Loading...

Chart Generator

Download Center
0

My Report

Keyword search

COMMERCIAL BANK OF CEYLON PLC

ANNUAL REPORT 2023
 

My Report

At the moment, there are no entries available for display

Download as PDF

INTEGRATED REPORT

Governance and risk management

Directors’ Statement on internal control over financial reporting and risk management

Responsibility

The Board of Directors (the Board) of Commercial Bank of Ceylon PLC (the Bank) wishes to present this Report on Internal Control over Financial Reporting and Risk Management, in line with the Section 3 (8) (ii) (b) of the Banking Act Direction No. 11 of 2007, and Principle D.1.5 of the Code of Best Practice on Corporate Governance 2023 (Code) issued by CA Sri Lanka.

The Board is responsible for the adequacy and effectiveness of the system of risk management and internal controls in place at the Bank. However, such a system is designed to manage the Bank’s key areas of risk within an acceptable risk profile, rather than to eliminate the risk of failure to achieve business objectives of the Bank. Accordingly, the system of internal controls can only provide reasonable but not absolute assurance against material misstatements of management and financial information and records or against financial losses or fraud.

The Board has established an ongoing process for identifying, evaluating and managing the principal risks faced by the Bank and this risk management framework has been well established for many years, which includes enhancing the system of internal controls as and when there are changes to business environment or regulatory guidelines. The process is regularly reviewed by the Board and accords with the “Guidance for Directors of Banks on the Directors’ Statement on Internal Control” issued by CA Sri Lanka. The Board has assessed the internal controls taking into account all main principles for the assessment of an internal control system as given in that guidance.

The Board is of the view that the system of internal controls in place over financial reporting at the Bank is sound and adequate to provide reasonable assurance regarding the reliability of financial reporting, and that the preparation of Financial Statements for external purposes is done in accordance with relevant accounting principles and regulatory requirements.

The Management assists the Board in the implementation of the Board’s policies and procedures on risk management and internal controls by identifying and assessing the risks faced, and in the design, implementation, operation and monitoring of suitable system of risk management and internal controls to mitigate and control these risks.

Key features of the process adopted in applying and reviewing the design and effectiveness of the Internal Control System on Financial Reporting and Risk Management

The key processes that have been established in reviewing the adequacy and integrity of the system of internal controls with respect to financial reporting and risk management include the following:

  • Ten (10) Subcommittees have been established by the Board, including those mandatary committees as required by the Banking Act Direction No 11 of 2007, the Listing Rules of the Colombo Stock Exchange, and the Banking Act Direction No 01 of 2023, to assist the Board in ensuring the effectiveness of the Bank’s daily operations and that the Bank’s operations are conducted in line with the corporate objectives, strategies and the annual budget as well as the policies and business directions that have been approved. Details of the activities undertaken by each Subcommittee are set out on pages 195 to 215.
  • Policies/Charters have been developed covering all functional areas of the Bank and these have been recommended by Board appointed Committees and approved by the Board. Such policies and Charters are reviewed and approved at least annually.
  • The Inspection/Internal Audit Department/Information Systems Audit Unit of the Bank check for compliance with policies and procedures and the effectiveness of the internal control systems/Information System controls on an ongoing basis using samples and rotational procedures and highlight significant findings in respect of any non-compliance. Further, Onsite, Online and Offsite audits are carried out covering all departments, branches, subsidiaries and overseas operations in accordance with the annual audit plan reviewed and approved by the Board Audit Committee (BAC). The type and frequency of audits of Business units are determined by the level of risk assessed, to provide an independent and objective report. Findings of the internal audits are submitted to the BAC for review at its periodic meetings for initiating necessary action. The Inspection/Internal Audit Department conducted online audits covering all Branches in Sri Lanka and Bangladesh, Corporate Banking Unit, Digital Banking Unit, Card Center, Treasury, Finance, and Subsidiaries – CBC Finance Limited, Commercial Bank of Maldives Private Limited and CBC Myanmar Microfinance Company Limited during 2023 as well. Scope of Online, near time and real time audits was further enhanced to cover high risk transactions of the Bank. In addition, monitoring over cyber security controls and modifications to core banking systems/databases was further strengthened utilising appropriate tools/techniques and resources. Through this initiative, the controls are being tested on a near or real time basis. Further, Offsite/Online audit introduced during 2020 were continued in 2023 as well to test and verify internal controls relating to Credit area of Branches. The findings were tabled at the meetings of the BAC for review and for initiating necessary action. The “Online Auditing” initiative has further strengthened the review of the design and effectiveness of the internal control system of the Bank.
  • The BAC reviews internal control issues identified by the Internal Audit Department, co-sourced Internal Auditors, Regulatory Authorities, External Auditors and the Management, and evaluates the adequacy and effectiveness of the risk management and internal control systems. The BAC also carries out an annual evaluation to review the effectiveness of internal audit function with particular emphasis on the scope, quality, independence of internal audit and the resources. The Minutes of the BAC meetings are tabled at the meetings of the Board of Directors of the Bank on a periodic basis.
  • In assessing the internal control system over financial reporting, identified officers of the Bank continued to review and update all procedures and controls that are connected with significant accounts and disclosures of the Financial Statements of the Bank. The Internal Audit Department continued to verify the suitability of design and effectiveness of these procedures and controls on an ongoing basis. The assessment included both local and overseas subsidiaries and the Bangladesh operations of the Bank as well.

Since the adoption of the Sri Lanka Accounting Standard – SLFRS 9 on “Financial Instruments”, which became effective from January 01, 2018, the Bank introduced and implemented the processes that are required to comply with the requirements of recognition, measurement, presentation and disclosures under the above Accounting Standard. These processes were continuously strengthened based on the feedback received from the External Auditor, Internal Audit Department, regulators and the BAC. Continuous monitoring is in progress and steps are being taken to further improve the processes where required, and to enhance effectiveness and efficiency. The Bank has documented the procedures relating to these requirements and updates the procedure manuals as and when necessary and also obtained approval of the Board with the recommendation of the BAC for changes made to the documented procedures. The Bank’s Internal Audit department conducts tests on these processes and the outcome of such exercise was tabled regularly for review by the BAC during the year 2023 as well. Having recognised the need to introduce an automated platform for various computations required under SLFRSs and LKASs including loan impairments, the Bank automated impairment calculations through a renowned software solution and the Bank commenced preparing its Financial Statements based on this automated impairment solution from the second quarter of 2023. However, the Bank decided to continue with the manual calculation of impairment as a parallel exercise despite the live deployment of the software solution. This is because impairment calculations require continuous refinements given the macro-economic challenges faced by the country, the consequent impact on the Bank’s customers in most of the industries and the evolving regulatory requirements which are in addition to the requirements of the Sri Lanka Accounting Standards. In addition, the Bank also took steps to document the entire Financial Statements Closure Process in 2021 with the support of an external consultant, and the same was validated by an independent consultant. These proactive measures helped the Bank to ensure that the Bank is in compliance with the requirements of the Banking Act Direction Nos. 13 and 14 on "Classification, Recognition and Measurement of Credit Facilities and other Financial Assets in Licensed Banks” issued by the Central Bank which became effective from January 01, 2022.

The Bank in process of documenting the risks and controls underlying the automated impairment calculations referred to above.

The comments made by the External Auditor in the Management Letter in connection with the internal control system over financial reporting in previous years and the recommendations made in the Statutory Examination Reports of the CBSL were reviewed during the year and necessary steps were taken to address them with regular reports from the Management, where appropriate. The recommendations made by the External Auditor in 2023 in connection with the internal control system over financial system will be dealt within the future.

Confirmation

Based on the above processes, the Board of Directors confirms that the financial reporting system of the Bank has been designed to provide a reasonable assurance regarding the reliability of financial reporting and the preparation of Financial Statements for external purposes has been done in accordance with the Sri Lanka Accounting Standards and regulatory requirements of the Central Bank of Sri Lanka.

Review of the Statement by External Auditors

The External Auditor, Messrs Ernst & Young, has reviewed the above Directors’ Statement on Internal Control included in this Annual Report for the year ended December 31, 2023 and reported to the Board that nothing has come to their attention that causes them to believe that the statement is inconsistent with their understanding of the process adopted by the Board in the review of the design and effectiveness of the internal control system over financial reporting of the Bank. Their independent assurance report on the "Directors" Statement on Internal Control over Financial Reporting and Risk Management ‘ is given on page 226 of this Annual Report.

By Order of the Board,

Signature of Chairman

Prof A K W Jayawardane
Chairman

 

Signature of Deputy Chairman

S Muhseen
Deputy Chairman

 

Signature of Chairman - Board Audit Committee

R Senanayake
Chairman
Board Audit Committee

 

Signature of Chairperson - Board Integrated Risk Management Committee

Ms J Lee
Chairperson
Board Integrated Risk Management Committee

 

Signature of Managing Director/Chief Executive Officer

S C U Manatunge
Managing Director/Chief Executive Officer

February 21, 2024