Enterprise Risk Management
The Group has established a structured ERM framework to assess the effectiveness and efficiency of strategic and operational policies and activities. The ERM framework, which draws references from ISO 31000 and COSO standards,
provides consistent risk management systems and processes across the Group, identifying and managing risks that could impact the Group’s ability to achieve its mission and objectives. The ERM framework also guides
the Group towards its desired maturity level of having an integrated approach to balancing risks with corporate strategy and objectives.
The Board of Tote Board, supported by the ARC, exercises overall risk governance and oversight of the ERM framework. The annual risk review and regular risk reporting exercises, facilitated by the risk management function,
are carried out by risk owners and Management, with key risks being reviewed and monitored by the ARC and Board. Strategic responses are formulated and monitored to address any risk gaps, and are built into the coming year’s
strategy and work planning for the respective entities and Tote Board departments. On an ongoing basis, significant risk-related developments and incidents will also be reported and escalated to the ARC and/or the Board,
where necessary.
Internal Controls
The Board ensures that Management maintains a sound system of internal controls to safeguard the interests of stakeholders and the assets of the Group. The Management of Tote Board, Singapore Pools and STC are responsible for
the design and implementation of a comprehensive system of internal controls to safeguard assets, maintain proper accounting records and produce reliable financial information. The system includes defined responsibility
and financial authority limits, segregation of duties, reconciliation of financial information, compliance with internal financial policies, financial regulations or government instruction manuals, and maintenance of proper
financial records. The ARC ensures that a review of the effectiveness of internal controls — including financial, technological, operational and compliance controls, and risk management — takes place annually
through various internal audits and related reports issued to the ARC. For certain projects or areas where independent expertise is specially required in connection with the review of controls, external professionals and
service providers are appointed accordingly.
Assurance by Management
For FY2019, the ARC has received assurance from the Management of Tote Board, Singapore Pools and STC that:
- the financial statements are drawn up to give a true and fair view of the state of affairs of Tote Board and the Group;
- there are adequate internal controls in place, which are operating effectively to provide reasonable assurance in managing risks, safeguarding assets, ensuring reliability of the financial information, and compliance with
laws and regulations by Tote Board and the Group.
Based on the systems of internal controls and risk management established and maintained by the Group, the work performed by Group IA and external auditors, as well as reviews performed by the Management, the ARC is satisfied
that the systems of internal controls and risk management are reasonably adequate and effective.
Internal Audit
Tote Board’s Group Internal Audit (Group IA) is an independent function that reports functionally to the Chairman of the ARC and administratively to the Chief Executive. Group IA is guided by the International Professional
Practices Framework, as defined by the Institute of Internal Auditors. The adequacy of funding and staffing of Group IA, and its appropriate standing within the Group, is ensured by the ARC. The principal role of Group
IA is to conduct audits that evaluate the reliability, adequacy and effectiveness of internal controls within Tote Board, Singapore Pools and STC. Group IA adopts risk-based auditing and works closely with external auditors
to coordinate audit work. It provides stakeholders with reasonable assurance on the effectiveness of control and governance processes used in the management of risks and accomplishment of objectives.
External Audit
As part of the annual financial statements audit, external auditors conduct a review of significant internal controls. Such controls are mainly determined by the purpose of the audit and the scope of work under the audit plan.
Any material non-compliance and/or internal control weaknesses are addressed and made known to the ARC, together with the external auditors' recommendations.
To maintain the independence of external auditors, the ARC reviews the nature and extent of non-audit services provided by external auditors during the year, and the fees paid for such services. The ARC is satisfied that the
independence of the Tote Board Group's external auditors has not been impaired by the provision of those services. The external auditors have also provided confirmation of their independence to the ARC.
Whistleblowing Policy
Tote Board, Singapore Pools and STC have established a whistleblowing policy to allow employees, vendors, partners of the Group and the general public to report malpractices and misconduct in the workplace. The policy aims
to encourage the reporting of such matters in good faith, with the confidence that persons making such reports will be treated fairly and, to the fullest extent possible, protected from reprisals. All whistleblower reports,
including the whistleblower's identity, will be treated with confidentiality. Reports can be lodged directly to Group IA via email.