting is appearing on page 168.
Based on the above processes, the Board of Directors confirms that the financial reporting system of the Bank has been designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of Financial Statements for external purposes has been done in accordance with the Sri Lanka Accounting Standards and regulatory requirements of the Central Bank of
Review of the Statement
By External Auditors
The External Auditors, Messrs KPMG, have reviewed the above Directors’ Statement on Internal Control included in this Annual Report of the Bank for the year ended December 31, 2016 and reported to the Board that nothing has come to their attention that causes them to believe that the statement is inconsistent with their understanding of the process adopted by the Board in the review of the design and effectiveness of the internal control system over financial reporting of the Bank. Their independent assurance report on the Directors’ Statement on Internal Control is given on page 168 of this Annual Report.
By Order of the Board,
February 22, 2017