Enterprise Risk Management (“ERM”) and Internal Control Review (“ICR”)
Our team can ensure that your business is operating in line with regulatory requirements. We guide your business operations to ensure compliance with best practices, we assess corporate-level risk, identify critical risk areas and develop appropriate work plans and audit programmes to mitigate said risks.
C.2.1 The board should oversee the issuer’s risk management and internal control systems on an ongoing basis, ensure that a review of the effectiveness of the issuer’s and its subsidiaries’ risk management and internal control systems has been conducted at least annually and report to shareholders that it has done so in its Corporate Governance Report. The review should cover all material controls, including financial, operational and compliance controls.
C.2.4 Issuers should disclose, in the Corporate Governance Report, a narrative statement on how they have complied with the risk management and internal control code provisions during the reporting period. In particular, they should disclose:
- (a) the process used to identify, evaluate and manage significant risks;
- (b) the main features of the risk management and internal control systems;
- (c) an acknowledgement by the board that it is responsible for the risk management and internal control systems and reviewing their effectiveness. It should also explain that such systems are designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss;
- (d) the process used to review the effectiveness of the risk management and internal control systems and to resolve material internal control defects; and
- (e) the procedures and internal controls for the handling and dissemination of inside information.
C.2.5 The issuer should have an internal audit function. Issuers without an internal audit function should review the need for one on an annual basis and should disclose the reasons for the absence of such a function in the Corporate Governance Report.
An internal control system provides numerous advantages for organisations, and collectively these organisations can enhance shareholder value. The advantages include:
- Make smarter managerial decisions based on accurate and reliable financial and management information
- Help conceive new solutions that aid in the planning of the internal audit (“IA”) function to the business strategy in a rapidly changing risk landscape
- Practical risk management and collaboration tools enhancing the risk identification and information collection processes
- Protect the interests of the Company’s shareholders and make their investments more secure
How we add value for you
- Fulfilling regulatory requirements under the Listing Rules
- Designing frameworks and processes that enhance controls over key risks across different businesses and locations, helping organisations conduct their business operations more efficiently
- Sharing industry best practices and providing practical guidance suited to individual companies
- Outsourcing the internal audit process instead of setting up internal audit functions / department within companies which can be less cost-effective
Our service commitment gives you assurance in continuity of thought and delivery which, together with a focus on flexibility, allows you to retain your existing internal audit methodology on the one hand and strengthen your company’s internal control system on the other. We can also set up a customised internal control system where none previously existed, as well as totally upgrade and transform your existing system.
Our service areas cover:
- IPO internal control review
- Post-listing (Annual) internal control review
- Enterprise risk management review
- Regulatory compliance review
- Corporate governance review
Workflow
Internal Control Review (ICR)
Enterprise Risk Management (ERM) Process
The Committee of Sponsoring Organisation of the Treadway Commission (“COSO”) – an organisation providing thought leadership and guidance on Internal control, enterprise risk management, and fraud deterrence, issued its updated Internal Control – Integrated Framework (“The COSO 2013 Framework”) and related illustrative documents.
The COSO 2013 Framework is expected to help organisations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control and risk management.
