The Board requires and discloses in the company’s annual report that it has received assurance from:
This Provision covers the assurances that the Board receives from the CEO and other KMP on financial matters, and risk management and internal control systems.
The context for these assurances lies in the responsibilities and disclosures required of the Board as set out in the following regulations:
- Section 199(1) and (2A) of the Companies Act
Every public company and every subsidiary company of a public company must devise and maintain a system of internal accounting controls that are sufficient to provide a reasonable assurance that:
- Assets are safeguarded against loss from unauthorised use or disposition; and
- Transactions are properly authorised, they are recorded in a way that permits the preparation of true and fair financial statements and ensure the accountability of assets.
- MR 719(1)/CR 719(1)
The company should have adequate and effective systems of internal controls (including financial, operational, compliance and information technology controls) and risk management systems. The AC may commission an independent audit on internal controls and risk management systems for its assurance, or where it is not satisfied with the systems of internal controls and risk management.
- MR 610(5)/CR 407(4)(b) and 1207(10)/CR1204(10)
The Board must comment on the adequacy and effectiveness of the company’s internal controls (including financial, operational, compliance and information technology controls) and risk management systems. A statement on whether the AC concurs with the Board’s comment must also be provided. Where material weaknesses are identified by the Board of AC, they must be disclosed together with the steps taken to address them.
In fulfilling these responsibilities, the Board and the AC need to rely on management, which is responsible for the supervision and performance of the work.
As such, the Provision calls for the Board to require and disclose that it has obtained the necessary assurances from management as follows:
- From the CEO and CFO: that the financial records and statements are properly maintained and give a true and fair view of the company's operations and finances.
- From the CEO and other such KMP responsible: that the company's risk management and internal control systems are adequate and effective.
Practice Guidance 9 suggests that the Board’s commentary in the Annual Report should include:
- Information needed by stakeholders to make an informed assessment about the company’s risk management and internal control systems.
- A description of the principal risks facing the company and how these are being managed or mitigated.
- The company’s approach to identify, measure and monitor its key and emerging risks.
- How the Board has assessed the prospects of the company, over what period and why that period.
B. Practice Guidance
C. Related Rules and Regulations
- Section 199(1) of the Companies Act: Accounting Records and Systems of Control.
- Section 199(2A) of the Companies Act: Accounting Records and Systems of Control.
- MR 610(10) and CR 407(4)(b): Internal Controls.
- MR 719(1) and CR 719(1): Internal Controls.
- MR 1207(10) and CR 1204(10): Annual Reports.
- MR Practice Note 12.2 and CR Practice Note 12B: Internal Controls and Risk Management Systems.
D. CG Guides
- Board Guide 4.5: Risk Management [Board Duties].
- BRC Guide 5.4: First Line (Operational Management) [Sources of BRC Assurance].
- BRC Guide 5.10: Adequacy and Effectiveness Disclosures [Sources of BRC Assurance].
- BRC Guide Appendix 5F: Sample CEO and CFO Certification [Sources of BRC Assurance].
- BRC Guide Appendix 5I: Summary of SGX Practice Note 12.2 (Mainboard Rules) and 12B (Catalist Rules) [Sources of BRC Assurance].
- BRC Guide Appendix 5J: Sample Disclosure on Risk Management and Internal Controls [Sources of BRC Assurance].
E. Related Articles
- “Where in the world is Internal Audit in the revised Code?” by Irving Low. (145KB)
- “Disclose, or what and how to disclose - That is the question” by Irving Low. (118KB)
- “Risk management: Where lies the board?” by Jerry Koh and Daniel Seow. (82KB)
- “How to deal with Rule 719(1) and 1207(10) of the SGX listing manual” by Mike Gray. (124KB)
- “Taking the right risks - risk governance defined” by Ng Siew Quan and Alvin Chiang. (194KB)
- “Risk governance: Getting it right” by Irving Low. (292KB)