Bankers to the Nation

Board Subcommittee Reports

Audit Committee Report

Chairman’s Statement

Audit Committee Charter

The Terms of Reference of the Audit Committee are governed by the Audit Committee Charter, approved and adopted by the Board. Bank of Ceylon specific and banking sector related developments are taken into consideration in the regular reviews of the Audit Committee Charter which was last reviewed in year 2017.
The Committee also ensures that the scope and coverage of its functions addresses the requirements of the Banking Act Direction No. 11 of 2007 on “Corporate Governance for Licensed Commercial Banks in Sri Lanka” and its subsequent amendments issued by the Central Bank of Sri Lanka.

Principal Focus

The Audit Committee primarily focuses on assisting the Board in fulfilling its duties by providing an independent and objective review of the Bank’s financial reporting process.

Medium of Reporting

The proceedings of the Audit Committee meetings are tabled at the meetings of the Board, where all key issues, concerns, actions taken, outcomes achieved or pending, and follow-up initiated, are clarified, discussed and Board approval obtained therefor.

Composition

During the year under review the Audit Committee comprised the following Non-Executive Directors:

Mr Ranel T Wijesinha
Chairman,
Independent Non-Executive Director

Mr Sajith R Attygalle
Member,
Non-Executive Ex-officio Director

Mr Samantha Rajapaksa
Member,
Independent Non-Executive Director
(w.e.f. 11 August 2017)

Mr Sanjaya Padmaperuma
Member,
Independent Non-Executive Director
(From 5 November 2015 to 30 June 2017)

Mr Charitha N Wijewardane
Member,
Independent Non-Executive Director
(From 5 November 2015 to 21 July 2017)

The members of the Committee possess the requisite financial acumen, experience, competencies, backgrounds and the appropriate levels of independence to be members of this Committee. The detailed profiles of members of the Committee appear in the section on Board of Directors.

Secretary to the Audit Committee

The Secretary, Bank of Ceylon/Secretary to the Board who is an Attorney-at-Law and a Deputy General Manager, functions as the Secretary to the Committee.

Committee Meetings and Interaction with External Auditors

The Committee met on eleven occasions during the year under review. The frequency and the duration of the meetings enabled the Committee to fulfil its responsibilities effectively. The Attendance of the Committee Members is provided in the section on Corporate Governance.

The quorum of the Committee is two.

The Committee had ongoing interaction with the representative of the Auditor General who was based at the Bank on a full time basis, throughout the year. In order to further facilitate the Management’s cooperation with the External Audit conducted by Messrs KPMG, Chartered Accountants, and to enhance the independence of the External Audit, the Chairman of the Audit Committee, communicated with the Senior Partners in charge of the Audit, as and when the need arose, in addition to the regular meetings of the Committee. This facilitated better understanding of key issues and areas of concern and paved the way for effective deliberations and proper guidance during the meetings. The Committee met the External Auditors prior to finalisation of the year-end audit without the presence of the General Manager and other members of the management, in order to determine whether there were any restrictions to the scope of the audit and received confirmation that there were none.

Participation at Meetings

The following management personnel attended each Audit Committee meeting:

  • Chief Internal Auditor
  • Chief Risk Officer
  • Compliance Officer
  • Assistant General Manager
    (Province/Branch and Credit Audit)
  • Assistant General Manager (Investigations)
  • Assistant General Manager (Information Systems Audit)
  • Assistant General Manager
    (Risk Management)
  • Internal Auditor
  • IT Risk Officer
  • Representatives of the Auditor General (the External Auditor of the Bank) and Partners and Managers of Messrs KPMG, Chartered Accountants.
  • Partners and Managers of Messrs Ernst & Young, Chartered Accountants, who were the External Auditors appointed by the Auditor General for the year ended 31 December 2016 also attended a few meetings of the Audit Committee during the year under review as a follow-up to the audit.

The members of the management, who attended by invitation only, are as follows:

  • General Manager
  • Chief Financial Officer
  • Deputy General Manager
    (Finance and Planning)

The Heads of Divisions were invited to the meetings of the Audit Committee at various times during the year in order to seek clarification on areas such as credit, product and development banking, treasury management, oversight over subsidiaries and branches located overseas, retail banking, foreclosure and recovery, legal issues and information technology risk issues. The direct dialogue thus created, enabled achieving consensus on a series of areas where systems, procedures, controls were strengthened, policy manuals improved or expanded and compliance therewith facilitated. The Key Management Personnel who participated in these discussions were:

  • Deputy General Manager
    (Product and Banking Development)
  • Deputy General Manager
    (Corporate and Offshore Banking)
  • Deputy General Manager
    (Sales and Channel Management)
  • Deputy General Manager
    (Recovery)
  • Deputy General Manager
    (International, Treasury and Investment)
  • Deputy General Manager
    (Retail Banking)
  • Deputy General Manager
    (Support Services)
  • Deputy General Manager
    (Human Resources)
  • Chief Legal Officer
  • Head of Information Technology
  • Head of Technology Transformation
  • Further, the Chairman held separate one-on-one and group meetings with the General Manager, Chief Financial Officer, Chief Internal Auditor, Chief Risk Officer, Chief Legal Officer and other senior managers.

Activities Performed in Year 2017

Financial Reporting

  • Reviewed the monthly, quarterly and annual unaudited/audited Financial Statements to ensure that they are prepared and published in accordance with the requirements prescribed by the supervisory and regulatory authorities and applicable Accounting Standards.
  • Prior to the release of quarterly financial statements, an analytical review is conducted of the overall performance of the Bank and performance of the business units in relation to budgets, annual strategic plans, the banking industry and competitive environment.
  • The above strengthened the robustness of reviews, leading to enhanced reliability of financial statements, as well as providing inputs for ongoing and future strategic plans.
  • Reviewed significant judgements, estimates and conclusions on the loan loss provisions, relating to individually significant loans and the adequacy of collective impairment allowances on other loans.

Regulatory Compliance

  • Continuously monitored and responded to the changing regulatory environment locally and internationally particularly in the countries in which the Bank operates.
  • Reviewed compliance with mandatory banking and other statutory requirements.
  • Reviewed the progress of action taken in relation to the findings of the statutory examinations carried out by regulators.
  • Reviewed the Internal Capital Adequacy and Capital Augmentation Plan and implementation thereof.
  • Reviewed and continued to support the initiatives and action plans designed to progress towards the implementation of Basel III and SLFRS 9.
  • Reviewed compliance with Anti-money laundering, countering terrorist financing, and customer due diligence processes.
  • Reviewed measures of stress testing against key variables.
  • Reviewed the exposure to Government/private sector, to economic sectors, sub-sectors and borrowers and followed up on the implementation of appropriate risk minimisation and mitigation measures.

Internal Controls

  • On a regular monthly basis and when specific events or cases warranted, continued to conduct root cause analysis and to make improvements to the systems, procedures and internal controls.
  • On an ongoing basis reviewed and strengthened the credit/project evaluation processes adopted by the Bank.
  • Assigned special tasks to the Chief Internal Auditor and the Chief Risk Officer on account of key areas of exposure or vulnerability and in respect of risk minimisation and mitigation measures therefor.
  • Continuously strengthened the oversight over, and monitoring of debt service by customers of concern and designed measures to prevent/pre-empt potential loan losses.
  • Formed a cell consisting of relevant management personnel to ensure compliance with caveats and conditions by borrowers in furtherance of the above oversight function.
  • Reviewed the role of the Chief Risk Officer with a view to strengthening his independent role with specific reference to credit evaluation.
  • Continued to guide and assist the Human Resource Department to design and implement skill enhancement and capacity building measures for staff engaged in credit evaluation and monitoring and obtained feedback on the programmes.
  • Continued to review and strengthen procedures and strategies of the Recovery Department.
  • Reviewed pending litigations on a monthly basis.
  • Reviewed the existing procurement procedure to ensure required compliance.

The Statement by the Directors, on Internal Control and the Auditor General’s Report thereon, is provided in the section on Directors’ Statement on Internal Control Over Financial Reporting. Accordingly, the Committee is of the view that necessary checks and balances are in place to provide reasonable assurance, that the Bank’s assets are safeguarded and that the financial position and the results disclosed in the Financial Statements are free from any material misstatements

Internal Audit

  • Reviewed the independence, objectivity, and performance of the internal audit function as well as the adequacy of the Department’s resources, with particular reference to the three main units -
  • Province/Branch and Credit Audit
  • Information Systems Audit
  • Investigations
  • Reviewed the Internal Audit Policy of Overseas Branches and the audits carried out based on the policy.
  • Reviewed the effectiveness of the implementation of the Internal Audit Plan 2017.
  • Reviewed significant internal audit findings and management’s responses thereto, with a view to taking timely corrective action.
  • Carried out an awareness programme on the Forensic Audit Unit to be established to enhance capabilities in prevention, detection and investigation of frauds and irregularities.
  • Evaluated the performance of the Chief Internal Auditor and reviewed the evaluation of the senior audit staff of the Internal Audit Department.
  • Reviewed training and development needs and requirements for specialized training of the Internal Audit Department and the need for capacity building with special emphasis on investigation staff.
  • Recommended the adoption of the Internal Audit Plan for the year 2018.

External Audit

The external audit is carried out by the Auditor General in terms of the Constitution of the country. The Auditor General appointed Messrs KPMG, Chartered Accountants, to assist in the audit for the year 2017.

The Committee;

  • Reviewed and followed up on audit issues identified by the previous Auditors appointed by the Auditor General, Messrs Ernst & Young, Chartered Accountants pertaining to the audit for the year 2016.
  • Reviewed the Report of the Auditor General to the Parliament of Sri Lanka on the accounts of the Bank for the year ended 31 December 2016, the Management Letter, and the management’s responses thereto and followed up on corrective measures taken by the Bank.
  • Reviewed and discussed the key reports from the Auditor General’s Department and action was initiated where deemed necessary.
  • Reviewed the effectiveness of the external audit process carried out by Messrs KPMG Chartered Accountants, during the year and addressed the following at Committee meetings and at special meetings convened by the Chairman of the Committee;
  • Audit Plan of 2017 submitted by Messrs KPMG, Chartered Accountants for the audit of the Consolidated Financial Statements
    of Bank of Ceylon and its Subsidiaries for the year ended 31 December 2017.
  • The technical skills and industry experience of the audit team.
  • The effectiveness of the interaction and relationship between the Bank’s management and the external audit team.
  • Timely submission of required information.
  • Feedback from the management on the effectiveness of the audit processes relevant to their operational areas.
  • Interim and final audit issues identified by the Auditors pertaining to the Audit for the year 2017.

Supervision and Audit of Subsidiaries and Associates of Bank of Ceylon

  • Reviewed the “Subsidiaries Management Charter” which oversees the monitoring and oversight over subsidiaries and strengthened procedures connected therewith.
  • Strengthened accountability and oversight over subsidiaries and associates of the Bank.
  • Reviewed the audits carried out on subsidiaries in terms of the policy on the internal audit of subsidiaries.

Cyber Security

  • Engaged in regular dialogue with Management personnel in charge of Information Technology and the manner in which the Bank manages cyber security risks.

Special Initiatives

  • In order to develop solutions for potential challenges arising from the implementation of Basel III, initiated discussion sessions with the participation of Messrs Ernst & Young, Chartered Accountants where officials of the regulators, the Central Bank of Sri Lanka and the Securities and Exchange Commission of Sri Lanka were invited.
  • Guided the office of the Chief Internal Auditor to train operational staff of the Bank on the importance of the Internal Controls to prevent and pre-empt frauds. Over 3,000 officers were trained islandwide under this programme.

Governance

The Committee, on an ongoing basis, reviewed the manner in which it implemented good corporate governance practices with particular reference to the:

  • Banking Act Direction No. 11 of 2007 on “Corporate Governance for Licensed Commercial Banks in Sri Lanka” and subsequent amendments thereto.
  • The Listing Rules of the Colombo Stock Exchange.
  • The Code of Best Practices on Corporate Governance 2013 issued jointly by the Securities and Exchange Commission of Sri Lanka and The Institute of Chartered Accountants of Sri Lanka (Code of Best Practice).
  • Reviewed the Policy of Conflict of Interest of Directors to ensure that the policy is up to date.

Initiated a review of the Bank of Ceylon Ordinance in order to develop recommendations to the Government of Sri Lanka for amendments to the Ordinance in order to respond more effectively to the entity specific and banking sector specific governance requirements, strategic direction and related challenges.

The Annual Corporate Governance Report for 2017 is provided in the section on Corporate Governance.

Procedure for Complaints – Whistle-Blowing Policy

The Bank has a long established “Policy of Whistle Blowing” in respect of procedures for the receipt, retention and treatment of complaints. The complaints may relate to but are not limited to, questionable accounting, internal control weaknesses, bribery and/or accepting commissions, falsifying records, insider dealing, money laundering, theft and fraud, misuse of the Bank’s assets, misrepresentation or false statements and any other actions that are considered unethical, illegal or contrary to proper corporate governance and stewardship policies which will be harmful to the financial health or reputation of the Bank.

The Chief Internal Auditor acts as the complaint overseer while the complaints against the employees in the grades of Deputy General Manager and above shall be submitted to the Chairman of the Board Audit Committee.

Employees are encouraged to raise any legitimate concerns promptly, and are entitled to remain anonymous or to request that their identity not be disclosed. Customers and concerned members of the general public are entitled to submit complaints anonymously and in confidence to the complaint overseer who is required to investigate complaints and report to the Audit Committee within periods stipulated in the Policy.

Committee Evaluation

An annual evaluation of the effectiveness of the Committee is conducted and results are communicated to the Board. In addition, the Audit Committee is evaluated at Board level through the Board evaluation process.

Ranel T Wijesinha
Chairman

Audit Committee
27 March 2018

Close