External Auditors
The BAC is responsible for oversight
of the Bank's relationship with the
External Auditor. The BAC reviewed and
monitored the independence, integrity
and objectivity of the External Auditor
and assessed the effectiveness of their
audit process considering the relevant
professional and regulatory requirements.
To ensure that the External Auditor
had the independence to discuss and
express their opinions on any matter,
they were granted further opportunities
to meet the BAC separately, without
the presence of the Executive Directors.
The Committee ensured compliance
with the requirements for the rotation
of Audit Partners in accordance with the
directions issued by the CBSL. Further,
the Committee noted the requirements
outlined in the Banking Act Direction No.
05 of 2024 and the Banking (Amendment)
Act No. 24 of 2024, issued by the CBSL,
concerning the rotation of the external
auditor and the specific engagement
partner, and confirmed that compliance
will be achieved within the specified
time frame. The Letter of Representation
issued to the External Auditor by the
management was also reviewed by the
Committee.
The Committee obtained a statement
from the External Auditor confirming
that they are and have been independent
throughout the conduct of the audit
engagement, in accordance with the
terms of all relevant regulatory and
professional requirements.
Messrs Ernst and Young, Chartered
Accountants has been appointed as the
External Auditor of the Bank since the
inception and the present Engagement
Partner has been appointed since January
2023. The Committee discussed the
audit plan, scope and the methodology to be adopted in conducting the annual
audit with the External Auditor prior
to commencement of the audit for
the financial year 2024. There was no
limitation of scope and the BAC obtained
assurances that Management has
provided all information and explanations
requested by the External Auditor.
Financial Statements were reviewed by
the External Auditor, whose opinion on
the financial statements is set out on
pages 270 to 272. The Committee also
met the External Auditor to review the
Management Letter with the responses
from the Management.
The Committee has recommended
to the Board that Messrs Ernst and
Young, Chartered Accountants, to be re-
appointed for the financial year ending
31st December 2025, subject to the
approval of shareholders at the 39th
Annual General Meeting.
Provision of Non-Audit Services
The BAC conducted its annual review of
the Policy on Engagement of External
Auditors for Non-Audit Services to ensure
compliance with regulatory requirements.
The BAC also assessed the non-audit
services provided to ensure that the
independence and objectivity have not
been impaired by providing such non-
audit services, taking into consideration,
the fees and the scope of same.
Internal Control Over Financial
Reporting (ICOFR)
Sampath Bank is required to comply with
the Section 3(8)(ii)(b) of the Banking Act
Direction No. 11 of 2007, Section 9.2(b)
of Banking Act Direction No. 05 of 2024
(Effective 1st January 2025) and assess
the effectiveness of Internal Control Over
Financial Reporting. The BAC assessed
the effectiveness of the Bank's system of
Internal Control Over Financial Reporting
as of 31st December 2024 based on
the criteria set out in the Guidance for
Directors of Banks under “The Directors'
Statement of Internal Control”, issued by
the CA Sri Lanka in 2010.
The Internal Controls Over Financial
Reporting Steering Committee comprising
the Chief Internal Auditor (Chairperson),
Executive Director/Chief Financial Officer,
Chief Risk Officer, Chief Information
Security Officer and Chief Compliance
Officer assisted the Internal Audit
Department in conducting its evaluations
on Internal Control Over Financial
Reporting and Management Information
Systems. In this regard, assessments
were carried out by the Internal Audit Department to determine if documented
procedures were being followed by the
respective process owners, to ensure the
design effectiveness and the operating
efficiency of the Internal Controls and
the Management Information Systems as
well as to identify areas for improvements
on an ongoing basis.
The Committee obtained and reviewed
the assurance received from the
Managing Director and other Key
Management Personnel regarding the
adequacy and effectiveness of the Bank's
risk management and internal control
systems. To comply with this requirement,
the ICOFR verification process was
streamlined and revamped during the year
2024.
The backdrop of Sri Lanka's dynamic
economic conditions and regulatory
changes necessitated a comprehensive
review of the Bank's internal control
systems. Hence, the BAC intensified
its focus on enhancing internal controls
and risk management frameworks to
mitigate threats associated with the
local and global economic uncertainties.
This included enhancing oversight on
credit risk, liquidity risk and operational
risk and related systems and controls as
well as controls of related systems and
processes. Based on the assessments
carried out by the Internal Auditor and
External Auditor, the BAC concluded that,
as of 31st December 2024, the Bank's
system of Internal Control Over Financial
Reporting is effective. The Directors'
Statement on the Bank's Internal Control
Over Financial Reporting is provided on
pages 264 and 265'
The Bank's External Auditors have
assessed the effectiveness of the
existing system of Internal Control Over
Financial Reporting and have provided an
assurance report to the Board indicating
that nothing has come to their attention
that causes them to believe that financial
reporting was inconsistent with their
understanding of the processes adopted
by the Board for reviewing the design and
operating effectiveness of the internal
control system of the Bank. The External
Auditors' Assurance Report on the Bank's
systems of Internal Control Over Financial
Reporting is provided on page 266.
Internal Audit
As the third line of defence, internal audit
functions independently from the first and
second lines of defence, reporting directly
to the BAC. During the year, the BAC
continued to fulfil its mandate to monitor
and review the scope, methodologies,
extent and effectiveness of the activities
of the Bank's Internal Audit Department,
including review of the progress made
on Audit activities and achievements
against the Bank's Audit Plan. The BAC
noted the increased focus by the Internal
Audit function on technology-driven audit
techniques to monitor the Bank's digital
transformation efforts and to safeguard
against cybersecurity threats. The
Committee reviewed all major findings
revealed through audit investigations
and potential fraud monitoring activities
carried out during the year.
The BAC also reviewed the resource
requirements of the Internal Audit
Department. The performance evaluation
of the Chief Internal Auditor and the
senior staff members of the Internal Audit
Department for the year 2024 will be
carried out by the Committee during the
first quarter of 2025.
Annual Corporate Governance Report
As required by Section 3(8)(ii)(g) of the
Banking Act Direction No. 11 of 2007
on Corporate Governance for Licensed
Commercial Banks and Section 9.2. (h).
(i) of the Banking Act Direction No. 05 of
2024 (effective 1st January 2025) issued
by the Central Bank of Sri Lanka, the
Annual Corporate Governance Report
for 2024 is provided on pages 152 to
183. The External Auditor of the Bank
have performed procedures set out in
Sri Lanka Related Services Practice
Statement 4750 issued by the CA
Sri Lanka (SLRSPS 4750), to meet the
compliance requirement of the said
Corporate Governance direction. Their
findings presented in their report dated
17th February 2025 addressed to the
Board, are consistent with the matters
disclosed above and no inconsistencies
have been identified in this regard.
Whistleblowing
The Bank's 'Policy on Whistleblowing'
continued to be implemented as a
component of the Corporate Fraud Risk
Management Framework and made
available in the Bank's website in line with
the requirement specified in the Listing
Rules issued by the Colombo Stock
Exchange. Furthermore, the 'Procedure
on Whistleblowing' was developed
to enhance the internal stakeholders'
understanding of the whistleblowing
process that needs to be followed. The
recommendations provided by the BAC
were incorporated into the Whistleblowing
Policy and the Whistleblowing Procedure
as applicable, to further strengthen the
whistleblowing mechanism. The Policy
and the Procedure empower any team member who has a legitimate concern
on an existing or potential “wrongdoing”
by any person within the Bank to come
forward voluntarily and bring such concern
to the notice of the Chairman of the BAC
either through the Company Secretary or
Chief Internal Auditor. Concerns raised are
investigated as per the standard procedure
and the identity of the person raising the
concern is kept confidential.
KEY RESPONSIBILITIES OF THE
COMMITTEE
- Reviewing financial information and
monitoring the integrity of the financial
statements of the Bank, its annual
report, accounts and quarterly reports
prepared for disclosure, prior to
submission to the Board and ensuring
compliance with statutory provisions,
accounting standards and accounting
policies.
- Reporting to the Board on the quality,
appropriateness and acceptability of
the Bank's accounting policies and
practices.
- Assessing the reasonableness of the
underlying assumptions based on
which estimates and judgments are
made when preparing the financial
statements.
- Overseeing the Internal Audit function
and reviewing of audit reports to
ensure that appropriate actions
are taken by the Management to
implement the recommendations
made by the Internal Auditors.
- Assessing the independence and
reviewing the adequacy of the scope,
functions and resources of the
Internal Audit Department, including
the appointment of the Chief Internal
Auditor and the performance of the
CIA and senior staff members of the
Internal Audit Department.
- Overseeing the appointment,
compensation, resignation and
dismissal of the External Auditor,
including review of the External Audit
function, its cost and effectiveness
and monitoring of the External
Auditors' independence, integrity and
objectivity.
- Reviewing the adequacy and
effectiveness of the Internal
Controls, Risk Management and
ensure compliance with Corporate
Governance and regulatory
requirements.
- Ensure to compliance with the
Environmental, Social and Governance
(ESG) laws and regulations which are
applicable to the Bank.
- Assess the Bank's ability to continue
as a going concern in the foreseeable
future. Reviewing the Terms of
Reference of the Committee
periodically and ensuring that it
reflects the best practices of the
industry at all times.
PROFESSIONAL ADVICE
The BAC has the authority to seek external
professional advice from time to time on
matters within its purview. During the
year, several consultations were sought
with various professionals on matters
under the Committee's purview.
DECLARATION BY THE
COMMITTEE
The Bank has already complied with
the requirements stipulated under the
Banking Act Direction No. 05 of 2024
on Corporate Governance for Licensed
Banks issued by the Central Bank of Sri
Lanka, which is effective from 1st January
2025 as appropriate. Further, the Bank
will ensure overall compliance with the
aforementioned regulation in accordance
with the timelines specified therein.
REPORTING TO THE BOARD
The minutes of the Committee meetings
were tabled at Board meetings, thereby
providing Board members with access
to the deliberations of the Committee.
Additionally, the Chairman of the BAC
provides a verbal summary of the key
matters of concern arising from each
meeting to the Board.
PERFORMANCE EVALUATION OF
THE COMMITTEE
The annual self-evaluation of the
Committee was conducted at the year-
end by the members of the Committee.
The results were discussed at the
Committee with, where necessary,
areas for improvement being identified
and the plans for improvement being
communicated to the Board.
On behalf of the Board Audit Committee,
