KPMG Sri Lanka hosts SLID 29th Audit Committee Forum as Knowledge Partner

• Key event puts spotlight on ‘Navigating Risk Management with Internal Controls’

The Audit Committee Forum organised by the Sri Lanka Institute of Directors titled ‘Navigating Risk Management with Internal Controls’ offered valuable insights into the critical role of robust internal controls in managing risks and ensuring organisational success.

With a focus on governance, risk management, and financial oversight, the forum served as a platform for key discussions on how audit committees can protect businesses from potential risks.

The session was led and moderated by KPMG in Sri Lanka and Maldives Partner and Chief Operating Officer Suren Rajakarier, alongside a distinguished panel featuring Bogala Graphite Lanka PLC Chairperson Coralie Pieterz, HNB and CIC Holdings Director Rimoe Saldin, Ceylon Chamber of Commerce CEO/SG Buwaneka Perera, and McDonald’s Corporation CFO Asia Salinda De Silva. 

Together, they delved into the evolving role of audit committees and their crucial role in assisting risk management through oversight of internal controls.

In his presentation, Rajakarier highlighted critical changes in the CSE listing rules that include the following as ‘Functions of Audit Committee’:

• Review and assess the company’s risk management process, including the adequacy of the overall control environment and controls in areas of significant risks and updated business continuity plans.
• Review the risk policies adopted by the Entity on an annual basis.
• Take prompt corrective action to mitigate the effects of specific risks in the case such risks are at levels beyond the prudent levels decided by the committee 

It was noted risk management is everyone’s responsibility and the audit committee’s oversight of risk policies is essential in controlling and mitigating various threats that could destabilise an organisation. Implementing robust internal controls is essential to mitigate these risks and ensure organisational success. The importance of risk assessment, control activities and the three lines of defence was also highlighted by the presenter in addition to advocating preventive controls as a key measure to manage risks. The participants were cautioned with the prospect of regulators imposing penalties on Boards failing to maintain proper internal controls, as experienced in the US. During the panel discussion, the panellists shared insights on how companies can create a proactive risk culture, noting that effective risk management often begins with strong internal controls, proper training, and open communication channels. In particular, the panellists discussed the challenges faced by finance functions in reducing risks, including financial losses arising from non-compliance with internal controls. Another key takeaway noted was the necessity of continuous improvement within audit committees, particularly in terms of creating a culture that prioritises integrity and control conscious culture that aligns with an organisation’s third line of defence — the internal audit. By fostering such a culture, companies can close gaps in their control systems and drive long-term value. 

Certain basic steps to navigate this terrain relate to:

• Understanding the control environment: Audit committees need a solid grasp of the organisation’s control environment. This includes assessing how robust management’s risk assessment process is, the policies and procedures in place for risk management, and the adequacy of internal control systems.
• Reviewing internal control reports: Review internal control reports to ensure that controls are effective in safeguarding assets and preventing fraud and discuss findings with both management and internal auditors.
• Monitoring controls: Regular monitoring of existing controls ensures they operate efficiently. By staying informed, audit committees can identify areas where things might go wrong and take proactive steps.

The session also explored how process risks — particularly in franchise/decentralised operations — can lead to significant reputational losses if not managed properly. Errors in complying with Standard Operating Procedures (SOPs) can cascade through an organisation, creating vulnerabilities that might harm the parent company. Therefore, preventive measures, driven by the right organisational culture, are essential in mitigating these risks. As noted by the panel, the best control is a strong culture of compliance and integrity within the organisation.

It was revealed that the next session of the Forum will focus on Environmental, Social, and Governance (ESG) risks. Under the evolving regulations, audit committees will play a key role in ensuring that companies not only comply with ESG regulations but also integrate sustainable practices into their core operations.

In an era where businesses face an array of complex risks, the 29th Audit Committee Forum organised by Sri Lanka Institute of Directors with KPMG Sri Lanka as the Knowledge Partner, emerges as a pivotal platform for fostering collaboration, sharing best practices, and elevating the standards of corporate governance in the Sri Lankan business community.