Responsibility for System of Internal Financial Control

The Board of Directors acknowledges its responsibility for maintaining an appropriate system of internal financial control. The system is intended to provide reasonable but not absolute assurance that assets are safeguarded, transactions authorised and properly recorded, and that material errors or irregularities are either prevented or would be detected in a timely period.

Key control procedures

The Board of Directors has taken steps to ensure an appropriate control environment by:

• clearly defining management responsibilities;
• establishing formal procedures for reporting significant control failures and ensuring appropriate corrective action;
• establishing an Audit and Risk Committee to advise the Board of Directors on discharging its responsibilities for the internal financial control system.

The SBCI has established processes to identify and evaluate business risks by:

• identifying the nature, extent and financial implication of risks facing the organisation;
• assessing the likelihood of identified risks occurring;
• assessing the organisation’s ability to manage and mitigate the risks that do occur.

The system of internal financial control is based on a framework of regular management information, administrative procedures including segregation of duties, and a system of delegation and accountability. In particular it includes:

• a comprehensive budgeting system with an annual budget which is reviewed and agreed by the Board of Directors;
• regular reviews of periodic financial reports which indicate financial performance against forecasts;
• setting targets to measure financial and other performance;
• formal project management disciplines;
• adherence to the Reporting of ‘Relevant Wrongdoing’ and Protected Disclosures Policy and Anti-Fraud Policy;
• regular reporting on performance of on-lenders.

The Board of Directors has adopted the Code of Practice for the Governance of State Bodies (the “Code”), as adapted in a limited number of cases in accordance with the SBCI’s governance structure and business circumstances. A revised Code came into effect from 1 September 2016. In accordance with clarification issued by the Department of Public Expenditure and Reform on the application of the 2016 Code, the SBCI applied the 2009 Code with regard to the disclosures set out in this Annual Report and Financial Statements. Notwithstanding this, the SBCI already complies with the 2016 Code in many respects and has an implementation plan in place to ensure compliance with the revised Code for the year ending 31 December 2017 and subsequent years.

Audit and Risk Committee

The SBCI has an Audit and Risk Committee which operates in accordance with the principles in the Code. The Audit and Risk Committee’s responsibilities include the overseeing of the financial reporting process, reviewing the system of internal control and reviewing the internal and external audit processes.

The internal audit activities of the SBCI, which are performed by the National Treasury Management Agency (“NTMA”) internal audit function, are overseen by the Audit and Risk Committee. The work of the internal audit function is informed by an analysis of the risks to which the SBCI is exposed, and an annual internal audit plan is prepared based on this analysis.

The internal audit plan for the financial year was agreed with the management of the SBCI and approved by the Audit and Risk Committee in July 2015. On a regular basis, the internal audit function provides the management of the SBCI and the Audit and Risk Committee with reports of internal audit activity. These reports outline any findings and recommendations in relation to internal controls that have been reviewed. Progress against recommendations is monitored and reported to the Audit and Risk Committee.

NTMA

The SBCI depends to a significant degree on the controls operated by the NTMA which provides certain finance, human resources, legal, internal audit, risk and compliance services to the SBCI, as provided for under section 10 of the SBCI Act 2014, and as agreed in the Service Level Agreement between the NTMA and the SBCI. The NTMA has a well-developed system of internal control and any shared services provided to the SBCI are provided within this existing control framework. The SBCI has received assurance from the NTMA that it has reviewed its systems of internal financial control in relation to services provided to the SBCI.

Risk management

The Audit and Risk Committee is responsible for overseeing the implementation of the Risk Management Policy and Framework and the Risk Appetite Statement as approved by the Board of Directors. A Risk Register is maintained which identifies and categorises risks which may prevent the SBCI from achieving its objectives, and assesses the impact and likelihood of various risk events. On the basis of risks identified, controls are implemented to manage and mitigate these risks. The Risk Register is reviewed by the Audit and Risk Committee on a quarterly basis, and by the Board of Directors on an annual basis at a minimum. The management team is required to attest on a quarterly basis that the controls noted in the Risk Register are in place and effective.

Monitoring

The monitoring and review of the effectiveness of the system of internal financial control is informed by the management within the SBCI who have responsibility for the development and maintenance of the financial control framework, the findings from the work of the internal audit function and comments made by the Comptroller and Auditor General in his management letter or other reports.

The Board of Directors monitors the system of internal financial control through the Audit and Risk Committee. The Audit and Risk Committee carries out its functions in accordance with the Audit and Risk Committee’s Terms of Reference.

Annual review of controls

We confirm that, in respect of the financial year ended 31 December 2016, the Board of Directors, having taken advice from the Audit and Risk Committee, conducted a review of the effectiveness of the system of internal financial control.

12 April 2017