Governance and Risk Management

Board Committee Reports

Board Audit Committee Report

Composition of the Committee

The Board Audit Committee (the BAC) consists of the following members whose profiles are given in the section on Board of Directors and Profiles.

Board members

Mr S Swarnajothi*
Prof A K W Jayawardane*
Mr K Dharmasiri*
Ms N T M S Cooray*
Justice K Sripavan*

Regular attendees by invitation

Mr S Renganathan
(Managing Director/Chief Executive Officer)
Mr S C U Manatunge
(Director/ Chief Operating Officer)
Mr K D N Buddhipala
(Chief Financial Officer)
Mr S K K Hettihamu
(Chief Risk Officer)
Mr V S Rajasooriyar
(Assistant General Manager – Compliance)
Mr J Premanath
(Assistant General Manager – Management Audit)
Mr Reyaz Mihular
(Senior practicing Chartered Accountant, serves the BAC in the capacity of a Consultant and is invited to attend meetings)
Independent Consultant appointed to the Committee to provide necessary assistance and enable the Committee to discharge its functions properly

Secretary to the Committee

Mr J Premanath
(Assistant General Manager – Management Audit)

*Independent Non-Executive Director

Attendance at Meetings

Name Eligible to attend/ Attended
Mr S Swarnajothi 08/07
Prof A K W Jayawardane 08/08
Mr K Dharmasiri 08/08
Ms N T M S Cooray 08/08
Justice K Sripavan 08/08
Mr S Renganathan 08/08
Mr S C U Manatunge 08/08

The Committee reviewed the risk-based audit approach adopted for assessing the effectiveness of the internal control procedures in place to identify and manage all significant risks.

Charter of the Committee

The Charter of the BAC (the Committee) approved by the Board, clearly defines the Terms of Reference of the Committee and is annually reviewed to ensure that new developments relating to the Committee’s functions are addressed. The Charter of the Committee was last reviewed and approved by the Board in September 2019.

The Committee assists the Board in discharging its responsibilities and exercises oversight over financial reporting, internal audit, internal controls and external audit.

The Committee has full access to information, cooperation from Management and discretion to invite any Director or Executive Officer to attend its meetings.

The Banking Act Direction No. 11 of 2007 on “Corporate Governance for Licensed Commercial Banks in Sri Lanka” and its subsequent amendments (hereinafter referred to as the Direction), “Rules on Corporate Governance under Listing Rules of the Colombo Stock Exchange” and “Code of Best Practice on Corporate Governance”, issued by The Institute of Chartered Accountants of Sri Lanka further regulate the composition, roles and functions of the Committee.

The Committee is empowered by the Board to:

  • Ensure that financial reporting system in place are effective and well managed in order to provide accurate, appropriate and timely information to the Board, Regulatory Authorities, the Management and other stakeholders.
  • Review the appropriateness of accounting policies and ensure adherence to statutory and regulatory compliance requirements and applicable Accounting Standards.
  • Ensure that the Bank adopts and adheres to high standards of Corporate Governance practices, conforming to the highest ethical standards and good industry practices in the best interests of all stakeholders.
  • Evaluate the adequacy, efficiency and effectiveness of Risk Management measures, Internal Controls and Governance Processes in place to avoid, mitigate or transfer current and evolving risks.
  • Monitor all aspects of Internal and External Audit and Inspection programmes of the Bank and review Internal and External Audit Reports for follow up with the Management on their findings and recommendations.
  • Review the Interim Financial Statements and Annual Financial Statements of the Bank in order to monitor the integrity of such statements prepared for disclosure, prior to submission to the Board.

Activities in 2019

The Committee held eight (08) meetings during the financial year ended December 31, 2019. Proceedings of these meetings with adequate details of matters discussed are regularly reported to the Board.

Representatives of the Bank’s External Auditors, Messrs Ernst & Young also participated in seven (07) meetings during the year by invitation. The Committee also invited members of the Senior Management of the Bank to participate in the meetings from time to time on a need basis.

Reporting of financial position and performance:

The Committee assisted the Board in its oversight on the preparation of Financial Statements to evidence a true and fair view on financial position and performance. This process is based on the Bank’s accounting records and in accordance with the stipulated requirements of the Sri Lanka Accounting Standards. In fulfilling its oversight responsibilities, the Committee reviewed and discussed the Interim and Consolidated Financial Statements, including the acceptability of the accounting principles, the reasonableness of significant estimates and judgements.

The Committee reviewed the Tax Assessments outstanding and action initiated for follow up for resolution through regular reports submitted by the Chief Financial Officer.

The prevailing Internal Controls, systems and procedures were assessed by the Committee and it expressed the view that adequate controls and procedures were in place to provide reasonable assurance to the effect that the Bank’s assets are safeguarded and the financial position of the Bank is well monitored and accurately reported.

Progress of implementation of SLFRS 9:

The Committee continuously monitored the progress of implementation of SLFRS 9 as per the requirements of Sri Lanka Accounting Standard – SLFRS 9 on “Financial Instruments” that has been issued with effective date being January 1, 2018.

The Committee reviewed the Policy Manual on principles and methodologies including Expected Credit Losses (ECL) computation under SLFRS 9 – “Financial Instruments” adopted by the Management during the year 2019.

Internal Capital Adequacy Assessment Process (ICAAP):

The Committee reviewed the effectiveness of internal control mechanism in place to meet the regulatory requirements on ICAAP and the mechanism in place to ensure integrity, accuracy and reasonableness in capital assessment process of the Bank for the year 2018, as per the Section 10 of Banking Act Direction No. 01 of 2016 on “Regulatory Framework on Supervisory Review Process”.

Oversight on regulatory compliance:

The Committee also ensured that the Bank complies with all regulatory and legal requirements and closely scrutinised compliance with mandatory banking and other statutory requirements and the systems and procedures that are in place. The quarterly reports submitted by the Compliance Officer were used by the Committee to monitor compliance with all such legal and statutory requirements. The Bank’s Inspection Department has been mandated to conduct independent test checks covering all regulatory compliance requirements, as a further monitoring measure.

The Committee monitored the progress on implementation of the recommendations made in the Statutory Examination Reports of Central Bank of Sri Lanka (CBSL) through regular follow up reports tabled during the year 2019.

Identification of risks and control measures:

The Bank has adopted a risk-based audit approach towards assessing the effectiveness of the internal control procedures in place to identify and manage all significant risks and that these are being reviewed by the Committee.

The risk rating of Branches and certain business Units of the Bank has been reviewed to capture current risk profiles of such business units while providing insights to emerging and potential risks. Reviewed Risk Rating Methodology had been approved by the Committee during the year 2019 and adopted for assessing and measuring risks identified during audit assignments carried out by the Inspection Function.

The Committee seeks and obtains the required assurances from Business Units on the remedial action in respect of the identified risks to maintain the effectiveness of internal control procedures.

Internal audit and inspection:

The Committee ensured that the Internal Audit Function is independent of the activities it audited and that it was performed with impartiality, proficiency and due professional care.

The Committee approved the Programme of Inspection formulated by the Inspection Department and the Information Systems Audit Unit (ISAU) and reviewed its progress of implementation regularly. The scope of work was enhanced to include credit audits including that of credit administration at Corporate Banking Unit and Branches.

The Bank’s Inspection Department carried out, online and onsite inspection of business units including 04 subsidiaries in Sri Lanka and overseas operations namely Bangladesh and overseas subsidiaries Commercial Bank of Maldives Private Limited and CBC Myanmar Microfinance Co. Ltd. Commex Sri Lanka S. R. L. subsidiary incorporated in Italy was monitored through an offsite surveillance. With the concurrence of the Board, the Bank continued to engage the services of four (4) firms of Chartered Accountants approved by the CBSL in order to supplement Bank’s Inspection Department in carrying out inspection assignments.

ISAU conducted onsite/off site audits including monitoring through System based audit tools, reviews of change management activities and verification of compliance with industry standards such as ISO 27001:2013/ PCI-DSS/ Baseline Security Standards (BSS) to ensure safeguarding IT assets of the Bank. The work of ISAU included all Bank’s subsidiaries and Bangladesh operations. The Committee received the attention of significant findings and recommendations made in the reports submitted by ISAU. The Committee also reviewed the reports on findings relating to Business Continuity Planning and Roles Swap exercises conducted during the year 2019.

Six hundred and fifty-five (655) inspection reports on Business Units and Departments including subsidiaries and overseas operations received the attention of the Committee which highlighted the Operational deficiencies, risks and the recommendations. The Committee evaluated the Bank’s system of internal controls and duly reported its findings to the Board.

Major findings of internal investigations with recommendations of the management were considered and appropriate instructions issued. The Committee also invited representatives from the audit firms assisting in inspections to make presentations on their observations and findings.

The Committee reviewed the Inspection/Information Systems Audit operational manual and evaluated the Internal Audit Function covering key areas such as scope, quality of internal audits, independence and resources.

Members of the Committee also made periodic visits to the Branches personally to gather information in regard to the operations, controls implemented and follow up action taken for significant audit findings.

External audit:

With regard to the external audit function of the Bank, the role played by the Committee is as follows:

  • Assisting the Board in engaging External Auditors for audit services, in compliance with the provisions of the Direction and agree on their remuneration with the approval of the shareholders.
  • Monitoring and evaluating the independence, objectivity and effectiveness of External Auditor.
  • Reviewing non-audit services provided by the Auditors, with a view to ensuring that such functions do not fall within the restricted services and provision of such services will not impair the External Auditors’ independence and objectivity.
  • Discussing the audit plan, scope and the methodology proposed to be adopted in conducting the audit with the Auditors, prior to commencement of the annual audit.
  • Discussing all relevant matters arising from the interim and final audits, and any matters the Auditor may wish to discuss, including matters that may need to be discussed in the absence of Key Management Personnel.
  • Reviewing the External Auditors’ Management Letter and the Management’s responses thereto.

The Auditors were provided with the opportunity of meeting Non-Executive Directors separately, without any executive being present, to ensure that the Auditors had the independence to discuss and express their opinions on any matter. It provided the assurance to the Committee that the Management has fully provided all information and explanations requested by the Auditors.

At the conclusion of the audit, the Committee also met the Auditors to review the Auditors’ Management Letter before it was submitted to the Board and CBSL.

The members of the Committee evaluated the Bank’s External Auditor, Messrs Ernst & Young covering key areas such as scope and delivery of audit, resources and quality assurance initiatives, during the year 2019.

Mechanism of internal controls:

Sections 3 (8) (ii) (b) and (c) of the Banking Act Direction No. 11 of 2007, stipulates the requirements to be complied with by the Bank to ensure reliability of the financial reporting system in place at the Bank.

The Committee is assisted by the External Auditor and Inspection Department to closely monitor the procedures designed to maintain an effective internal control mechanism to provide reasonable assurance that this requirement is being complied with.

In addition, the Committee regularly monitored all exceptional items charged to the Income Statement, long outstanding items in the Bank’s Chart of Accounts, Credit Quality, Risk Management procedures and adherence to classification of non-performing loans and provisioning requirements specified by the CBSL. The Committee also reviewed the credit monitoring and follow up procedures and the Internal Control Procedures in place to ensure that necessary controls and mitigating measures are available in respect of newly-identified risks.

Ethics and Good Governance:

The Committee continuously emphasised on upholding ethical values of the staff members. In this regard, a Code of Ethics and Whistle-Blower’s Charter was put in place and followed for educating and encouraging all members of staff to resort to whistle-blowing if they suspect wrong doings or other improprieties. Highest standards of Corporate Governance and adherence to the Bank’s Code of Ethics were ensured. All appropriate procedures were in place to conduct independent investigations into incidents reported through whistle-blowing or identified through other means. The Whistle-Blower’s Charter guarantees the maintenance of strict confidentiality of the identity of the whistle-blowers.

Sri Lanka Accounting Standards:

The Committee reviewed the revised policy decisions relating to adoption of new and revised Sri Lanka Accounting Standards (SLFRS/LKAS) applicable to the Bank and made recommendations to the Board. The Committee would continue to monitor the compliance with relevant Accounting Standards and keep the Board informed at regular intervals.

Evaluation of the Committee:

An independent evaluation of the effectiveness of the Committee was carried out by the other Members of the Board during the year. Considering the overall conduct of the Committee and its contribution on the overall performance of the Bank, the Committee has been rated as highly effective.

S Swarnajothi

Board Audit Committee


February 20, 2020