Rulebooks: Contents

Rulebooks
Mainboard Rules
Definitions and Interpretation
Chapter 1 Introduction
Chapter 2 Equity Securities
Chapter 3 Debt Securities
Chapter 4 Investment Funds
Chapter 5 Structured Warrants
Chapter 6 Prospectus, Offering Memorandum and Introductory Document
Chapter 7 Continuing Obligations
Chapter 8 Changes in Capital
Chapter 9 Interested Person Transactions
Chapter 10 Acquisitions and Realisations
Chapter 11 Takeovers
Chapter 12 Circulars, Annual Reports and Electronic Communications
Chapter 13 Trading Halt, Suspension and Delisting
Chapter 14 Disciplinary and Appeals Procedures, and Enforcement Powers of the Exchange
Appendices
Practice Notes
Practice Note 12.2 Internal Controls and Risk Management Systems
Report of the Committee and Code of Corporate Governance
Catalist Rules
SGX-ST Rules
CDP Clearing Rules
CDP Settlement Rules
DVP Rules [Entire Rulebook has been deleted]
CDP Depository Rules
Futures Trading Rules
SGX-DC Clearing Rules
SIAC DT Arbitration Rules
SIAC DC Arbitration Rules
Archive
Rule Amendments

  Versions
(2 versions)
 
Apr 2 2013 - Dec 31 2018Jan 1 2019 onwards

Practice Note 12.2 Internal Controls and Risk Management Systems

Details Cross References
Issue date: 2 April 2013

Revised Date: 6 August 2018

Effective date: 2 April 2013
                       1 January 2019
Listing Rules 610(5) and 1207(10)

1. Introduction

1.1 This Practice Note provides guidance on the application of Rules 610(5) and 1207(10).
1.2 In its prospectus and annual reports, the issuer's board must comment on the adequacy and effectiveness of the internal controls (including financial, operational, compliance and information technology controls) and risk management systems. A statement on whether the audit committee concurs with the board's comments must also be provided.

Rule 610(5) requires the disclosure to be made in the prospectus whereas Rule 1207(10) requires the disclosure to be in the annual reports.

2. Intent of Rules 610(5) and 1207(10)

2.1 Internal controls (including financial, operational, compliance and information technology controls) and risk management systems serve to safeguard shareholders' investments and company's assets.
2.2 A board committee, for example, the audit committee is usually responsible for overseeing internal controls and risk management. The board, which includes executive directors, is also responsible for assessing the adequacy and effectiveness of these internal controls and risk management systems.
2.3 The objective of Rules 610(5) and 1207(10) is to increase transparency and accountability. In providing this comment, the board and the audit committee are required to demonstrate that they have rigorously assessed the (i) internal controls (including financial, operational, compliance and information technology controls) and (ii) risk management systems.

3. Compliance with Rules 610(5) and 1207(10)

3.1 In satisfying Rules 610(5) and 1207(10), the board and the audit committee may ask for an independent audit on internal controls or risk management systems to assure themselves on the adequacy and effectiveness of the systems of internal controls and risk management, or if they are not satisfied with the systems of internal controls or risk management.
3.2 The issuer should maintain proper record of the discussions and decisions of the board and the audit committee.
3.3 Compliance with Rules 610(5) and 1207(10) involves the following disclosures:-
(i) Where the board and the audit committee are satisfied that the issuer has adequate and effective systems of internal controls and risk management, the disclosure must include the basis for such comment.

To avoid doubt, under Rule 246(9), all listing applicants are required to provide, for the Exchange's assessment, the auditor's report to management on the internal controls and accounting systems. Where weaknesses exist in a potential issuer's internal controls and accounting systems, the Exchange may seek a confirmation from the auditors of the potential issuer that the material weaknesses were addressed. This is in addition to Rule 610(5) which requires the board and audit committee to disclose the basis for their comments on the adequacy and effectiveness of the issuer's systems of internal controls and risk management.
(ii) In relation to Rule 1207(10), where the board and/or the audit committee has commented that internal controls or risk management systems need to be strengthened, or has concerns that internal controls or risk management systems are inadequate, the board must disclose the issues and how it seeks to address and monitor the areas of concerns.

4. Format of Disclosure

4.1 There is no prescribed format of disclosure.
4.2 As the board and audit committee are obliged by Rules 610(5) and 1207(10) to provide the specific disclosures in Paragraph 3.3 above, the Exchange recommends the comment be provided in the following ways:-
(i) Disclosure to be made in the section on "Audit Committee", "Internal Controls" or "Risk Management" of the prospectus for compliance with Rule 610(5).
(ii) Disclosure to be made in the Directors' Report or Corporate Governance section of the annual report for compliance with Rule 1207(10).

5. General Principle

5.1 Good disclosures which comply with Rules 610(5) and 1207(10) comprise the following:
(i) The board's comment on the Group's internal controls (including financial, operational, compliance and information technology controls) and risk management systems. A statement on whether the audit committee concurs with the board's comment must also be provided; and
(ii) The basis for the board's comment and if the audit committee does not concur with the board, the basis for the audit committee's comment.
5.2 Should the board or the audit committee comment that the Group's internal controls or risk management systems have material weaknesses, then clear disclosure of these weaknesses and the steps taken to address them is necessary for investors to make an informed decision about the issuer.

Added on 2 April 2013, amended on 1 January 2019.