Ceylinco Annual Report 2024

The Board of Directors of Ceylinco Life Insurance Limited (the Company) wishes to present this Report on Risk Management and Internal Control mechanisms, in line with section D.1.5 of the Code of Best Practice on Corporate Governance 2023 (Code) issued by CA Sri Lanka.

RESPONSIBILITY

The Board is responsible for the adequacy and effectiveness of the system of risk management and internal controls in place in order to safeguard shareholders’ investment and the Company’s assets. This system is designed to manage the Company’s key areas of risk within an acceptable risk profile, rather than eliminating the risk of failure to achieve the business objectives and policies of the Company. Accordingly, a reasonable but not absolute assurance can be provided, against material misstatement of management and financial information and against financial losses and fraud.

The Company has established key processes that aid in ensuring the integrity and efficacy of the system of internal controls that has been adopted with respect to financial reporting. Similar processes have been adopted to help with management of key risks within the risk appetite of the Company. These processes are regularly reviewed by Committees which assist the Board in matters relating to the Company’s operations and any risks associated with them and ensure that approved corporate objectives, strategies and policies are adhered to while ensuring effective management of risks that may hinder the achievement of such objectives and strategies. The Board is of the view that the system of internal controls in place over financial reporting is sound and adequate to provide reasonable assurance regarding the reliability of financial reporting and that the preparation of Financial Statements for external purposes is in accordance with relevant accounting principles and regulatory requirements. Additionally, the Board is also satisfied with the overall risk management framework adopted by the Company.

KEY INTERNAL CONTROL PROCESSES

Board Risk Management Committee (BRMC)

The Board Risk Management Committee is responsible for assisting the Board in all matters relating to the overall management of principal areas of risk to the Company. The BRMC implements the Risk Management Framework via Executive Risk Committee. Quarterly meetings are held during which key risk areas are discussed and required action initiated. All areas that come under discussion are escalated to Board level. A detailed account of the activities carried out by the Board and Executive Risk Committees are available in the "Enterprise Risk Management" section from pages 76 to 89 of this report.

Internal Audit & Information Systems Audit Departments

The Internal Audit Department and Information System Audit Department are responsible for reviewing the design and effectiveness of the internal control systems, management information systems, as well as the systems for compliance with applicable laws, regulations, rules and directives.

Audits are carried out at all the branches and departments. The frequency of these audits is determined using a risk-based methodology which factors in the input of Senior Management. An independent and objective report is mandatory. Some reviews are outsourced to external parties with specialist knowledge in the relevant area. These external audits are carried out depending on the nature and complexity of the area requiring review. The annual audit plan is drawn up by the Internal Audit Department and Information System Audit Department and is reviewed and approved by the Audit Committee.

In relation to risk management, the Internal Audit and IS Audit functions serve as the third line of defence to ensure that key risks have been addressed effectively in the enterprise risk management framework.

Audit Committee

The Audit Committee conducts quarterly reviews to address significant findings with respect to non-compliances or ineffectiveness through the Internal Audit Department and Information Systems Audit Department. The Audit Committee is also responsible for taking action to deal with significant issues and control weaknesses highlighted by the External Auditors. The Audit Committee reviews the quality assurance and improvement in programmes of the Internal Audit and IS Audit Departments and the performance of External Auditors, in order to evaluate the adequacy and effectiveness of the Company’s risk management and internal control system.

The comments made by the External Auditor in connection with the internal control system over financial reporting in previous years were reviewed during the year and necessary steps were taken to address them where appropriate. The minutes of the Audit Committee meetings and recommendations regarding the requirements for improvements, are tabled for the information of the Board on a periodic basis. Further details of the activities undertaken by the Audit Committee of the Company are available in the Report of the Board Audit Committee on pages 254 to 255.

CONFIRMATION

Backed by the continued review and verification of the suitability and effectiveness of the existing procedures and controls by the Internal Audit and IS Audit functions and the Board Audit Committee, the Board of Directors confirms that the financial reporting system of the Company has been designed to provide a reasonable assurance regarding the reliability of financial reporting and that the preparation of Financial Statements for various stakeholders has been done in accordance with Sri Lanka Accounting Standards and comply with regulatory requirements including the Companies Act No. 07 of 2007 and the Insurance Industry Act No. 43 of 2000 (as amended). The Board of Directors, based on the oversight by the Board Risk Management Committee, also confirms that the Company has a Enterprise Risk Management Framework to identify, assess and manage key risks of the Company on a timely basis.

By Order of the Board,