Requirement

In line with the section 16 (1) (ix) of the Finance Business Act Direction No. 05 of 2021 – Corporate Governance, and principle D1.5 of Code of Best Practice on Corporate Governance 2017 issued by The Institute of Chartered Accountants of Sri Lanka, the Board of Directors presents this report on Internal Control mechanisms of Citizens Development Business Finance PLC (“the Company”) over Financial Reporting.

Responsibility

The Board of Directors (“Board”) is responsible for the adequacy and effectiveness of the Internal Controls in place at Citizens Development Business Finance PLC. However, such a system is designed to manage the Company’s key areas of risk within an acceptable risk profile, rather than to eliminate the risk of failure to achieve the business objectives and policies of the Company. Accordingly, the system of internal controls can only provide reasonable but not absolute assurance against material misstatement of management and financial information and records or against financial losses or fraud.

The Board has established an ongoing process for identifying, evaluating and managing the significant risks faced by the Company and this process includes enhancing the system of Internal Controls as and when there are changes to the business environment or regulatory guidelines. The process is regularly reviewed by the Board.

The Board is of the view that the system of Internal Control over Financial Reporting in place is sound and adequate to provide reasonable assurance regarding the reliability of Financial Reporting and that the preparation of Financial Statements for external purposes is in accordance with relevant accounting principles and regulatory requirements.

The Management assists the Board in the implementation of the Board’s policies and procedures on risk and control by identifying and assessing the risks faced, and in the design, operation and monitoring of suitable internal controls to mitigate and control these risks.

Key Features of the process adopted in applying and reviewing the design and effectiveness of the Internal Control System over Financial Reporting

The key processes that have been established in reviewing the adequacy and integrity of the system of internal controls with respect to financial reporting include the following;

• Establishment of Board Subcommittees to assist the Board in ensuring the effectiveness of the Company’s day to day operations and to ensure that all such operations are carried out in accordance with the corporate objectives, strategies and the annual budget as well and the policies and business directions that have been approved by the Board.
• Policies/Procedures are developed covering all functional areas of the Company and these are approved by the Board or Board –approved committees. Such policies and procedures are reviewed and approved periodically.
• Internal Audit Department of the Company checks for compliance with policies and procedures and the effectiveness of the Internal Control system on an on-going basis using samples and rotational procedures and highlights significant findings in respect of any non-compliance. The annual audit plan is reviewed and approved by the Board Audit Committee. Audits are carried out on all departments, branches including IT General Controls, IT Application Controls and Cyber Security Reviews. Further, offsite audits introduced during the financial year 2020/2021 were continued in the current financial year for selected business operations of the Company. The frequency of these audits are determined by the level of risk assessed. The findings of the audits are submitted to the Board Audit Committee for review at their periodic meetings.
• The Board Audit Committee of the Company reviews Internal Control issues identified by the Internal Audit Department, the External Auditors, Regulatory Authorities and the Management, and evaluates the adequacy and effectiveness of the risk management and internal control systems. The Board Audit Committee reviews the effectiveness of internal audit functions with particular emphasis on the scope of audits and the quality of the same. The Minutes of the Board Audit Committee meetings are forwarded to the Board on a quarterly basis. Further, details of the activities undertaken by the Board Audit Committee are set out in the Board Audit Committee Report of this Annual Report.
• The Board Integrated Risk Management Committee (BIRMC) is established to assist the Board to oversee the overall management of principal areas of risk of the Company.
• Operational Committees have also been established with appropriate empowerment to ensure effective management and supervision of the Company’s core areas of the business operations. These Committees include the Assets and Liability Management Committee, Credit Committee, Treasury Committee and Information Technology Steering Committee.

In assessing the internal controls over financial reporting, identified officers of the Company continued to review and update all procedures and controls that are connected with significant accounts and disclosures of the financial statements of the Company. The Internal Audit Department continued to verify the suitability of design and effectiveness of these procedures and controls on an ongoing basis.

The Company has early adopted SLFRS 9 – “Financial instruments” issued in 2014 with a date of initial application of 1 April 2017 and made an assessment of the objective of the business model and classification of financial assets as it best reflects the way the business is managed and information is provided to the Management.

With the introduction of “expected credit loss” under SLFRS 9, the Company developed models to calculate Expected Credit Losses (ECL). A number of key assumptions were made by the Company in applying the requirement of SLFRS 9 to the models including selection and input of forward looking information. These models are inherently complex and judgment is applied in determining the correct construction of the same. These models were developed over the past years and reviewed by the management and amendments were made to the initial assumptions where necessary to reflect the recent and updated data and such amendments made were independently reviewed by the External Auditors.

The Board Audit Committee reviewed the related Policies on principles, methodologies, and assumptions during the financial year 2022/23 with consideration of elevated risks due to implications from the economic crisis.

The Company continues to focus on strengthening the review and testing process of the models developed and the Company’s Internal Audit Department also will continue to review the same with more focus and a robust approach in the future.

The Comments made by the External Auditors in connection with internal control system over financial reporting in previous financial year were reviewed during the year and appropriate steps have been taken to implement the recommendations.

Confirmation

Backed by the Internal Audit, Information System Audit, and Risk Management Division’s continued review and verification of the suitability and effectiveness of pre – existing procedures and controls, the Board of Directors confirms that the financial reporting system of the Company has been designed to provide a reasonable assurance of the reliability of financial reporting system and that the preparation of financial statements for external purposes has been done in accordance with Sri Lanka Accounting Standards, and comply with regulatory requirements including the Companies Act No. 07 of 2007 and the Finance Business Act No. 42 of 2011.

Review of the statement by external auditors

The External Auditor, Messrs KPMG, has reviewed the above Directors’ Statement on Internal Control over Financial Reporting for the year ended 31 March 2023 and reported to the Board that nothing has come to their attention that causes them to believe that the statement is inconsistent with their understanding of the process adopted by the Board in the review of the design and effectiveness of the Internal Control System over Financial Reporting of the Company. Their independent assurance report on the “Directors’ Statement on Internal Control over Financial Reporting” is given on Auditors’ Assurance Report on the Directors’ Statement on Internal Control of this Annual Report.

Statement on prudential requirements, regulations and laws

There were no material non-compliance with prudential requirements, regulations, laws and internal controls during the financial year.

There were no supervisory concerns reported by the Director of Non-Bank Supervision of Central Bank of Sri Lanka, to be disclosed to the public on the Company’s Risk Management, Compliance with the Finance Business Act and rules and directions issued by the Central Bank of Sri Lanka.

By order of the Board