ISLAMABAD: The Finance Division notified State-Owned Enterprises (Audit Committee, Internal Control and Risk Management) Regulations, 2024, to ensure effective governance, transparency and accountability.
These regulations shall apply to all state-owned enterprises as defined in the SOE Act and shall come into force immediately.
In accordance with the requirements of the State-Owned Enterprises (Governance and Operations) Act, 2023, and the SOE Ownership and Management Policy, 2023, CMU has also notified “Public Sector Obligations (PSO) Costing Guidelines”.
In accordance with the requirements of the State-Owned Enterprises (Governance and Operations) Act, 2023, and the SOE Ownership and Management Policy, 2023, Central Monitoring Unit’s (CMU) has prepared the Regulations on Audit Committee, Risk Management, and Internal Controls for the SOEs. These regulations establish a standardised framework for SOEs to ensure effective governance, transparency, and accountability.
The document includes comprehensive guidelines on forming and operating an Audit Committee, implementing a robust risk management framework, and maintaining adequate internal controls to mitigate operational, financial, and compliance risks.
According to the regulations, the board of each state-owned enterprise shall establish an audit committee of the board which shall be headed by an independent member and will include member(s) who are financially literate. The chairman of the board and CEO shall not be members of the audit committee.
The audit committee shall meet at least once every quarter of each financial year. These meetings shall be held prior to the approval of interim results by the Board of Directors and after completion of the external audit.
A meeting of the audit committee shall also be held if requested by the external auditors, or the chief internal auditor (CIA), or a member of the audit committee. The chief executive officer and the chief financial officer may attend a meeting of the audit committee by invitation.
The audit committee shall meet the external auditors, without the chief financial officer and the chief internal auditor being present, at least once a year.
The audit committee shall meet the head of internal audit (CIA) and other members of the internal audit function, without the chief financial officer and the external auditors being present, at least once a year.
Functions of the Audit Committee include; oversee financial reporting to ensure that financial statements are accurate, transparent, and compliant with relevant laws and regulations, approval of appointment of external auditors, their fees and other related matters, coordinate with external auditors to ensure accurate financial disclosure and implement mechanisms to prevent fraud and mismanagement of public resources and SOE assets, to approve the internal audit planand ensure the independence of internal auditors, regularly review audit reports and recommendations to ensure that audit processes are thorough and aligned with the SOE’s needs, ensure that regular audits are conducted, with findings timely reported, oversee whistle blowing mechanisms and fraud prevention efforts, review half yearly and annual financial statements of the SOEs prior to their approval by the Board, conducting investigations where necessary on a confidential basis on deviations from code of conduct, internal controls or other matters deemed necessary, evaluate and strengthen internal controls to enhance operational efficiency and accountability, oversee risk management strategies, ensuring the SOE is prepared to address regulatory risks, political influences, and other challenges. This includes reviewing risk management policies and internal control systems, ensure that the SOE complies with applicable laws (including the SOE Act 2023), regulations, and internal policies. SOEs are required to establish robust internal control systems designed to ensure compliance with legal and regulatory requirements, safeguard assets, and uphold financial integrity. These controls should be comprehensive, supporting accurate and transparent financial reporting to provide stakeholders with a clear and reliable view of the organisation’s financial health.
Additionally, effective internal controls must minimise operational and financial risks by proactively identifying and addressing potential vulnerabilities within processes. Beyond risk mitigation, these controls are fundamental in fostering a culture of accountability, where all levels of the organisation are aligned with governance standards and ethical practices, thereby enhancing public trust and organisational efficiency.
The SOEs may adopt a robust framework to build a comprehensive internal control system, focusing on a strong control environment, risk assessment, control activities, information and communication, and monitoring. Any of the following frameworks may be used as per the requirement of the organisation while remaining vigilant to regulatory updates and emerging requirements, regularly monitoring changes that may impact the SOE’s operations: a. COSO ERM b. ISO 31000 c. COBIT d. ISO 27001 e. King IV Corporate Governance.
The SOEs shall implement effective risk management to safeguard assets, ensure financial stability, and achieve long-term goals. A comprehensive risk management framework, including Enterprise Risk Management (ERM), should be developed to identify, assess, and manage risks across all functions. Regular assessments and reporting to the board and senior management are required to support proactive decision-making.
The SOEs shall develop a central risk register to document risks, potential impacts, and likelihoods. Mitigation strategies shall be designed and monitored to ensure effectiveness. The risk management process shall align with the SOE’s strategic objectives.
The Board of Directors shall: A. Define the company’s risk appetite, linked to the strategic plan. B. Ensure robust risk management, fraud prevention and reporting systems. C. Monitor risks and ensure effective reporting. D. Specify a Committee of the Board to oversee the risk management function including Fraud Risk Management.
The PSO Costing Guidelines are essential for SOEs as they provide a standardised framework to address the unique financial challenges associated with public service obligations. PSOs often involve delivering services that are critical to public welfare but may not be commercially viable. Without clear costing guidelines, SOEs may face difficulties in accurately estimating and justifying the financial resources needed for these obligations, which can lead to underfunding, operational inefficiencies, and misaligned budget allocations. By implementing these guidelines, SOEs can achieve a more transparent and consistent approach to costing, which is crucial for securing adequate funding and ensuring accountability in their operations.
Furthermore, these guidelines help bridge the gap between the financial goals of SOEs and the broader socioeconomic objectives of the government.
PSOs typically have a significant impact on public services and economic stability, making it crucial for SOEs to manage these obligations efficiently. With a well-defined costing framework, SOEs can better align their financial planning with government policies and regulatory standards. This alignment not only enhances transparency for stakeholders but also strengthens the government’s oversight and support for SOEs, enabling a more sustainable and balanced approach to public sector management.
The Finance Division also notified guidelines titled, “Business Plan and Statement of Corporate Intent (SCI) Guidelines”. These guidelines outline key steps and essential components that federally-owned SOEs are required to include in their business plans and SCI submissions. Moreover, it provides guidance on setting strategic objectives, performing environmental analysis, engaging stakeholders, and establishing a framework for effective monitoring and evaluation.
Copyright Business Recorder, 2024
Comments