Sustainability Report 2017

21 Internal Control and Risk Management Structure of internal control and risk management Internal Control The BoG has assigned the Audit Committee to be responsible for supervision and examination of the internal audit system to ensure efficiency and transparency. The Internal Audit Department, an independent department, is designated to constantly review risk management plans and monitor progress and report to the Audit Committee. In 2017, there were important operations as follows: The SET Board of Governors (BoG) realizes the importance of the internal control as a key mechanism to reduce operational risks. Therefore, the SET BoG ensures that the SET internal control and risk management are in accordance with the international standards of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). BoG Risk Management Committee Audit Committee Internal Audit Department President Risk Management Department Divisions / Groups / Departments • SET reviewed and tested computer systems prior to the actual implementation of FundConnext and LIVE platform to ensure the compliance with the ISO 27001 information security management system and the ISO 20000 information technology service management system. • SET carried out the Quality Assessment Review (QAR), based on the International Professional Practices Framework. The Internal Audit Department conducts peer review assessment every year and hires external independent appraisers every five years to ensure the quality of the internal control system in line with international standards.