Accountability and Audit
Pursuant to the Companies Act, 1965, the Financial Services Act, 2013 and the Islamic Financial Services Act, 2013, Financial Statements for each financial year are prepared in accordance with the Malaysian Accounting Standards Board’s (MASB) Approved Accounting Standards and the BNM Guidelines. The Financial Statements are prepared on a going concern basis and give a true and fair view of the state of affairs of CIMB Group as at 31 December 2013.
Appropriate accounting policies have been applied consistently in preparing the Financial Statements, supported by reasonable and prudent judgement and estimates. The Directors have overall responsibilities for taking such steps as are reasonably open to them to safeguard the assets of CIMB Group and have ensured that CIMB Group’s financial reporting presents a balanced and comprehensive assessment of its financial position and prospects.
The Audit Committee assists the Board in overseeing the financial reporting, internal control, risk management and governance processes. The Audit Committee reviews the quarterly, semi-annual and year-end financial results, audit plan, audit report, functions of GIAD, status of major credit facilities granted, related party transactions, conflict of interest situations and independence of external auditors. Within three months of the close of the financial year, the Audit Committee submits a written confirmation to BNM that CIMB Group has complied with BNM’s requirements on financial reporting.
Based on the Audit Committee’s recommendation and confirmation, the Board is satisfied that it has met its obligation to present a balanced and understandable assessment of CIMB Group’s position and prospects in preparing the Financial Statements, reflected in the Directors’ Report.
Related Party Transactions
All related party transactions (RPTs), including transactions with Directors and employees, are conducted at arm’s length basis and in accordance with CIMB’s Policy and Procedures on RPTs. This policy ensures that RPTs are undertaken in the best interest of CIMB Group and the Shareholders, and determines the mechanism to monitor and report on such transactions. The Group Company Secretary together with Group Strategy and Corporate Finance assist Management in ensuring RPTs are conducted in line with the Policy and the relevant laws and requirements, before it is submitted to the Audit Committee for review and deliberation, prior to obtaining Board approval.
The Board is responsible for establishing a sound system of internal control and in determining CIMB Group’s level of risk tolerance as well as to continuously identify, assess and monitor key business risks to safeguard shareholders’ investments and CIMB Group’s assets. These functions are carried out by the Audit Committee and Board Risk Committee who are responsible for risk management functions, financial reporting, disclosures, regulatory compliance and internal control processes. To achieve this, the Board ensures that the business processes, risk management, policies and procedures, control mechanism are adequate and appropriate through periodic testing and assessment of the adequacy and effectiveness of the system of internal control.
The size, geographical presence and complexity of the business of CIMB Group as well as the dynamic operating environment require the Board to constantly review and monitor the effectiveness of its system of internal control. Regular self-testing and high level risk assessment are conducted followed by review and update on a real-time basis. CIMB Group had during the year under review, invested considerable time in areas of financial reporting systems and business processes including data integrity.
Based on the review undertaken throughout the year, the Board concluded that CIMB Group’s system of internal control is adequate in meeting its changing needs and regulatory requirements.
A well-disciplined and professional workforce is the cornerstone of the success of CIMB Group. All employees of CIMB Group are expected to be vigilant about any wrongdoings, malpractices or irregularities at the workplace and report such instances promptly through designated channels for immediate rectification or for other necessary measures in minimising potential financial or reputational loss.
The whistle-blowing policy provides employee of CIMB Group with accessible avenue to report on suspected fraud, corruption, dishonest practices or other similar matters. It aims to encourage the reporting of such matters in good faith, with the confidence that employees making such reports will, to the extent possible, be protected from reprisal.
Reporting may be made by telephone call or e-mail to the Group Chief Internal Auditor or in the event that it is associated with the Group Chief Internal Auditor, to the Group Managing Director/Chief Executive Officer.
Relationship with Internal and External Auditors
The Group Internal Audit Division (GIAD) performs the internal audit function and conducts regular audits on the risk management, internal control and governance processes implemented by Management and reports significant findings to the Audit Committee with recommended corrective actions. Management is responsible to ensure that corrective actions on reported weaknesses are executed within an appropriate time frame.
GIAD also assists the Board in overseeing that Management has in place a sound risk management, internal control and governance system. The internal audit function is reviewed periodically by the Audit Committee to ensure its adequacy and competency in performing its role.
GIAD works closely with CIMB Group’s External Auditors on audit and internal control issues. The External Auditors review the effectiveness of CIMB Group’s internal controls and risk management during the audit exercise. Any material non-compliance with procedures and regulations noted during the audit, as well as any internal control weaknesses, are reported together with the recommendations by the External Auditors to the Audit Committee and Management for Management’s consideration and action. The Audit Committee ensures that high risk audit issues are given top priority for Management’s action.
The Board and the Audit Committee maintain a formal and appropriate relationship with the External Auditors. For the period under review, the Audit Committee had two meetings with the External Auditors without the presence of Management. This has encouraged a greater exchange of independent, open view and opinions/dialogue between both parties. Apart from that, the External Auditors are also invited to attend CIMB Group’s meetings such as Audit Committee meetings (where appropriate) and Annual General Meetings. The Audit Committee reviews the independence of External Auditors annually and ensures that provision of other non-audit services by the External Auditors is not in conflict with their audit function. The Audit Committee also ensures that there is a rotation of the Engagement Partner and the Concurring Partner of the External Auditors at least once every five years.
CIMB Group has established a framework for the appointment/re-appointment of External Auditors, which is in line with BNM/RH/GL 001-1 and Guidelines for the Appointment/ Reappointment of External Auditors by Banking Institutions, which require the Audit Committee to assess the independence, objectivity and performance of External Auditors. The assessment also facilitates BNM in processing CIMB Group’s application for appointment/ re-appointment of External Auditors.
The framework contains detailed procedures to assess the independence and service level of the External Auditors, which amongst others, include reviewing the External Auditors’ performance and quality of work, timeliness of service deliverables, non-audit services provided and the Engagement Partner’s and the Concurring Partner’s rotation. The External Auditors’ service level is rated based on respondent’s satisfaction with their service as CIMB Group’s External Auditor. An Assessment Questionnaire is issued to selected personnel across the Group who have a working relationship with the External Auditors, who are then requested to review the service level of the External Auditors and confirm that the External Auditors have a reasonable understanding of CIMB Group’s business and are able to support CIMB Group from an accounting standpoint.