Directors’ Statement on Internal Control over Financial Reporting

Responsibility

In line with the, Section 3 (8) (ii) (b) of the Banking Act Direction No. 12 of 2007, the Board of Directors presents this report on Internal Control over Financial Reporting.

The Board of Directors (“Board”) is responsible for the adequacy and effectiveness of the internal control mechanism in place at SANASA Development Bank PLC, (“the Bank”). In considering such adequacy and effectiveness, the Board recognises that the business of Banking requires reward to be balanced with risk on a managed basis and as such the internal control systems are primarily designed with a view to highlighting any deviations from the limits and indicators which comprise the risk appetite of the Bank. In this light, the system of internal controls can only provide reasonable, but not absolute assurance, against material misstatements of financial information and records or against financial losses or frauds.

The Board has established an ongoing process for identifying, evaluating and managing the significant risks faced by the Bank and this process includes enhancing the system of internal control over financial reporting as and when there are changes to business environment or regulatory guidelines. The process is regularly reviewed by the Board and accords with the Guidance for Directors of Banks on the Directors’ Statement on Internal Control, issued by the Institute of Chartered Accountants of Sri Lanka. The Board has assessed the internal control over financial reporting taking into account the principles for the assessment of internal control system as given in that guidance.

The Board is of the view that the System of Internal Controls over Financial Reporting in place is sound and adequate to provide reasonable assurance regarding the reliability of financial reporting, and that the preparation of Financial Statements for external purposes is in accordance with relevant accounting principles and regularity requirements.

The Management assists the Board in the implementation of the Board’s policies and procedures on risk and control by identifying and assessing the risks faced, and in the design, operation and monitoring of suitable internal controls to mitigate and control these risks.

Key features of the process adopted in applying and reviewing the design and effectiveness of the internal control system over financial reporting

The key processes that have been established in reviewing the adequacy and integrity of the system of internal controls with respect to financial reporting include the following:

  • Various appointed committees are established by the Board to assist the Board in ensuring the effectiveness of Bank’s daily operations and that the Bank’s operations are in accordance with the corporate objectives, strategies and the annual budget as well as the policies and business directions that have been approved.
  • The Internal Audit Department of the Bank checks for compliance with policies and procedures and the effectiveness of the internal control systems on an ongoing basis applying top-down Risk Base Audit Procedures (RBAP) and using adequate samples and rotational procedures and highlighting significant findings in respect of any non-compliance. Audits are carried out on all Departments/Divisions/Functions and Branches in accordance with the annual Risk Base Audit Plan approved by the Board Audit Committee (BAC), the frequency of which is determined by the level of risk assessed, to provide an independent and objective report. Findings of the Internal Audit Department highlighting the high risk findings are submitted to the BAC for review at their periodic meetings. The BAC also reviews and updates on audit activities and the scope and the adequacy of coverage of the approved audit plan and any improvements there to, and has detailed discussion on any unsatisfactory Audit Ratings/Functions, reviewing the action plans to address those areas and the implementation status.
  • The BAC of the Bank reviews internal control issues identified by the Internal Audit Department, the External Auditors, regulatory authorities and the Management , including Key Audit Matters (KAM) given by the External Auditors: and evaluates the adequacy and effectiveness of the risk management and internal control systems. The BAC also reviews the internal audit functions with particular emphasis on the scope of audits, quality and effectiveness of the same. The minutes of the BAC meetings are forwarded to the Board on a periodic basis. Further details of the activities undertaken by the BAC of the Bank are set out in the Board Audit Committee Report (BAC).
  • The Board Integrated Risk Management Committee (BIRMC) was established to assist the Board to oversee the overall risk management of the principal areas of the Bank. The Executive Integrated Risk Management Committee (EIRMC) which includes representation from all key business, operating and control units of the Bank to assist BIRMC to execute the assigned functions as per the ToR.
  • Operational committees have also been established with appropriate empowerment to ensure effective management and supervision of the Bank’s core areas of business operations. These committees include the Senior Management Committee, Assets and Liability Management Committee, Investment Committee, the Information Technology Steering Committee, Executive Integrated Risk Management Committee (EIRMC) and the Operational Risk Management Committee.
  • In assessing the internal control system over financial reporting, the process owners of the Bank collated all procedures and controls that are connected with significant accounts and disclosures of the Financial Statements of the Bank. These in turn were reviewed by the Internal Audit Department for suitability of design and effectiveness on an ongoing basis, throughout the year.
  • SLFRS 9 “(Financial Instruments)” has been taken in to consideration by the Board and it is effective from 1 January 2018 by replacing the Sri Lanka Accounting Standard – LKAS 39 “(Financial Instruments: Recognition and Measurement)”. SLFRS – 9 uses a forward looking “expected credit loss model” compared to the previously applied “incurred credit loss model” under LKAS 39. The Bank has obtained the services of an External Consultant for SLFRS 9 implementation. The models have been developed, tested and submitted for External Auditors for verification and implemented for the year ended 31 December 2018.

Despite SLFRS 9 becoming applicable from 1 January 2018 Bank continued to report its Interim Financial Statements based on LKAS 39, based on the option granted by The Institute of Chartered Accountants of Sri Lanka to prepare the Interim Financial Statements continuing the application of LKAS 39 – “Financial Instruments: Recognition and Measurement”. However, the Financial Statements for the year ended 31 December 2018 are being presented in line with SLFRS 9 “(Financial Instruments)”.

Since adoption of this standard, progressive improvement on processes to comply with new requirements of classification, estimation of expected credit losses and disclosure were made whilst, further strengthening of processes will take place pertaining to expected credit loss estimation and financial statement disclosures.

In the light of the comments made by the External Auditors in connection with Internal Control System over Financial Reporting in previous years were reviewed during the year and appropriate steps have been taken to rectify them. The recommendations made by the External Auditors during the year, in connection with the Internal Control System over Financial Reporting will be dealt with in future.

Confirmation

Based on the above processes, the Board confirms that the financial reporting system of the Bank has been designed to provide a reasonable assurance regarding the reliability of financial reporting and the preparation of Financial Statements for external purposes and has been done in accordance with Sri Lanka Accounting Standards and Regulatory Requirements of the Central Bank of Sri Lanka.

Review of the statement by external auditors

The External Auditors, Messrs Ernst & Young ,have reviewed the above Directors’ Statement on Internal Control over Financial Reporting included in the Annual Report of the Bank for the year ended 31 December 2018 and reported to the Board that nothing has come to their attention that causes them to believe that the statement is inconsistent with their understanding of the process adopted by the Board in the review of the design and effectiveness of the Internal Control over Financial Reporting of the Bank. Their Report on the Statement of Internal Control over Financial Reporting is given in Auditors’ Report of this Annual Report.

By Order of the Board,

 


Lakshman Abeysekera
Senior Director, Chairman – Board Audit Committee (BAC)

 


Chaaminda Kumarasiri
Non-Executive, Independent Director

 


Samadanie Kiriwandeniya
Chairperson

8 March 2019
Colombo, Sri Lanka

Close