Directors’ Statement on Internal Control

Introduction

Section 3 (8) (ii) (b) of the Banking Act Direction No. 11 of 2007 requires the Board of Directors (‘the Board’) to report on the internal control mechanism that confirms that the financial reporting system has been designed to provide reasonable assurance regarding the reliability of financial reporting, and that the preparation of Financial Statements for external purposes has been done in accordance with relevant accounting principles and regulatory requirements. This report is to be in line with the said regulatory requirement.

Internal Control System

The internal control system is the process designed and effected by those charged with governance, management and other personnel, to provide reasonable assurance about the achievement of DFCC Bank PLC’s (‘the Bank’) objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

The internal control system of the Bank consists of the following components:

  • The control environment;
  • The entity’s risk assessment process;
  • The information system, including the related business processes, relevant to financial reporting and communication;
  • Control activities; and
  • Monitoring of controls.

The subset of this wider internal control system is the internal controls designed and implemented to provide reasonable assurance regarding the reliability of the financial reporting, and that the preparation of Financial Statements for external purposes has been done in accordance with relevant accounting principles and regulatory requirements.

Responsibility

The Board acknowledges the responsibility for the adequacy and effectiveness of the Bank’s system of internal controls, which is designed to provide assurance on the maintenance of proper accounting records and the reliability of financial information generated, and safeguarding of the assets of the Bank. However, such systems are designed to manage the Bank’s key exposures to risk within acceptable risk parameters, rather than to eliminate the risk of failure to achieve the business goals and objectives of the Bank. Therefore, the system of internal controls can only provide reasonable and not absolute assurance against errors or material misstatement of management and financial information and records, or against financial losses or fraud.

Framework for Managing Material Risks of the Bank

The Board has set-up an ongoing process for identifying, monitoring and managing the material risks faced by the Bank. This includes establishment of a dedicated Risk Management Department that provides regular reports on various risks, subject to an oversight by the Internal Audit Department through Internal Audit Reports, that enables the Audit Committee to review the adequacy and effectiveness of the system of internal controls continuously to match the changes in the business environment or regulatory guidelines. In making this assessment, all key processes relating to material or significant transactions captured and recorded in the books of accounts are identified and covered on an ongoing basis that is compatible with the guidance for Directors of Banks on the Directors’ Statement of Internal Control issued by The Institute of Chartered Accountants of Sri Lanka.

Key Internal Control Processes

The key processes that have been established in reviewing the adequacy and integrity of the system of internal controls include the following:

  • The Board has established Committees to assist them in exercising oversight on the effectiveness of the Bank’s daily operations and ensuring that they are in accordance with the corporate objectives, strategies and the budgetary targets as well as the policies and business directions that have been approved.
  • The Internal Audit Department of the Bank verifies compliance of operations with policies and procedures and the adequacy and effectiveness of the internal control systems, and highlights significant findings in respect of any non-compliance. Audits are carried out on all units and branches, the frequency of which is determined by the level of risk assessed, to provide an independent and objective report on operational and management activities of these units and branches. The Annual Audit Plan is reviewed and approved by the Audit Committee and the findings of the audits are submitted to the Audit Committee for review at their periodic meetings.
  • The Audit Committee of the Bank reviews internal control issues identified by the internal audit, the External Auditors, regulatory authorities and management, and evaluates the adequacy and effectiveness of the risk management and internal control systems. They also review the internal audit function focusing on the scope of audits and the quality of reporting. The minutes of the Audit Committee meetings are tabled for the information of the Board on a periodic basis. Further, details of the activities undertaken by the Audit Committee of the Bank are set out in the Report of the Audit Committee in the chapter on Stewardship.
  • The Board Integrated Risk Management Committee (BIRMC) was established by the Board to assist the Board to oversee the overall management of principal areas of risk of the Bank. The BIRMC includes representation from all key business and operational areas of the Bank, and the Board is assisted in the implementation of policies, procedures and controls identified by the BIRMC.
  • Operational Committees have also been established with appropriate mandates to ensure effective management and supervision of the Bank’s core areas of business operations. These Committees include the Management Committee, Credit Committees, the Asset/Liability Committee, the Impairment Assessment Committee and the Information Technology Steering Committee.

Assessment of the Adequacy and Effectiveness of Internal Control

Although this process is carried out every year on a continuous basis, the Direction on Corporate Governance issued by the Central Bank of Sri Lanka requires the Board to provide a separate report on the Bank’s Internal Control mechanism, that confirms that the financial reporting system has been designed to provide reasonable assurance regarding the reliability of financial reporting, and that the preparation of Financial Statements for external purposes has been done in accordance with relevant accounting principles and regulatory requirements, supplemented with independent certification by the Auditor. The Auditors provide the Independent Assurance Report in accordance with Sri Lanka Standard on Assurance Engagements (SLSAE) – 3050 issued by The Institute of Chartered Accountants of Sri Lanka.

In order to facilitate the tasks of the Auditors to issue the Independent Assurance Report, the SLSAE – 3050 requires documentation of all procedures and controls that are related to significant accounts and disclosures of the Financial Statements of the Bank, with audit evidence of checks performed by the Bank on an ongoing basis.

The risk and significance based Internal Audit Plan implemented by the Internal Audit Department in consultation with the Board Audit Committee, specifically included on a sample basis, independent verification that the internal control process documented by the Bank, which is supported with audit evidence, was in fact carried out on an ongoing basis.

Transition to New Sri Lanka Accounting Standards

Consequent to full convergence of Sri Lanka Accounting Standards with International Financial Reporting Standards and International Accounting Standards that became effective from 2012, the Bank implemented a process to ensure changes arising from new accounting standards are adequately identified, recognised and disclosed in the Financial Statements. The process for making necessary adjustments based on Sri Lanka Accounting Standards – LKAS 39 continue to be made based on excel software application, for which the feasibility of developing or acquiring a separate system is currently being evaluated. The process followed by the Bank for quantification of adjustments is continuously reviewed and further improvements were made during the current year. The testing of such processes by the internal audit was carried out during the year. These processes will be further improved on an ongoing basis.

The Board also has taken into consideration the requirements of “SLFRS 09 - Financial Instruments” accounting standard which is to be effective from 01 January 2018, as it is expected to have significant impact on the calculation of impairment on financial instruments of the Bank. The impact assessment on transition to SLFRS 09 has been completed based on data compiled up to 31 December 2016 with the assistance of an external consultant. The same impact assessment is further extended to include data up to 31 December 2017 which is currently underway. A separate note on the implementation of SLFRS 09 and its impact to the financial statements is given under the Explanatory Note No. 8.1.1.

The computation of impairment losses from Loans and Advances has not been automated yet. Considering the complexity and level of estimation involved in this process, the Board is evaluating the options available for automation. This evaluation process will also address the new parameter requirements which will become applicable with the adoption of SFLRS 9.

Management Information

The comments made by the External Auditors in connection with the internal control system for the financial year ended 31 December 2016 were reviewed during the year and appropriate steps have been taken to rectify them.

The recommendations made by the External Auditor in the financial year ended 31 December 2017 in connection with the internal control system will be addressed in future.

The Directors are of the opinion that these recommendations are intended to further improve the internal control system and they do not in any way detract from the conclusion that the financial reporting system is reliable to provide reasonable assurance, that the Financial Statements for external use are true and fair and complies with Sri Lanka Accounting Standards and the regulatory requirements of the Central Bank of Sri Lanka.

Confirmation

Based on the above detailed internal control mechanism and related processes of the Bank, the Board confirms that the financial reporting system of the Bank has been designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of Financial Statements for external purposes is in accordance with Sri Lanka Accounting Standards and regulatory requirements of the Central Bank of Sri Lanka.

Review of the Statement by External Auditors

The External Auditors have reviewed the above Directors’ Statement on Internal Control for the year ended 31 December 2017 and their Independent Assurance Report is in the chapter on Stewardship of the Annual Report.

By Order of the Board,

P M B Fernando

Chairman – Audit Committee

C R Jansz

Chairman – Board of Directors

L H A L Silva

Chief Executive Officer/Director

19 February 2018

Close
TOP