Annual Report 2011 / Sahaviriya Steel Industries Public Company Limited
The Internal Audit Office is appointed as the independent internal audit unit of the Company. In practice, the Internal Audit Office has employed the International Standards for the Professional Practice of Internal Auditing, the Institute of Internal Auditors (IIA) as the guidelines for their management and operations. The framework of controls adhered and referred to by the Internal Audit Office and the Audit Committee in their operations, has been set forth as the Internal Control Integrated Framework of the Committee of Sponsoring Organisations of the Treadway Commission (COSO). This framework consists of five main control components, namely: 1) Control environment 2) Risk assessment 3) Control activities 4) Information and communications 5) Monitoring and evaluation The details of the main control components of the Company’s internal control system are based on the five frameworks above which have been implementing continuously; however, there were some changes made in 2011. Control Environment The acquisition of a Iron and Steel Making Business in the United Kingdom which was established as a wholly subsidiary of the Company under the name, “Sahaviriya Steel Industries UK Limited (SSI UK). The Company re-organised its organisation structure periodically to suit the new business plan for instance, improvement of Management Structure by new Management Committee, the dissolution of the Board of Executive Directors, and appoint the Company’s Group CEO in order to adapt the dynamics of the business and its industry.
079
Risk Assessment Details can be found under the topic of Risk Management. Control Activities The Company has defined corporate regulations, policies and guidelines to ensure proper procedures. In addition, an authorisation chart has been published clearly specifying the scope of authority accorded to the Board of Directors, the Board of Executive Directors and management at each level, in each functional area of the Company. In this way, the Authorisation Chart is clearly shown and those delegated are held responsible and accountable. The Company has established a mechanism of control to ensure strict compliance with the law. All legislation pertaining to the Company’s business has been compiled into a database and a staff member assigned to correct, complete and update this database at all times. A system of monitoring such compliance has also been set up, with each department reporting on its compliance with relevant legislation to the Legal Office on a quarterly basis. The compliance report must be submitted to the Board of Executive Directors’ meeting and the Audit Committee’s meeting for acknowledgement. The Company has instituted a number of standard management systems for its operations as follows: Certified Standards that are continuously maintained since they were originally Accredited: - ISO 9001:2008 quality management standards - ISO/TS 16949:2009 quality management standards for the automotive industry - TIS 17025-2548 (ISO/IEC 17025:2005) laboratory performance standards