Independent practitioner’s assurance report to the Board of Directors of DFCC Bank PLC on the Integrated Annual Report 2023


We have been engaged by DFCC Bank PLC to perform a “limited assurance engagement,” as defined by Sri Lanka Standard on Assurance Engagements, here after referred to as the engagement, to report on DFCC Bank PLC’s Information on how it's strategy, governance, performance and prospects, in the context of its external environment, lead to the creation, preservation or erosion of value over the short, medium and long term (the “Subject Matter”) contained in DFCC Bank PLC’s (the “Entity’s”) Integrated Annual Report for the year ended 31 December 2023 (the “Report”).

Other than as described in the preceding paragraph, which sets out the scope of our engagement, we did not perform assurance procedures on the remaining information included in the Report, and accordingly, we do not express a conclusion on this information.

Criteria applied by DFCC Bank PLC

In preparing the Subject Matter, DFCC Bank PLC applied the Integrated Reporting Framework (<IR> Framework) issued by the International Integrated Reporting Council (IIRC) (“Criteria”):

Such Criteria were specifically designed for the purpose of assisting in determining whether the capital management, stakeholder engagement, business model, strategy, organizational overview & external environment outlook presented in the Integrated Annual Report is presented in accordance with the relevant criteria; As a result, the subject matter information may not be suitable for another purpose.

DFCC Bank PLC’s responsibilities

DFCC Bank PLC management is responsible for selecting the Criteria, and for presenting the Subject Matter in accordance with that Criteria, in all material respects. This responsibility includes establishing and maintaining internal controls, maintaining adequate records and making estimates that are relevant to the preparation of the subject matter, such that it is free from material misstatement, whether due to fraud or error.

Ernst & Young’s responsibilities

Our responsibility is to express a conclusion on the presentation of the Subject Matter based on the evidence we have obtained.

We conducted our engagement in accordance with the Sri Lanka Standard for Assurance Engagements Other Than Audits or Reviews of Historical Financial Information (SLSAE 3000 (Revised), and the terms of reference for this engagement as agreed with the DFCC Bank PLC on 24 November 2023. Those standards require that we plan and perform our engagement to express a conclusion on whether we are aware of any material modifications that need to be made to the Subject Matter in order for it to be in accordance with the Criteria, and to issue a report. The nature, timing, and extent of the procedures selected depend on our judgment, including an assessment of the risk of material misstatement, whether due to fraud or error.

We believe that the evidence obtained is sufficient and appropriate to provide a basis for our limited assurance conclusions.

Our independence and quality management

We have maintained our independence and confirm that we have met the requirements of the Code of Ethics for Professional Accountants issued by the Institute of Chartered Accountants of Sri Lanka (CA Sri Lanka) and have the required competencies and experience to conduct this assurance engagement.

EY also applies International Standard on Quality Management 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services engagements, which requires that we design, implement and operate a system of quality management including policies or procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

Description of procedures performed

Procedures performed in a limited assurance engagement vary in nature and timing from, and are less in extent than for a reasonable assurance engagement. Consequently, the level of assurance obtained in a limited assurance engagement is substantially lower than the assurance that would have been obtained had a reasonable assurance engagement been performed. Our procedures were designed to obtain a limited level of assurance on which to base our conclusion and do not provide all the evidence that would be required to provide a reasonable level of assurance.

Although we considered the effectiveness of management’s internal controls when determining the nature and extent of our procedures, our assurance engagement was not designed to provide assurance on internal controls. Our procedures did not include testing controls or performing procedures relating to checking aggregation or calculation of data within IT systems.

A limited assurance engagement consists of making enquiries, primarily of persons responsible for preparing the subject matter and related information and applying analytical and other appropriate procedures.

Our procedures included:

  • Performed a comparison of the content of the Integrated Annual Report against the Guiding Principles and Content Elements given in the Integrated Reporting Framework (<IR> Framework).
  • Checked whether the information contained in the Integrated Annual Report – Financial Capital element information has been properly derived from the audited financial statements.
  • Conducted interviews with the selected key management personnel and relevant staff and obtained an understanding of the internal controls, governance structure and reporting process relevant to the Integrated Report.
  • Obtained an understanding of the relevant internal policies and procedures developed, including those relevant to determining what matters most to the stakeholders, how the organization creates value, the external environment, strategy, approaches to putting members first, governance and reporting.
  • Obtained an understanding of the description of the organisation’s strategy and how the organization creates value, what matters most to the stakeholders and enquiring the management as to whether the description in the Integrated Report accurately reflects their understanding.
  • Checked the Board of Directors meeting minutes during the financial year to ensure consistency with the content of the Integrated Report.
  • Tested the relevant supporting evidence related to qualitative and quantitative disclosures within the Integrated Report against identified material aspects.
  • Read the Integrated Report in its entirety for consistency with our overall knowledge obtained during the assurance engagement.

We also performed such other procedures as we considered necessary in the circumstances.

Emphasis of matter

Economic, Environment, Social and Intellectual capital management data/information are subject to inherent limitations given their nature and the methods used for determining, calculating and estimating such data. Such inherent limitations are common in Sri Lanka.

We also do not provide any assurance on the assumptions and achievability of prospective information presented in the Entity’s Annual Report.


Based on our procedures and the evidence obtained, we are not aware of any material modifications that should be made to the information contained in the Integrated Annual Report of DFCC Bank PLC for the year ended 31 December 2023, in order for it to be in accordance with the Criteria.

19 February 2024