Statement on Internal Financial Control
Responsibility for System of Internal Financial Control
The Board of Directors acknowledges its responsibility for maintaining an appropriate system of internal financial control. The system is intended to provide reasonable but not absolute assurance that assets are safeguarded, transactions authorised and properly recorded, and that material errors or irregularities are either prevented or would be detected in a timely period.
Key control procedures
The Board of Directors has taken steps to ensure an appropriate control environment by:
- clearly defining management responsibilities;
- establishing formal procedures for reporting significant control failures and ensuring appropriate corrective action;
- establishing an Audit and Risk Committee to advise the Board of Directors on discharging its responsibilities for the internal financial control system.
The SBCI has established processes to identify and evaluate business risks by:
- identifying the nature, extent and financial implication of risks facing the organisation;
- assessing the likelihood of identified risks occurring;
- assessing the organisation’s ability to manage and mitigate the risks that do occur.
The system of internal financial control is based on a framework of regular management information, administrative procedures including segregation of duties, and a system of delegation and accountability. In particular it includes:
- a comprehensive budgeting system with an annual budget which is reviewed and agreed by the Board of Directors;
- regular reviews of periodic financial reports which indicate financial performance against forecasts;
- setting targets to measure financial and other performance;
- formal project management disciplines;
- adoption of the Reporting of ‘Relevant Wrongdoing’ and Protected Disclosures Policy and adherence to the NTMA Anti-Fraud Policy (and subsequent adoption of the SBCI Anti-Fraud Policy n February 2016);
- regular reporting on performance of on-lenders.
The Board of Directors has adopted the Code of Practice for the Governance of State Bodies, as adapted in certain circumstances.
Audit and Risk Committee
The SBCI has an Audit and Risk Committee which operates in accordance with the principles in the Code of Practice for the Governance of State Bodies. Its responsibilities include the overseeing of the financial reporting process, reviewing the system of internal control and reviewing the internal and external audit processes.
The internal audit activities of the SBCI, which are performed by the NTMA internal audit function, are overseen by the Audit and Risk Committee. The work of the internal audit function is informed by an analysis of the risks to which the SBCI is exposed, and an annual internal audit plan is prepared based on this analysis. The internal audit plan for 2015 was agreed with the management of the SBCI and approved by the Audit and Risk Committee at its first meeting in July 2015. On a regular basis, the internal audit function provides the management of the SBCI and the Audit and Risk Committee with reports of internal audit activity. These reports outline any findings and recommendations in relation to internal controls that have been reviewed. Progress against recommendations is monitored and reported to the Audit and Risk Committee.
NTMA
The SBCI depends to a significant degree on the controls operated by the NTMA which provides certain finance, human resources, legal, internal audit, risk and compliance services to the SBCI, as provided for under section 10 of the SBCI Act 2014, and as agreed in the Service Level Agreement between the NTMA and the SBCI. The NTMA has a well-developed system of internal control and any shared services provided to the SBCI are provided within this existing control framework. The SBCI has received assurance from the NTMA that it has reviewed its systems of internal financial control in relation to services provided to the SBCI.
Risk management
The Audit and Risk Committee is responsible for overseeing the implementation of the Board of Directors approved Risk Management Framework and Risk Appetite Statement. A Risk Register is maintained which identifies and categorises risks which may prevent the SBCI from achieving its objectives, and assesses the impact and likelihood of various risk events. On the basis of risks identified, controls are implemented to manage and mitigate these risks. The risk register is reviewed by the Audit and Risk Committee on a quarterly basis. The management team is required to attest on a quarterly basis that the controls noted in the Risk Register are in place and effective.
Monitoring
The monitoring and review of the effectiveness of the system of internal financial control is informed by the management within the SBCI who have responsibility for the development and maintenance of the financial control framework, the findings from the work of the internal audit function and comments made by the Comptroller and Auditor General in his management letter or other reports.
The Board of Directors monitor the system of internal financial control through the Audit and Risk Committee. The Audit and Risk Committee carries out its functions in accordance with the Audit and Risk Committee’s Terms of Reference.
Annual review of controls
We confirm that, in respect of the period from incorporation to 31 December 2015, the Board of Directors, having taken advice from the Audit and Risk Committee, conducted a review of the effectiveness of the system of internal financial control.
Conor O'Kelly
Chairperson
Strategic Banking Corporation of Ireland
Tom McAleese
Chairperson, Audit and Risk Committee
Strategic Banking Corporation of Ireland
19 May 2016