The management of Commercial Bank of Ceylon PLC (“the Company”) engaged us to provide an independent assurance on the following elements of the sustainability reporting criteria presented in the Annual Report – 2018 (“the Report”).
We performed our procedures to provide limited assurance in accordance with Sri Lanka Standard on Assurance Engagements (SLSAE 3000): “Assurance Engagements Other than Audits or Reviews of Historical Financial Information”, issued by the Institute of Chartered Accountants of Sri Lanka (“CA Sri Lanka”).
The evaluation criteria used for this limited assurance engagement are based on the Sustainability Reporting Guidelines (“GRI Guidelines”) and related information in particular, the requirements to achieve GRI Standards “In accordance” - Core guideline publication, publicly available at GRI’s global website at “www.globalreporting.org”.
Our engagement provides limited assurance as well as reasonable assurance. A limited assurance engagement is substantially less in scope than a reasonable assurance engagement conducted in accordance with SLSAE 3000 and consequently does not enable to obtain assurance that we would become aware of all significant matters that might be identified in a reasonable assurance engagement. Accordingly, we do not express an opinion providing reasonable assurance.
The management of the Company is responsible for the preparation of the self-declaration, the information and statements contained within the Report, and for maintaining adequate records and internal controls that are designed to support the sustainability reporting process in line with the GRI Sustainability Reporting Guidelines.
Our responsibility is to express a conclusion as to whether we have become aware of any matter that causes us to believe that the Report is not prepared in accordance with the requirements of the Global Reporting Initiative, GRI Standards: “In accordance” - Core guidelines. This report is made solely to the Company in accordance with our engagement letter dated January 8, 2019. We disclaim any assumption of responsibility for any reliance on this report to any person other than the Company or for any purpose other than that for which it was prepared. In conducting our engagement, we have complied with the independence requirements of the Code for Ethics for Professional Accountants issued by the
CA Sri Lanka.
We planned and performed our procedures to obtain the information and explanations considered necessary to provide sufficient evidence to support our limited assurance conclusions. Key assurance procedures included:
Our procedures did not include testing electronic systems used to collect and aggregate the information.
Environmental and social performance data are subject to inherent limitations given their nature and the methods used for determining, calculating and estimating such data.
Based on the procedures performed, as described above, we conclude that;
Ernst & Young
February 22, 2019
DNV GL represented by DNV GL Business Assurance Lanka (Private) Limited has been commissioned by the Management of Commercial Bank of Ceylon PLC (“Commercial Bank’ or “the Bank”, Company Registration Number PQ 116) to carry out an independent assurance engagement (Type 2, Moderate level) for the non-financial – qualitative and quantitative information (sustainability performance) reported in Commercial Bank’s Annual Report 2018 (“the Report”) in its printed format for the financial year ending December, 31 2018. The sustainability disclosures in this Report is prepared by the Bank, based on International Integrated Reporting Council’s (“IIRC’s”) International <IR> Framework (“<IR> Framework”) and includes references to the Global Reporting Initiative (“GRI”). Sustainability Reporting Standards 2016 (“GRI Standards”), for non-financial performance related to identified material topics.
We performed our work using Account Ability’s AA1000 Assurance Standard 2008 (AA1000AS), with 2018 addendum and DNV GL’s assurance methodology VeriSustain TMI ,
which is based on our professional experience, international assurance best practice including International Standard on Assurance Engagements 3000 (ISAE 3000) Revised* and GRI reporting principles on Content and Quality. Our assurance engagement was planned and carried out during January 2019-February 2019. The intended user of this assurance statement is the Management of the Bank (“the Management”).
The reporting topic boundary of sustainability performance is based on internal and external materiality assessment covering Commercial Bank’s banking and associated operations in Sri Lanka and Bangladesh. The Report excludes performance data and information related to the activities of Commercial Bank’s six subsidiaries – Commercial Development Company PLC, ONEzero Company Ltd., Serendib Finance Ltd., Commex Sri Lanka S.R.L Italy, Commercial Bank of Maldives (Private) Limited, CBC Myanmar Microfinance Company Limited and the operations of its two associates, Equity Investments Lanka Ltd. and Commercial Insurance Brokers (Pvt.) Ltd. as the results of their operations are not significant (<1% revenue) compared to the overall results of the Bank. This is as set out in the Report in the section “Basis of Preparation”.
We planned and performed our work to obtain the evidence we considered necessary to provide a basis for our assurance opinion and the process did not involve engagement with external stakeholders.
The Management of Commercial Bank have the sole responsibility for the preparation of the Report as well as the processes for collecting, analysing and reporting the information presented in the Report. In performing our assurance work, our responsibility is to the Management; however, our statement represents our independent opinion and is intended to inform the outcome of our assurance to the stakeholders of the Bank. DNV GL was not involved in the preparation of any statements or data included in the Report except for this Assurance Statement.
DNV GL provides a range of other services to Commercial Bank, none of which in our opinion, constitute a conflict of interest with this assurance work. DNV GL’s assurance engagements are based on the assumption that the data and information provided by the client to us as part of our review have been provided in good faith. DNV GL expressly disclaims any liability or co-responsibility for any decision a person or an entity may make based on this Assurance Statement.
A multidisciplinary team of sustainability and assurance specialists performed work at Commercial Bank’s Head Office, and as part of assurance we visited sample branch operations in Sri Lanka. We undertook the following activities:
During the assurance process, we did not come across limitations to the scope of the agreed assurance engagement.
On the basis of the verification undertaken, nothing came to our attention that causes us to believe that the Report does not properly describe Commercial Bank’s adherence to the criteria of reporting (Guiding Principles and Content Elements) related to the
<IR> framework, representation of the material topics, business model, disclosures on value creation through six capitals, related strategies and Management approach and chosen topic-specific disclosures from the GRI Standards for identified material topics as below.:
Without affecting our assurance opinion, we also provide the following observations.
The process of determining the issues that is most relevant to an organisation and its stakeholders.
The report brings out the application of GRI materiality principles to arrive at highly significant material topics for the organisation. The materiality determination process was revalidated based on inputs from key stakeholders including employees, customers, investors, regulators, and society. It would be better to benchmark sustainability performance and trend analysis with respect to identified material topics with peer group. Nothing has come to our attention to suggest that the Bank has missed out key material issues related to its operations in Sri Lanka and Bangladesh.
The participation of stakeholders in developing and achieving an accountable and strategic response to sustainability.
The Bank has a documented stakeholder engagement process, which helps in identifying, engaging and responding to key sustainability concerns of significant stakeholders. Process covers a wide range of stakeholders. This could be further leveraged to collect proactive inputs, ideas and suggestions through structured customer feedback mechanism. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the principle of inclusivity.
The extent to which an organisation responds to stakeholder issues.
The key stakeholder concerns are fairly responded within the Report i.e. the Report brings out disclosures such as Bank’s business model, policies, management systems, governance mechanisms, disclosures on management approach. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Responsiveness. However, we are of the opinion that the adherence to this principle may further enhanced in future reporting periods by disclosing the Bank’s short, medium and long-term goals with respect to material issues raised by stakeholders.
The level to which an organisation monitors, measures and is accountable for how its actions affect its broader ecosystems.
Commercial Bank has a defined process in place for monitoring, measurement and evaluation of impacts both qualitative and quantitative of its performance on the environment, society, and key stakeholders. The Report adequately describes how both positive and negative impacts due to the identified material topics create and change value for the Bank and its key stakeholders through appropriate performance metrics and information. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Impact.
We consider the methodology and process for gathering information developed by the Bank for its sustainability performance reporting to be appropriate, and the qualitative and quantitative data included in the Report was found to be identifiable and traceable; the personnel responsible were able to demonstrate the origin and interpretation of the data and its reliability.
The accuracy and comparability of information presented in the report, as well as the quality of underlying data management systems.
The robustness of the data management and aggregation systems was evaluated during our visits to Commercial Bank’s Head Office and branch sites; the sample data and information verified as part of assurance was found to be reliable. All that had come to our attention suggests that reported data has been properly collated from information gathered from the operational level. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Reliability.
How much of all the information that has been identified as material to the organisation and its stakeholders is reported.
The Report has brought out the Content Elements and Guiding Principles well. Business strategy is well in place with digitalisation well in focus. Resource allocation is carefully done considering the automation, growth and increasing footprint in the global market. Management approach for Business Continuity Plan (BCP) in Bangladesh which is referred as one of the critical risk to business and is identified as material need to be reported in detail for future reporting. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Completeness.
The extent to which a report provides a balanced account of an organisation’s performance, delivered in a neutral tone.
Neutral tone of the disclosures on sustainability initiatives in terms of content and justification, makes the report balanced in its approach. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Neutrality. It is suggested that the future Reports may explicitly bring out sustainability challenges at various geographical locations of operations including Bangladesh.
For DNV GL
DNV GL Business Assurance India
Private Limited, India
DNV GL Business Assurance India
Private Limited, India.
February, 22 2019
DNV GL Business Assurance Lanka (Private) Limited is part of DNV GL – Business Assurance, a global provider of certification, verification, assessment and training services, helping customers to build sustainable business performance. www.dnvgl.com
1 The VeriSustain protocol is available on www.dnvgl.com
* Assurance Engagements other than Audits or Reviews of Historical Financial Information.