Section 3(8)(ii)(b) of the Banking Act Direction No. 11 of 2007, requires the Board of Directors (‘the Board’) to report on the internal control mechanism that confirms that the financial reporting system has been designed to provide reasonable assurance regarding the reliability of financial reporting and that the preparation of financial statements for external purposes, has been done in accordance with relevant accounting principles and regulatory requirements. This report is prepared to be in line with the said regulatory requirement.
The Internal Control System is the process designed and effected by those charged with governance, management and other personnel, to provide reasonable assurance about the achievement of DFCC Bank PLC’s (‘the Bank’) objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations.
The Internal Control System of the Bank consists of the following components:
The subset of this wider internal control system is the internal controls designed and implemented to provide reasonable assurance regarding the reliability of the financial reporting and that the preparation of financial statements for external purposes, has been done in accordance with relevant accounting principles and regulatory requirements.
The Board acknowledges the responsibility for the adequacy and effectiveness of the Bank’s system of internal controls, which is designed to provide assurance on the maintenance of proper accounting records and the reliability of financial information generated and safeguarding of the assets of the Bank. However, such systems are designed to manage the Bank’s key exposures to risk within acceptable risk parameters, rather than to eliminate the risk of failure to achieve the business goals and objectives of the Bank. Therefore, the system of internal controls can only provide reasonable and not absolute assurance against errors or material misstatement of management and financial information and records or against financial losses or fraud.
The Board has set-up an ongoing process for identifying, monitoring and managing the material risks faced by the Bank. This includes establishment of a dedicated Risk Management Department that provides regular reports on various risks, subject to oversight by the Internal Audit Department through Internal Audit Reports, that enables the Audit Committee to review the adequacy and effectiveness of the system of internal controls, continuously to match the changes in the business environment or regulatory guidelines. In making this assessment, all key processes relating to material or significant transactions captured and recorded in the books of accounts are identified and covered on an ongoing basis that is compatible with the guidance for Directors of Banks on the Directors’ Statement of Internal Control, issued by The Institute of Chartered Accountants of Sri Lanka.
The key processes that have been established in reviewing the adequacy and integrity of the system of internal controls include the following:
Although this process is carried out every year on a continuous basis, the Direction on Corporate Governance issued by the Central Bank of Sri Lanka, requires the Board to provide a separate report on the Bank’s Internal Control mechanism, that confirms that the financial reporting system has been designed to provide reasonable assurance regarding the reliability of financial reporting and that the preparation of financial statements for external purposes has been done in accordance with relevant accounting principles and regulatory requirements, supplemented with independent certification by the Auditor. The Auditors provide the independent Assurance Report in accordance with Sri Lanka Standard on Assurance Engagements (SLSAE) - 3050 issued by the Institute of Chartered Accountants of Sri Lanka.
In order to facilitate the tasks of the Auditors to issue the Independent Assurance Report, the SLSAE - 3050 requires documentation of all procedures and controls that are related to significant accounts and disclosures of the financial statements of the Bank, with audit evidence of checks performed by the Bank on an ongoing basis.
The risk and significance based Internal Audit Plan, implemented by the Internal Audit Department, in consultation with the Board Audit Committee, specifically included on a sample basis, independent verification that the internal control process documented by the Bank,which is supported with audit evidence, was in fact carried out on an ongoing basis.
Consequent to full convergence of Sri Lanka Accounting Standards with International Financial Reporting Standards and International Accounting Standards that became effective from 2012, the Bank implemented a process to ensure changes arising from new accounting standards are adequately identified, recognised and disclosed in the financial statements. The process for making necessary adjustments based on Sri Lanka Accounting Standards – LKAS 39 continue to be made based on excel software application, for which the feasibility of developing or acquiring a separate system is currently being evaluated. The process followed by the Bank for quantification of adjustments is continuously reviewed and further improvements were made during the current year. The testing of such processes by the internal audit was carried out during the year. These processes will be further improved on an ongoing basis.
The Board also has taken into consideration the requirements of ‘SLFRS 9 - Financial Instruments’ accounting standard which is to be effective from 01 January 2018, as it is expected to have significant impact on the calculation of impairment on financial instruments of the Bank. The high level impact assessment of potential impact on transition to SLFRS 9 has been completed with the assistance of an external consultant. The next phase being the implementation phase, will commence from end March 2017.
The computation of impairment losses from Loans and Advances has not been automated yet. Considering the complexity and level of estimation involved in this process, the Board is evaluating the options available for automation. This evaluation process will also address the new parameter requirements, which will become applicable with the adoption of SFLRS 9.
The comments made by the External Auditors in connection with the internal control system for the financial year ended 31 December 2015, were reviewed during the year and appropriate steps have been taken to rectify them.
The recommendations made by the External Auditor in the financial year ended 31 December 2016, in connection with the internal control system, will be addressed in future.
The Directors are of the opinion that these recommendations are intended to further improve the internal control system and they do not in any way detract from the conclusion that the financial reporting system is reliable to provide reasonable assurance, that the financial statements for external use are true and fair and complies with Sri Lanka Accounting Standards and the regulatory requirements of the Central Bank of Sri Lanka.
Based on the above detailed internal control mechanism and related processes of the Bank, the Board confirms that the financial reporting system of the Bank has been designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes is in accordance with Sri Lanka Accounting Standards and regulatory requirements of the Central Bank of Sri Lanka.
The External Auditors have reviewed the above Directors’ Statement on Internal Control for the year ended 31 December 2016 and their Independent Assurance Report is under Stewardship section of this Annual Report.
By Order of the Board,
P M B Fernando
Chairman - Audit Committee
C R Jansz
Chairman - Board of Directors
A R Fernando
20 February 2017