Internal Audit and Risk Management
The team is led by the Head of Internal Audit and Risk Management who reports to the Risk Management and Audit Committee of Rogers and Company Limited ‘Rogers’ and through the Chairman of the RMAC, to the Board of Rogers on a quarterly basis. The team further reports to the Boards of the Subsidiaries of Rogers. The team is composed of the Head of Internal Audit and Risk Management and internal auditors which is made of dynamic professionals who are affiliated to and are members of professional bodies (ICAEW, ACCA and IIA).
The internal audit plan is prepared using a risk-based approach. The plan is set for three years, reviewed on an annual basis by the RMAC, to incorporate the changing risk landscape. Risk based audits carried out during the year are in line with the established internal audit methodology.
Internal audit findings are reported to the RMAC and Boards of the relevant sectors.
Reports on implementation of recommendations are also provided on a quarterly basis to the individual sector Boards and RMAC so as to ensure continuous improvement within the Group and at the same time give assurance on the effectiveness of internal control systems.
Assessment of areas of significant risk
Review and approval of Audit plan by RMAC
Reporting of Audit findings to RMAC and Boards of Directors
Follow up on implementation
Our Integrated Risk Management Framework
The Board of Rogers and sectorial Boards are responsible for ensuring that risks are managed effectively within the Group. The RMAC is mandated by the Board for the review of the effectiveness of the risk management process.
The main objective, aims, risk governance, lines of defence and process are set out below:
The integrated risk management process is clearly defined and a well-established structure is in place whereby comfort
and assurance is obtained through our four lines of defence, namely:
1. People, process & technology;
2. Management & Oversight;
3. Internal Audit; and
4. External Assurance.
People, process, technology, Management and oversight (committees) focus on internal controls, whilst assurance provided
by internal audit and external independent parties focuses on other specific areas.
People, Process and Technology
Processes, systems and controls in place are designed to manage risks and exploit opportunities.
These controls are operated by employees involved in day to day activities.
Management & Oversight
Management teams of each sector within the Group meet on a regular basis. They are responsible for the assessment and management of risk including the identification, escalation of new/emerging events, the monitoring and reporting on risk and control effectiveness.
External assurance is obtained from the appointment of independent experts and their opinions provide additional assurance on:
- Fair value of investment and other properties;
- Valuation of retirement benefit obligations;
- Financial statements; and
- Internal control environment.