System of Internal Controls
The Board of Directors is responsible for the adequacy and effectiveness of the system of internal controls in the Group. Policies and procedures have been designed and implemented for safeguarding assets against unauthorised use, for maintaining proper accounting records and for the sound and effective operation of Information Technology systems, amongst others. Such policies and procedures have been designed in accordance with the scale and complexity of the Group’s operations and are aimed at identifying, assessing, mitigating and monitoring risks faced across the Group.
The Board of Directors, through the Group Audit and Risk Committees, conducts an annual review of the effectiveness of the system of risk management and internal controls covering all material controls, including financial, operational and compliance controls and risk management systems. During the year, the Group Audit and Risk Committees keep under review the effectiveness of this system of internal controls and report regularly to the Board of Directors. In carrying out their reviews, the Group Audit and Risk Committees receive regular business and operational risk assessments, regular reports from the Group Director Internal Audit and Group Chief Risk Officer, internal and external audit reports, as well as regulatory reports. Additionally, the Board of Directors receives a confirmation on an annual basis by the Group Chief Executive Officer as to the effectiveness of compliance, risk management and information security system of internal controls.
The Board of Directors, through the Group Audit and Risk Committees, receive confirmation that Executive management is taking the necessary actions to remedy all weaknesses identified through the operation of our framework of internal controls.