80 C I M F I N A N C I A L S E R V I C E S L T D C O R P O R A T E G O V E R N A N C E CORPORATE GOVERNANCE REPORT (continued) In terms of structure, the Internal Audit function was segregated into two units, namely Risk-Based and IT units. The Risk-Based unit performed assurance engagements in line with the definition of the IIA, as well as Investigations, and Independent reviews. The IT unit, for its part, performed engagements where a high reliance on Information System and Technology is required. Both units use a risk-based approach when building up the Internal Audit Plan for the year. The structure, organisation and qualifications of the key members of the Internal Audit team are listed on the Company’s website. During the year under review, the Internal Audit team carried out 30 internal audit assignments for CFSL, consisting of risk-based, IT, advisory and investigation engagements. In addition, follow up audits (review of implementation status of recommendations) were also carried out throughout the year. Independence and objectivity The Internal Audit function confirms that independence and objectivity was maintained throughout the year by ensuring the following: • There was no interference by any element in the Company, including matters of audit selection, scope, procedures, frequency, timing, or report content. • Internal audit staff have no direct operational responsibility or authority over any of the activities audited and hence do not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair judgment. Internal audit staff also refrained from reviewing specific operations for which they were previously responsible; made proper disclosures if independence or objectivity was impaired, or if there was any conflict of interest; have not accepted anything that may impair or be presumed to impair their professional judgment; and were aware of the threat of overfamiliarity. Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating and communicating information about the activity or process being examined. 5. External Audit The external auditor of the Company and the Group are BDO & Co (“BDO”), who were appointed as external auditor at the AMS held in February 2021. The ACC discusses critical policies and external audit issues with BDO as and when necessary, and meets them at least once a year without Management being present. The ACC assesses the effectiveness of the external audit process via feedback received from the Management team. Areas of improvement are thereafter discussed with the external auditor. The Group has implemented a policy for the provision of non-audit service by the external auditor. The objectives of the policy are: • To ensure that neither the nature of service nor the level of reliance placed on it by the Group could be perceived to impair the independence and objectivity of the external auditor’s opinion on financial statements. • To establish a straightforward and transparent process and reporting mechanism to enable the ACC to monitor and control the independence of the external auditor and compliance with this policy. • To avoid unnecessary restrictions on the purchase of services from the external auditor who are expected to provide a higher quality and a more cost-effective service than other providers. For the year under review, the fees paid to the external auditor for non-audit work are set out on page 82. To guarantee objectivity and independence, the Board ensures that the team providing non-audit services is different from the one providing audit services.
RkJQdWJsaXNoZXIy MzQ3MjQ5