SASKENERGY 2017-18 ANNUAL REPORT
its systems, build controls and conducts investigations. SaskEnergy has proactive continuous monitoring of its systems in order to identify and address malicious activity, as well as potential or emerging threats. INTEGRITY OF INTERNAL CONTROLS AND MANAGEMENT SYSTEMS The Board and the Audit and Finance Committee receive reports from, and work closely with, internal and external auditors to promote financial transparency and ensure the integrity, effectiveness and adequacy of SaskEnergy’s internal controls and management information systems. As part of the Corporation’s commitment to accountability, the Audit and Finance Committee reviews the financial performance of the Corporation quarterly. Natural gas purchase transactions and credit risk are reported by management and actively monitored by the Committee. Pursuant to the directive of CIC, SaskEnergy has a process in place regarding internal controls certification by the CEO and CFO. This process is designed to provide reasonable assurance regarding the effectiveness of SaskEnergy’s internal controls over financial reporting. SaskEnergy’s financial statements are prepared in accordance with International Financial Reporting Standards (IFRS). As part of the March 31 year- end audit, the external auditors have provided an opinion that the Corporation’s financial statements have been prepared in accordance with IFRS. The Board oversees the annual external audit plan of the appointed external auditor for the audit of the Corporation’s annual financial statements, and the annual internal audit plan carried out by SaskEnergy’s internal audit group. To preserve the independence of the role of the external auditors, the Audit and Finance Committee must pre-approve all non-audit services undertaken by the external auditor in accordance with the Corporation’s Non-Audit Services Policy.
CIC’s Protocol Regarding Lawyers Serving on Subsidiary Crown Corporation Boards of Directors will recuse themselves from consideration of any item creating a potential conflict of interest. This reporting period there were no waivers granted by the Board to any Directors or Officers authorizing non-compliance with these policies. RISK IDENTIFICATION AND MANAGEMENT SaskEnergy has a formal Enterprise Risk Management Policy that was developed by management and approved by the Board of Directors. SaskEnergy’s risk management process is designed to identify potential events that may impact SaskEnergy and manage the risk presented within accepted tolerance levels. Senior management holds primary responsibility for identifying inherent risks, and for designing and implementing mitigation initiatives. The Board expects management to use appropriate controls to manage risk and delegate responsibility and authority as required. Each year, the Board and senior management independently follow a process led by Internal Audit to identify and prioritize significant risks. The Director of Audit Services prepares a report summarizing the independent risk assessments completed by the Board and management. This report is discussed at a Board meeting where senior management and the Board align on corporate risks and the plans to mitigate or manage the residual risks. Through the Business Plan, the Corporation implements plans to address the key risks. The Board monitors the risk management programs and oversees the implementation of appropriate systems to manage identified risks either directly, or through the Audit and Finance Committee. The Audit and Finance Committee regularly reviews the Audit Services reports and discusses significant risk areas with the internal and external auditors. CYBER SECURITY RISK SaskEnergy relies on its information and operations technology systems to safely operate corporate assets. These systems are subject to cyber security risks. Cyber security risks include but are not limited to targeted attacks, exposure to computer viruses and breaches of corporate information and technology systems by internal or external parties. A cyber security event could expose the Corporation to loss or misuse of critical data and information leading to property damage, disruptions to its operations, loss of confidentiality and financial or reputational losses. In order to manage cyber risk, SaskEnergy has developed a cyber security strategy whereby the Corporation tests
84
Made with FlippingBook Ebook Creator