71
(5) Internal control system
Realizing the importance of internal control at every level, the BoG has strongly supported management in setting up
transparent working processes considering the segregation of duty, checks and balances, and controls as well as establishing a
monitoring system to ensure that management’s corrective actions were implemented. In addition, delegation of authority has been
clearly determined and documented. The BoG appointed an Audit Committee to supervise and review SET’s internal control system
to ensure conformity with international standards. The Internal Audit Department is an independent function that reports directly to
the Audit Committee on audit matters and to the president on administrative matters. The Audit Committee is subject to approval,
removal or dismissal and evaluates the Head of the Internal Audit Department.
The Internal Control is an independent unit to assess information needed for auditing, and audits and evaluates the
adequacy and effectiveness of the internal control systems according to SET’s audit plan, which was developed using a risk-based
approach. The audit findings and reports on following the audit findings have been directly reported to the Audit Committee.
In 2012, SET’s operations and activities supported SET’s internal audit system development and internal auditing to be
more effective, as follows:
• SET developed a new system for investors to trade more easily and effectively. SET emphasizes system development
that meets international standards, with continuous testing and pre-implementation reviewing by SET’s Internal Audit Department
to ensure a smooth launch. On September 3, 2012, SET launched its new trading system (SET CONNECT) successfully.
• SET reviewed and revised its security policies to keep up with the changing surroundings, IT usage, and ISO/
international standards to set guidelines to enable computer systems to continue to operate effectively and safely. In addition, SET
will become ISO/IEC27001-certified within 2013.
• The Internal Audit Department has implemented continuous auditing, increasing the frequency of auditing, number
of samples and variety of projects to support SET’s operation more effectively.
• The Internal Audit Department has continuously developed the quality of its work by attending training and
development courses and improving its staff’s IT audit skills e.g., using web applications and penetration testing and visiting other
exchanges.
• SET requires for a quality assessment reviewed by an external evaluator every five years. In 2012, the Internal Audit
Department improved its planning and auditing process along with implementing suggestions from the external independent
evaluator in 2011.
Based on internal audit results, as well as the importance of projects audited, the Audit Committee views that SET’s
overall internal control systems have functioned adequately, appropriately and satisfactorily.
(The details are in the Audit
Committee report)
(6) Risk Management
The BoG emphasizes the importance of systematic risk management. The BoG is responsible for designating policies
and a framework of risk management for the organization and appointing the Risk Management Committee (RMC). The RMC,
comprised of experts and experienced in risk management, advises and recommends management to ensure that SET’s risk
management process is in line with policies and international standards, and includes all enterprise-wide significant risks. In
addition, the RMC advises on clearing risk of derivatives and securities of Thailand Clearing House (TCH) to give the BoG an
overall view of risk exposure and management of SET as a whole. SET has managed the key corporate risks in these areas:
1...,63,64,65,66,67,68,69,70,71,72 74,75,76,77,78,79,80,81,82,83,...156