The Board should, at least annually, review the adequacy and effectiveness of the company's risk management and internal control systems, including financial, operational, compliance and information technology controls. Such review can be carried out internally or with the assistance of any competent third parties.
 
A. Explanation

This Guideline describes the requirement for an annual review of the risk management and internal control systems.

In carrying out its role of governing risk, the Board ensures that management has a sound system of risk management and internal controls. To that end, the Guideline calls for the Board to conduct an assessment of these systems, at least annually, and paying special attention to their:

  • Adequacy”, meaning the systems of risk management and internal controls are well-designed to achieve the risk objectives.
  • Effectiveness”, meaning the systems of risk management and internal controls are operating as they are designed.

Regular assessment allows the Board to identify areas for improvement. It also serves as a basis for the Board to opine – in the company's annual report as required by SGX MR 1207(10) and Guideline 11.3 of the  Code – on the adequacy and effectiveness of the internal controls, including financial, operational, compliance and information technology controls, and risk management systems.

The SGX-ST Listing Manual specifically requires that three risk categories of internal controls be considered: financial, operational and compliance risks. This Guideline recommends the additional consideration of information technology (IT) controls.

Many companies consider IT risks to be part of operational risks. However, with the increasing dependence on, and importance of, IT in many companies, the Code has emphasised IT as a key area of focus.

Of course, risk categories vary from company to company. What is important is that the company has a clear and common understanding of the relevant categories and risk types.

The Guideline further recognises that the assessment of risk management and internal controls may be conducted internally or, if reviewing more complex situations, the Board may engage the help of external professionals.

 

B. SGX Disclosure Guide
  • Nil.

 

C. Related Rules and Regulations
  • SGX MR 719(1) and CR 719(1): Internal Controls.
  • SGX MR 1207(10) and CR 1204(10): Annual Reports.

 

D. CG Guides
  • Board Guide 4.5: Risk Management [Board Duties].
  • BRC Guide 3.5: Risk Categories [Risk Universe].
  • BRC Guide 3.6: Strategic Risks [Risk Universe].
  • BRC Guide 3.7: Financial Risks [Risk Universe].
  • BRC Guide 3.8: Operational Risks [Risk Universe].
  • BRC Guide 3.9: Information Technology Risks [Risk Universe].
  • BRC Guide 3.10: Compliance Risks [Risk Universe].
  • BRC Guide 5.2: Adequacy and Effectiveness Review [Sources of BRC Assurance].
  • BRC Guide 5.10: Adequacy and Effectiveness Disclosures [Sources of BRC Assurance].
  • BRC Guide Appendix 5C: Key Attributes of a Sound Risk Management and Internal Control Systems [Sources of BRC Assurance].
  • BRC Guide Appendix 5D: Sample Questions for the Review of Risk Management and Internal Control Systems [Sources of BRC Assurance].

 

E. Related Articles

 

eGuide to CG Code
Overview
Board Matters
Principle 1
Guideline 1.1
Guideline 1.2
Guideline 1.3
Guideline 1.4
Guideline 1.5
Guideline 1.6
Guideline 1.7
Principle 2
Guideline 2.1
Guideline 2.2
Guideline 2.3
Guideline 2.4
Guideline 2.5
Guideline 2.6
Guideline 2.7
Guideline 2.8
Principle 3
Guideline 3.1
Guideline 3.2
Guideline 3.3
Guideline 3.4
Principle 4
Guideline 4.1
Guideline 4.2
Guideline 4.3
Guideline 4.4
Guideline 4.5
Guideline 4.6
Guideline 4.7
Principle 5
Guideline 5.1
Guideline 5.2
Guideline 5.3
Principle 6
Guideline 6.1
Guideline 6.2
Guideline 6.3
Guideline 6.4
Guideline 6.5
Remuneration Matters
Principle 7
Guideline 7.1
Guideline 7.2
Guideline 7.3
Guideline 7.4
Principle 8
Guideline 8.1
Guideline 8.2
Guideline 8.3
Guideline 8.4
Principle 9
Guideline 9.1
Guideline 9.2
Guideline 9.3
Guideline 9.4
Guideline 9.5
Guideline 9.6
Accountability and Audit
Principle 10
Guideline 10.1
Guideline 10.2
Guideline 10.3
Principle 11
Guideline 11.1
Guideline 11.2
Guideline 11.3
Guideline 11.4
Principle 12
Guideline 12.1
Guideline 12.2
Guideline 12.3
Guideline 12.4
Guideline 12.5
Guideline 12.6
Guideline 12.7
Guideline 12.8
Guideline 12.9
Principle 13
Guideline 13.1
Guideline 13.2
Guideline 13.3
Guideline 13.4
Guideline 13.5
Shareholder Rights and Responsibilities
Principle 14
Guideline 14.1
Guideline 14.2
Guideline 14.3
Principle 15
Guideline 15.1
Guideline 15.2
Guideline 15.3
Guideline 15.4
Guideline 15.5
Principle 16
Guideline 16.1
Guideline 16.2
Guideline 16.3
Guideline 16.4
Guideline 16.5
eGuide Glossary
Disclosure of CG arrangements
The Role of Shareholders

Copyright © 1998 - 2017 Singapore Institute of Directors. All rights reserved.