The Board should comment on the adequacy and effectiveness of the internal controls, including financial, operational, compliance and information technology controls, and risk management systems, in the company's Annual Report. The Board's commentary should include information needed by stakeholders to make an informed assessment of the company's internal control and risk management systems.

The Board should also comment in the company's Annual Report on whether it has received assurance from the CEO and the CFO:

  1. That the financial records have been properly maintained and the financial statements give a true and fair view of the company's operations and finances; and
  2. Regarding the effectiveness of the company's risk management and internal control systems.
 
A. Explanation

This Guideline requires the Board to comment on the adequacy and effectiveness of the internal controls and whether it has received the appropriate assurance from the CEO and the CFO.

This Guideline is an extension of Guideline 11.2 in that the Board conducts, at least annually, a review and assessment of the risk management and internal control systems with regard to their:  

  • “Adequacy”, meaning the systems of risk management and internal controls are well-designed to achieve the risk objectives.
  • “Effectiveness”, meaning the systems of risk management and internal controls are operating as they are intended.

This Guideline requires the Board to comment, in the company’s annual report, on the adequacy and effectiveness of internal controls including financial, operational, compliance and information technology controls. The commentary should be sufficiently detailed to enable shareholders to make an informed decision about the quality of the company’s internal control and risk management systems.

As the Board relies on management to ensure that the systems are operating as intended, the Guideline further requires the Board to obtain and disclose whether it has obtained assurances from the CEO and CFO on two matters:

  • That financial records have been properly maintained and the financial statements give a true and fair view of the company's operations and finances.
  • That the company's risk management and internal control systems are functioning as intended.

In making such disclosures, the Board should also understand the requirements of related regulations:

  • Section 199(1) and (2A) of the Companies Act
    This requires every public company and every subsidiary company of a public company to devise and maintain a system of internal accounting controls that are sufficient to provide a reasonable assurance that:
    • Assets are safeguarded against loss from unauthorised use or disposition; and
    • Transactions are properly authorised, that they are recorded in a way that permits the preparation of true and fair financial statements, and they maintain accountability of assets.
  • Guideline 11.2 of the Code
    This Guideline requires the Board to review the adequacy and effectiveness of risk management and internal control systems.
  • SGX-ST Listing Rule 719(1)
    This requires listed issuers to have a robust and effective system of internal controls, addressing financial, operational and compliance risks.
  • SGX-ST Listing Rule 1207(10)
    This requires the Board to provide an opinion, with the concurrence of the Audit Committee, about the adequacy of the internal controls, addressing financial, operational and compliance risks.

In providing the opinion under SGX MR 1207(10), the Board and the AC are required to demonstrate that they have rigorously assessed [and validated] the internal controls in relation to the three areas of risk, namely financial, operational and compliance.

Note that there is a difference in terminology between the SGX-ST Listing Rules and the Code in providing the disclosures. This Guideline of the Code requires the Board to comment on both the adequacy and effectiveness of the internal controls and risk management systems, whereas SGX MR 1207(10) requires the Board to provide an opinion on the adequacy of internal controls.

 

B. SGX Disclosure Guide
  1. In relation to the major risks faced by the Company, including financial, operational, compliance, information technology and sustainability, please state the bases for the Board’s view on the adequacy and effectiveness of the Company’s internal controls and risk management systems.

  2. In respect of the past 12 months, has the Board received assurance from the CEO and the CFO as well as the internal auditor that:

i. The financial records have been properly maintained and the financial statements give true and fair view of the Company's operations and finances; and

ii. The Company's risk management and internal control systems are effective?

If not, how does the Board assure itself of points (i) and (ii) above?

 

C. Related Rules and Regulations
  • Section 199(1) of the Companies Act: Accounting Records and Systems of Control.
  • Section 199(2A) of the Companies Act: Accounting Records and Systems of Control.
  • SGX MR 719(1) and CR 719(1): Internal Controls.
  • SGX MR 1207(10) and CR 1204(10): Annual Reports.
  • SGX MR Practice Note 12.2 and CR Practice Note 12B: Adequacy of Internal Controls.

 

D. CG Guides
  • Board Guide 4.5: Risk Management [Board Duties].
  • BRC Guide 5.4: First Line (Operational Management) [Sources of BRC Assurance].
  • BRC Guide 5.10: Adequacy and Effectiveness Disclosures [Sources of BRC Assurance].
  • BRC Guide Appendix 5F: Sample CEO and CFO Certification [Sources of BRC Assurance].
  • BRC Guide Appendix 5I: Summary of SGX Practice Note 12.2 (Mainboard Rules) and 12B (Catalist Rules) [Sources of BRC Assurance].
  • BRC Guide Appendix 5J: Sample Disclosure on Risk Management and Internal Controls [Sources of BRC Assurance].

 

E. Related Articles

 

eGuide to CG Code
Overview
Board Matters
Principle 1
Guideline 1.1
Guideline 1.2
Guideline 1.3
Guideline 1.4
Guideline 1.5
Guideline 1.6
Guideline 1.7
Principle 2
Guideline 2.1
Guideline 2.2
Guideline 2.3
Guideline 2.4
Guideline 2.5
Guideline 2.6
Guideline 2.7
Guideline 2.8
Principle 3
Guideline 3.1
Guideline 3.2
Guideline 3.3
Guideline 3.4
Principle 4
Guideline 4.1
Guideline 4.2
Guideline 4.3
Guideline 4.4
Guideline 4.5
Guideline 4.6
Guideline 4.7
Principle 5
Guideline 5.1
Guideline 5.2
Guideline 5.3
Principle 6
Guideline 6.1
Guideline 6.2
Guideline 6.3
Guideline 6.4
Guideline 6.5
Remuneration Matters
Principle 7
Guideline 7.1
Guideline 7.2
Guideline 7.3
Guideline 7.4
Principle 8
Guideline 8.1
Guideline 8.2
Guideline 8.3
Guideline 8.4
Principle 9
Guideline 9.1
Guideline 9.2
Guideline 9.3
Guideline 9.4
Guideline 9.5
Guideline 9.6
Accountability and Audit
Principle 10
Guideline 10.1
Guideline 10.2
Guideline 10.3
Principle 11
Guideline 11.1
Guideline 11.2
Guideline 11.3
Guideline 11.4
Principle 12
Guideline 12.1
Guideline 12.2
Guideline 12.3
Guideline 12.4
Guideline 12.5
Guideline 12.6
Guideline 12.7
Guideline 12.8
Guideline 12.9
Principle 13
Guideline 13.1
Guideline 13.2
Guideline 13.3
Guideline 13.4
Guideline 13.5
Shareholder Rights and Responsibilities
Principle 14
Guideline 14.1
Guideline 14.2
Guideline 14.3
Principle 15
Guideline 15.1
Guideline 15.2
Guideline 15.3
Guideline 15.4
Guideline 15.5
Principle 16
Guideline 16.1
Guideline 16.2
Guideline 16.3
Guideline 16.4
Guideline 16.5
eGuide Glossary
Disclosure of CG arrangements
The Role of Shareholders

Copyright © 1998 - 2017 Singapore Institute of Directors. All rights reserved.