Commercial Bank of Ceylon PLC

Annual Report 2018

Annex 6: Independent Assurance Report

Annex 6.1: Independent Assurance Report to Commercial Bank of Ceylon PLC on the Sustainability Reporting Criteria Presented in the Integrated Annual Report – 2018

Introduction and scope of the engagement

The management of Commercial Bank of Ceylon PLC (“the Company”) engaged us to provide an independent assurance on the following elements of the sustainability reporting criteria presented in the Annual Report – 2018 (“the Report”).

  • Reasonable assurance on the information on financial performance as specified on page 39 of the Report.
  • Limited assurance on other information presented in the Report, prepared in accordance with the requirements of the Global Reporting Initiative GRI Standards: “In accordance” – Core guidelines.

Basis of our work and level of assurance

We performed our procedures to provide limited assurance in accordance with Sri Lanka Standard on Assurance Engagements (SLSAE 3000): “Assurance Engagements Other than Audits or Reviews of Historical Financial Information”, issued by the Institute of Chartered Accountants of Sri Lanka (“CA Sri Lanka”).

The evaluation criteria used for this limited assurance engagement are based on the Sustainability Reporting Guidelines (“GRI Guidelines”) and related information in particular, the requirements to achieve GRI Standards “In accordance” - Core guideline publication, publicly available at GRI’s global website at “”.

Our engagement provides limited assurance as well as reasonable assurance. A limited assurance engagement is substantially less in scope than a reasonable assurance engagement conducted in accordance with SLSAE 3000 and consequently does not enable to obtain assurance that we would become aware of all significant matters that might be identified in a reasonable assurance engagement. Accordingly, we do not express an opinion providing reasonable assurance.

Management of the Company’s responsibility for the report

The management of the Company is responsible for the preparation of the self-declaration, the information and statements contained within the Report, and for maintaining adequate records and internal controls that are designed to support the sustainability reporting process in line with the GRI Sustainability Reporting Guidelines.

Ernst & Young’s responsibility

Our responsibility is to express a conclusion as to whether we have become aware of any matter that causes us to believe that the Report is not prepared in accordance with the requirements of the Global Reporting Initiative, GRI Standards: “In accordance” - Core guidelines. This report is made solely to the Company in accordance with our engagement letter dated January 8, 2019. We disclaim any assumption of responsibility for any reliance on this report to any person other than the Company or for any purpose other than that for which it was prepared. In conducting our engagement, we have complied with the independence requirements of the Code for Ethics for Professional Accountants issued by the

CA Sri Lanka.

Key assurance procedures

We planned and performed our procedures to obtain the information and explanations considered necessary to provide sufficient evidence to support our limited assurance conclusions. Key assurance procedures included:

  • Interviewing relevant the Company’s personnel to understand the process for collection, analysis, aggregation and presentation of data.
  • Reviewing and validation of the information contained in the Report.
  • Checking the calculations performed by the Company on a sample basis through recalculation.
  • Reconciling and agreeing the data on financial performance are properly
    derived from the Company’s audited financial statements for the year ended December 31, 2018.
  • Comparison of the content of the Report against the criteria for a Global Reporting Initiative, GRI Standards: “In accordance” – Core guidelines.

Our procedures did not include testing electronic systems used to collect and aggregate the information.

Limitations and considerations

Environmental and social performance data are subject to inherent limitations given their nature and the methods used for determining, calculating and estimating such data.


Based on the procedures performed, as described above, we conclude that;

  • The information on financial performance as specified on page 39 of the Report are properly derived from the audited financial statements of the Company for the year ended December 31, 2018.
  • Nothing has come to our attention that causes us to believe that other information presented in the Report are not fairly presented, in all material respects, in accordance with the Company’s sustainability practices and policies some of which are derived from Sustainability Reporting Guideline, GRI Standards – “In accordance” Core.

Ernst & Young
Chartered Accountants

February 22, 2019



ANNEX 6.2: Independent Assurance Statement on Non-Financial Reporting – DNV GL

Scope and approach

DNV GL represented by DNV GL Business Assurance Lanka (Private) Limited has been commissioned by the Management of Commercial Bank of Ceylon PLC (“Commercial Bank’ or “the Bank”, Company Registration Number PQ 116) to carry out an independent assurance engagement (Type 2, Moderate level) for the non-financial – qualitative and quantitative information (sustainability performance) reported in Commercial Bank’s Annual Report 2018 (“the Report”) in its printed format for the financial year ending December, 31 2018. The sustainability disclosures in this Report is prepared by the Bank, based on International Integrated Reporting Council’s (“IIRC’s”) International <IR> Framework (“<IR> Framework”) and includes references to the Global Reporting Initiative (“GRI”). Sustainability Reporting Standards 2016 (“GRI Standards”), for non-financial performance related to identified material topics.

We performed our work using Account Ability’s AA1000 Assurance Standard 2008 (AA1000AS), with 2018 addendum and DNV GL’s assurance methodology VeriSustain TMI ,

which is based on our professional experience, international assurance best practice including International Standard on Assurance Engagements 3000 (ISAE 3000) Revised* and GRI reporting principles on Content and Quality. Our assurance engagement was planned and carried out during January 2019-February 2019. The intended user of this assurance statement is the Management of the Bank (“the Management”).

The reporting topic boundary of sustainability performance is based on internal and external materiality assessment covering Commercial Bank’s banking and associated operations in Sri Lanka and Bangladesh. The Report excludes performance data and information related to the activities of Commercial Bank’s six subsidiaries – Commercial Development Company PLC, ONEzero Company Ltd., Serendib Finance Ltd., Commex Sri Lanka S.R.L Italy, Commercial Bank of Maldives (Private) Limited, CBC Myanmar Microfinance Company Limited and the operations of its two associates, Equity Investments Lanka Ltd. and Commercial Insurance Brokers (Pvt.) Ltd. as the results of their operations are not significant (<1% revenue) compared to the overall results of the Bank. This is as set out in the Report in the section “Basis of Preparation”.

We planned and performed our work to obtain the evidence we considered necessary to provide a basis for our assurance opinion and the process did not involve engagement with external stakeholders.

Responsibilities of the management of Commercial Bank and of the assurance providers

The Management of Commercial Bank have the sole responsibility for the preparation of the Report as well as the processes for collecting, analysing and reporting the information presented in the Report. In performing our assurance work, our responsibility is to the Management; however, our statement represents our independent opinion and is intended to inform the outcome of our assurance to the stakeholders of the Bank. DNV GL was not involved in the preparation of any statements or data included in the Report except for this Assurance Statement.

DNV GL provides a range of other services to Commercial Bank, none of which in our opinion, constitute a conflict of interest with this assurance work. DNV GL’s assurance engagements are based on the assumption that the data and information provided by the client to us as part of our review have been provided in good faith. DNV GL expressly disclaims any liability or co-responsibility for any decision a person or an entity may make based on this Assurance Statement.

Basis of our opinion

A multidisciplinary team of sustainability and assurance specialists performed work at Commercial Bank’s Head Office, and as part of assurance we visited sample branch operations in Sri Lanka. We undertook the following activities:

  • Review of Commercial Bank’s approach to non-financial reporting based on <IR> Framework including stakeholder relationships and materiality determination process and the outcome as reported in this Report. We did not have any direct engagement with external stakeholders;
  • Interviews with selected senior managers responsible for management of sustainability issues and review of selected evidence to support issues discussed. We were free to choose interviewees and interviewed those with overall responsibility to deliver the Company’s sustainability objectives;
  • Site visits to the sample branch operations at Ja-ela, Negambo, Kochchikade and Seeduwa in Sri Lanka, and to review processes and systems with regard to the site level sustainability data and implementation of sustainability strategy. We were given the choice to select the sites we visited;
  • Review of supporting evidence related to qualitative and quantitative disclosures within the Report against identified material aspect;
  • Review of the processes for gathering and consolidating the specified performance data and, for a sample, checking the data consolidation. The reported data on economic performance and other financial data are based on audited financial statements issued by the Company’s statutory auditors.

During the assurance process, we did not come across limitations to the scope of the agreed assurance engagement.

Opinion and observations

On the basis of the verification undertaken, nothing came to our attention that causes us to believe that the Report does not properly describe Commercial Bank’s adherence to the criteria of reporting (Guiding Principles and Content Elements) related to the
<IR> framework, representation of the material topics, business model, disclosures on value creation through six capitals, related strategies and Management approach and chosen topic-specific disclosures from the GRI Standards for identified material topics as below.:

  • GRI 201: Economic-performance – 2016–201-1
  • GRI 203: Indirect Economic Impacts-2016-203-1
  • GRI 205: Anti-corruption – 2016-205-1; 205-3
  • GRI 302: Energy 2016 – 302-1; 302-4
  • GRI 305: Emissions – 2016-305-1; 305-2
  • GRI 401: Employment – 2016 – 401-1; 401-3
  • GRI 404: Training and education – 2016 – 404-1; 404-3
  • GRI 405: Diversity and equal opportunity 2016-405-1; 405-2
  • GRI 418: Customer privacy – 2016 – 418-1.

Without affecting our assurance opinion, we also provide the following observations.

AA1000 Accountability Principles Standard (2018)


The process of determining the issues that is most relevant to an organisation and its stakeholders.

The report brings out the application of GRI materiality principles to arrive at highly significant material topics for the organisation. The materiality determination process was revalidated based on inputs from key stakeholders including employees, customers, investors, regulators, and society. It would be better to benchmark sustainability performance and trend analysis with respect to identified material topics with peer group. Nothing has come to our attention to suggest that the Bank has missed out key material issues related to its operations in Sri Lanka and Bangladesh.


The participation of stakeholders in developing and achieving an accountable and strategic response to sustainability.

The Bank has a documented stakeholder engagement process, which helps in identifying, engaging and responding to key sustainability concerns of significant stakeholders. Process covers a wide range of stakeholders. This could be further leveraged to collect proactive inputs, ideas and suggestions through structured customer feedback mechanism. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the principle of inclusivity.


The extent to which an organisation responds to stakeholder issues.

The key stakeholder concerns are fairly responded within the Report i.e. the Report brings out disclosures such as Bank’s business model, policies, management systems, governance mechanisms, disclosures on management approach. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Responsiveness. However, we are of the opinion that the adherence to this principle may further enhanced in future reporting periods by disclosing the Bank’s short, medium and long-term goals with respect to material issues raised by stakeholders.


The level to which an organisation monitors, measures and is accountable for how its actions affect its broader ecosystems.

Commercial Bank has a defined process in place for monitoring, measurement and evaluation of impacts both qualitative and quantitative of its performance on the environment, society, and key stakeholders. The Report adequately describes how both positive and negative impacts due to the identified material topics create and change value for the Bank and its key stakeholders through appropriate performance metrics and information. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Impact.

Specific evaluation of the information on sustainability performance

We consider the methodology and process for gathering information developed by the Bank for its sustainability performance reporting to be appropriate, and the qualitative and quantitative data included in the Report was found to be identifiable and traceable; the personnel responsible were able to demonstrate the origin and interpretation of the data and its reliability.


The accuracy and comparability of information presented in the report, as well as the quality of underlying data management systems.

The robustness of the data management and aggregation systems was evaluated during our visits to Commercial Bank’s Head Office and branch sites; the sample data and information verified as part of assurance was found to be reliable. All that had come to our attention suggests that reported data has been properly collated from information gathered from the operational level. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Reliability.

Additional principles as per DNV GL VeriSustain


How much of all the information that has been identified as material to the organisation and its stakeholders is reported.

The Report has brought out the Content Elements and Guiding Principles well. Business strategy is well in place with digitalisation well in focus. Resource allocation is carefully done considering the automation, growth and increasing footprint in the global market. Management approach for Business Continuity Plan (BCP) in Bangladesh which is referred as one of the critical risk to business and is identified as material need to be reported in detail for future reporting. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Completeness.


The extent to which a report provides a balanced account of an organisation’s performance, delivered in a neutral tone.

Neutral tone of the disclosures on sustainability initiatives in terms of content and justification, makes the report balanced in its approach. Nothing has come to our attention to suggest that the Report does not meet the requirements related to the Principle of Neutrality. It is suggested that the future Reports may explicitly bring out sustainability challenges at various geographical locations of operations including Bangladesh.


Mithu Ghose
Lead Assessor

DNV GL Business Assurance India
Private Limited, India


Nandkumar Vadakepatth
Assurance Reviewer

DNV GL Business Assurance India
Private Limited, India.

February, 22 2019
Sri Lanka.

DNV GL Business Assurance Lanka (Private) Limited is part of DNV GL – Business Assurance, a global provider of certification, verification, assessment and training services, helping customers to build sustainable business performance.

1 The VeriSustain protocol is available on
* Assurance Engagements other than Audits or Reviews of Historical Financial Information.