Principle 11: Risk Management and Internal Controls
The key risks and internal controls of the Trust have been
identified by the Board working with Management and with
assistance from KPMG LLP (“KPMG”), the appointed internal
auditor. The risks are categorised under strategic, financial,
operational and compliance risk areas. There are documented
procedures in place that cover certain management
accounting, financial reporting, project appraisal, compliance
and other risk management issues. The Board’s approach to
risk management and the identified financial risk factors are
outlined in Note 27 of the Financial Statements of the Trust.
The Board regularly reviews the business risks of the Trust
and examines liability management and risks including those
relating to the India property sector. The overall framework
established by the Board to enhance the soundness of the
Trust’s financial reporting, risk management, compliance and
internal control systems includes:
• Formulation and implementation of an enterprise risk
management framework which comprises a risk register
and related internal controls to mitigate such risks which is
regularly reviewed by the Board;
• Audits performed by an internal auditor in accordance
with the audit plan;
• Process improvement initiatives undertaken by the
asset companies;
• Implementation of formal policies and procedures
relating to the delegation of authority;
• Involvement of experienced and suitably qualified employees
who take responsibility for important business functions; and
• Segregation of key functions which may give rise
to possible errors or irregularities.
The AC assists the Board in examining the effectiveness of the
Trust’s risk management policies to ensure that a robust risk
management system is maintained. The AC reviews and guides
Management in the formulation of risk policies and processes
to effectively identify evaluate and manage any material risk.
The AC reports to the Board on material findings and makes
recommendations in respect of any material risk issues.
To support the AC in its review of the internal controls,
Management completes a checklist verifying that adequate
internal controls were in place to monitor financial, legal
and other relevant risks quarterly and at the end of the
financial year.
In the course of their statutory audit, the external auditor
had considered the risk assessment conducted by the
internal auditor. Any material non-compliance and internal
control weakness, together with the internal auditor’s
recommendations to address them, are reported to the AC.
The Trust also has both a comprehensive insurance coverage
and a business continuity plan.
Whistleblowing Policy
The Trustee-Manager adopts a zero tolerance approach
towards fraud. The Board has put in place a whistle-blowing
policy and procedures which provide employees with
well-defined and accessible channels for reporting suspected
fraud, corruption, dishonest practices or other similar matters
and for appropriate follow-up action to be taken. The
policy and procedures aim to encourage the reporting of
such matters in good faith, with confidence on the part of
employees making such reports, that they will be treated fairly
and, to the extent possible, be protected from reprisal.
Directors’ Opinion on Internal Controls
The CEO and the Chief Financial Officer (“CFO”) have
provided their assurance to the Board that to the best of
their knowledge, based on outcomes of on-going reviews on
risk management and internal controls, and in the absence
of contradictory evidence, the system of risk management
and internal controls is adequate, financial records have been
properly maintained and the financial statements give a true
and fair review of the Trust’s operations and finances.
The Board recognises the importance of sound internal
controls and risk management practices for good corporate
governance. The Board affirms its overall responsibility for
systems of internal controls and risk management of the
Trust and its subsidiaries, and for reviewing the adequacy and
integrity of those systems on an annual basis. The internal
control and risk management functions are performed by key
executives and are reported to the AC for review.
The internal control systems include the safeguarding of assets,
the maintenance of proper accounting records, the reliability of
financial information, compliance with appropriate legislation,
regulations and best practices, and the identification and
containment of business risks. Such systems are designed to
manage rather than to eliminate the risk of failure to achieve
business objectives and provide only reasonable, and not
absolute, assurance against material misstatement of loss.
The Board also notes that all internal control systems contain
inherent limitations and no system of internal controls can
56 57
