In line with the Section 3 (8) (ii) (b) of the Banking Act Direction No. 11 of 2007, and principle D.1.5 of Code of Best Practice on Corporate Governance 2017 issued by CA Sri Lanka (Code) the Board of Directors presents this Report on Internal Control.
The Board of Directors (the Board) is responsible for the adequacy and effectiveness of the system of internal controls in place at Commercial Bank of Ceylon PLC (the Bank). However, such a system is designed to manage the Bank’s key areas of risk within an acceptable risk profile, rather than to eliminate the risk of failure to achieve the policies and business objectives of the Bank. Accordingly, the system of internal controls can only provide reasonable but not absolute assurance against material misstatement of management and financial information and records or against financial losses or fraud.
The Board has established an ongoing process for identifying, evaluating and managing the significant risks faced by the Bank and this process has been in place for the year under review which includes enhancing the system of internal controls as and when there are changes to business environment or regulatory guidelines. The process is regularly reviewed by the Board and accords with the “Guidance for Directors of Banks on the Directors’ Statement on Internal Control” issued by CA Sri Lanka. The Board has assessed the internal control taking into account all main principles for the assessment of internal control system as given in that guidance.
The Board is of the view that the system of internal controls in place over financial reporting is sound and adequate to provide reasonable assurance regarding the reliability of financial reporting, and that the preparation of Financial Statements for external purposes is in accordance with relevant accounting principles and regulatory requirements.
The Management assists the Board in the implementation of the Board’s policies and procedures on risk and control by identifying and assessing the risks faced, and in the design, operation and monitoring of suitable internal controls to mitigate and control these risks.
The key processes that have been established in reviewing the adequacy and integrity of the system of internal controls with respect to financial reporting include the following:
Since the adoption of new Sri Lanka Accounting Standards comprising SLFRSs and LKASs in 2012 and the Sri Lanka Accounting Standard – SLFRS 9 on “Financial Instruments” which became effective from January 1, 2018, processes that are required to comply with new requirements of recognition, measurement, presentation and disclosures were introduced and implemented. Continuous monitoring is in progress and steps are being taken to make improvements to the processes where required, to enhance effectiveness and efficiency. The Bank has documented procedures relating to these new requirements and updates the procedure manuals as and when necessary and also obtained approval of the BAC and the Board for changes made to the documented procedures. Automating the processes relating to various computations required under SLFRSs and LKASs including loan impairments are in progress. The Banks’ Internal Audit Department commenced testing these processes since first quarter 2013 and continued to do so in 2019 as well. The test results were tabled regularly for review by the BAC during the year 2019.
The comments made by the External Auditors in connection with the internal control system during the financial year 2018 were taken into consideration and appropriate steps have been taken to address them where appropriate.
The Assurance Report of the External Auditors in connection with internal control over financial reporting is appearing in the section on Independent Assurance Report.
Based on the above processes, the Board of Directors confirms that the financial reporting system of the Bank has been designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of Financial Statements for external purposes has been done in accordance with the Sri Lanka Accounting Standards and regulatory requirements of the Central Bank of Sri Lanka.
The External Auditors, Messrs. Ernst & Young, have reviewed the above Directors’ Statement on Internal Control included in this Annual Report of the Bank for the year ended December 31, 2019 and reported to the Board that nothing has come to their attention that causes them to believe that the statement is inconsistent with their understanding of the process adopted by the Board in the review of the design and effectiveness of the internal control system over financial reporting of the Bank. Their independent assurance report on the “Directors’ Statement on Internal Control over Financial Reporting” is given in the chapter on Governance and Risk Management of this Annual Report.
By Order of the Board,
K G D D Dheerasinghe
M P Jayawardena
Chairman – Board Audit Committee
Managing Director /Chief Executive Officer
February 20, 2020