Internal controls and risk management, and other key pillars of good corporate governance

Article written by me.

CORPORATE debacles invariably result from major lapses in internal controls and/or systemic failures in the group’s risks management.

Practice Guidance 9 of the Code of Corporate Governance (PGCG) entasks the Board of an issuer with the over-sight responsibility for the group’s risk management framework and polices, and to ensure that the group has a sound and effective system of internal controls (which include financial, operational, compliance and information technology controls), and a robust risks management system (the “company’s internal controls and risks management”).

While a company may have an impressive tome of internal control policies and risks management measures, the cardinal factors that distinguish the gold from the dross lies in firstly, the substantive implementation of the policies and measures, and secondly, periodic reviews thereof to ensure their continual effectiveness by a board committee, such as the Audit Committee or a separate Board Risk Committee.

In this respect, the PGCG, the main board practice note 12.2 and Catalist practice note 12B (collectively, the “internal controls and risk management rules”) hard-wire the regulatory requirement that the board and the audit committee are required to periodically assess the effectiveness of the company’s internal controls and risks management and to make full disclosures in the annual report in the event there are issues or concerns of material weaknesses in relation thereto, including the proposed steps to address the areas of concerns to enable investors to make an informed decision on the company.

The company’s internal controls and risks management must withstand the scrutiny of public transparency and adhere to the high standards of legal accountability to investors. Any intentionally or recklessly false or misleading statement in the annual report on the company’s internal controls and risks management may contravene section 199 of the Securities and Futures Act (SFA), and, possibly a breach of the continuous disclosure responsibility provisions under section 203 of the SFA. This could result in a fine of S$250,000 or to imprisonment for a term not exceeding 7 years, or to both.

The authorities have in recent years stepped up enforcement actions against directors, including independent and non-executive directors (non-management directors) for serious criminal breach by companies. Non-management directors should not be lackadaisical in the discharge of their fiduciary responsibilities and statutory duties.

Robson Lee

Leave a Reply Cancel reply