Rulebooks: Contents

Rulebooks
Mainboard Rules
Catalist Rules
Definitions and Interpretation
Chapter 1 Introduction
Chapter 2 Sponsors
Chapter 3 Disciplinary and Appeals Procedures, and Enforcement Powers of the Exchange
Chapter 4 Equity Securities
Chapter 5 Reserved
Chapter 6 Reserved
Chapter 7 Continuing Obligation
Chapter 8 Changes in Capital
Chapter 9 Interested Person Transactions
Chapter 10 Acquisitions and Realisations
Chapter 11 Takeovers
Chapter 12 Circulars, Annual Reports and Electronic Communications
Chapter 13 Trading Halt, Suspension and Delisting
Chapter 14 Transition Rules
Appendices
Practice Notes
Practice Note 12B Internal Controls and Risk Management Systems
Code of Corporate Governance 2012
Code of Corporate Governance 2018
SGX-ST Rules
CDP Clearing Rules
CDP Settlement Rules
DVP Rules [Entire Rulebook has been deleted]
CDP Depository Rules
Futures Trading Rules
SGX-DC Clearing Rules
SIAC DT Arbitration Rules
SIAC DC Arbitration Rules
Archive
Rule Amendments

  Versions
(2 versions)
 
Apr 2 2013 - Dec 31 2018Jan 1 2019 onwards

Practice Note 12B Internal Controls and Risk Management Systems

Cross-referenced from Rules 407(4)(b) and 1204(10)

1. Introduction

1.1 This Practice Note provides guidance on the application of Rules 407(4)(b) and 1204(10).
1.2 In its offer document and annual reports, the issuer's board must comment on the adequacy and effectiveness of the internal controls (including financial, operational, compliance and information technology controls) and risk management systems. A statement on whether the audit committee concurs with the board's comments must also be provided.

Rule 407(4)(b) requires the disclosure to be made in the offer document whereas Rule 1204(10) requires the disclosure to be in the annual reports.

2. Intent of Rules 407(4)(b) and 1204(10)

2.1 Internal controls (including financial, operational, compliance and information technology controls) and risk management systems serve to safeguard shareholders' investments and company's assets.
2.2 A board committee, for example, the audit committee is usually responsible for overseeing internal controls and risk management. The board, which includes executive directors, is also responsible for assessing the adequacy and effectiveness of these internal controls and risk management systems.
2.3 The objective of Rules 407(4)(b) and 1204(10) is to increase transparency and accountability. In providing this comment, the board and the audit committee are required to demonstrate that they have rigorously assessed the (i) internal controls (including financial, operational, compliance and information technology controls) and (ii) risk management systems.

3. Compliance with Rules 407(4)(b) and 1204(10)

3.1 In satisfying Rules 407(4)(b) and 1204(10), the board and the audit committee may ask for an independent audit on internal controls or risk management systems to assure themselves on the adequacy and effectiveness of the systems of internal controls and risk management, or if they are not satisfied with the systems of internal controls or risk management.
3.2 The issuer should maintain proper record of the discussions and decisions of the board and the audit committee.
3.3 Compliance with Rules 407(4)(b) and 1204(10) involve the following disclosures:-
(i) Where the board and the audit committee are satisfied that the issuer has adequate and effective systems of internal controls and risk management, the disclosure must include the basis for such comment.

To avoid doubt, under Rule 225(1)(e), a full sponsor, in preparing a listing applicant for admission or advising an issuer in a very substantial acquisition or reverse takeover, must satisfy itself that the listing applicant or enlarged group has sufficient systems, procedures, controls and resources to comply with the Rules and that its directors understand and intend to fulfil their obligations at all times for as long as the securities of the issuer remain listed on Catalist. This is in addition to Rule 407(4)(b) which requires the board and audit committee to disclose the basis for their comments on the adequacy and effectiveness of the issuer's systems of internal controls and risk management.
(ii) In relation to Rule 1204(10), where the board and/or the audit committee has commented that internal controls or risk management systems need to be strengthened, or has concerns that internal controls or risk management systems are inadequate, the board must disclose the issues and how it seeks to address and monitor the areas of concerns.

4. Format of Disclosure

4.1 There is no prescribed format of disclosure.
4.2 As the board and audit committee are obliged by Rules 407(4)(b) and 1204(10) to provide the specific disclosures in Paragraph 3.3 above, the Exchange recommends the comment be provided in the following ways:-
(i) Disclosure to be made in the section on "Audit Committee", "Internal Controls" or "Risk Management" of the offer document for compliance with Rule 407(4)(b).
(ii) Disclosure to be made in the Directors' Report or Corporate Governance section of the annual report for compliance with Rule 1204(10).

5. General Principle

5.1 Good disclosures which comply with Rules 407(4)(b) and 1204(10) comprise the following:
(i) The board's comment on the Group's internal controls (including financial, operational, compliance and information technology controls) and risk management systems. A statement on whether the audit committee concurs with the board's comment must also be provided; and
(ii) The basis for the board's comment and if the audit committee does not concur with the board, the basis for the audit committee's comment.
5.2 Should the board or the audit committee comment that the Group's internal controls or risk management systems have material weaknesses, then clear disclosure of these weaknesses and the steps taken to address them is necessary for investors to make an informed decision about the issuer.

Added on 2 April 2013 and amended on 1 January 2019.