The consolidated and Agency financial statements of National Asset Management Agency ('NAMA') are prepared within a governance framework established by NAMA. The NAMA Board ('the Board') and committees established by the Board are responsible for the monitoring and governance oversight of all NAMA Group entities.

The results presented are for the year ended 31 December 2012, with comparative results for the year ended 31 December 2011.

Responsibility for System of Internal Financial Control

The Board acknowledges its responsibilities for NAMA's system of internal financial control. This system can provide only reasonable and not absolute assurance that assets are safeguarded, transactions are authorised and properly recorded, and that material errors or irregularities are either prevented or would be detected in a timely period.

Financial Control Environment

The National Asset Management Agency Act 2009 (the 'Act') provides that the functions of the Board are:

1. To ensure that the functions of NAMA are performed effectively and efficiently;
2. To set the strategic objectives and targets for NAMA;
3. To ensure that appropriate systems and procedures are in place to achieve NAMA's strategic objectives and targets and to take all reasonable steps available to it to achieve those targets and objectives.

The Act provides that the Chief Executive Officer shall manage and control generally the administration and business of NAMA and the staff assigned to it and shall perform any other function conferred on him by the Board. The Chief Executive Officer is also the accountable person for the purposes of the Comptroller and Auditor General (Amendment) Act 1993.

The Board has four statutory committees to oversee the operations of NAMA and its Senior Executive Team; an Audit Committee, a Risk Management Committee, a Credit Committee and a Finance and Operating Committee. The Board has agreed formal terms of reference for its statutory sub-committees which are subject to regular review. The Board has delegated certain credit decisions to the Credit Committee and Senior Executive Team through the Asset Management Delegated Authority Policy and the Asset Recovery Delegated Authority Policy. The Board has also delegated the management of certain aspects of its balance sheet and treasury policies to the Risk Management Committee and Senior Executive Team.

The Board has adopted the Code of Practice for the Governance of State Bodies (2009) adapted in some instances to take account of NAMA's particular governance framework and the statutory requirements of the Act and has established a Governance framework.

The Audit Committee operates in accordance with the principles outlined in the Code of Practice for the Governance of State Bodies. Its responsibilities include the overseeing of the financial reporting process, reviewing the system of internal control and reviewing the internal and external audit processes.

NAMA has adopted the National Treasury Management Agency's ('NTMA') Anti-Fraud policy. Under this policy the Audit Committee is to be advised of all reports of fraud or suspected fraud. NAMA has also adopted an NTMA-wide Good Faith Reporting Policy.

NAMA has a Senior Executive Team which is responsible for the management of the business of NAMA. Management responsibility, authority and accountability has been formally defined and agreed with the Board.

Codes of Practice have been agreed with the Minister for Finance in accordance with section 35 of the Act, including inter alia a Code setting out standards expected of the officers of NAMA.

NAMA depends to a significant degree on the controls operated by a number of third parties including the NTMA, Capita Asset Services ('Capita') and the Participating Institutions. In this regard the following should be noted:

• The NTMA has a well-developed system of internal control and any shared services provided to NAMA are provided within this existing control framework.
• NAMA has established procedures with both Capita and the Participating Institutions for the reporting of incidents, including control failures and escalation procedures.
• NAMA has sought and received assurances from NTMA, Capita and the Participating Institutions that they have reviewed their systems of internal financial control in relation to NAMA loans.

During the year, NAMA identified a compliance breach in respect of a transaction involving one of its former officers. Upon identification of this matter, NAMA requested its Internal Auditors to undertake an independent investigation into the matter and NAMA published the findings of the Internal Auditors investigation, which included a number of recommendations that have been implemented by NAMA. Separately, NAMA became aware of a data confidentiality breach and took civil law proceedings to ascertain the extent of the breach and mitigate its effects. NAMA reported the matter to An Garda Síochána.

Risk Assessment

The Risk Management Committee is responsible for overseeing the implementation of the Board approved risk policies and tolerance levels. The Risk Management Committee ensures that risk is managed effectively and efficiently to achieve an overall commercial outcome in accordance with the Act. The Risk Management Committee has established reporting mechanisms to monitor and review key risks and mitigation strategies and ensures that those risks operate within Board approved limits.

A Risk Register is maintained which identifies and categorises risks which may prevent NAMA from achieving its objectives and assesses the impact and likelihood of various risk events across the organisation and its operating environment. On the basis of the risks identified, actions are agreed to manage and mitigate these risks. The Risk Register is reviewed by the Risk Management Committee on a quarterly basis, and by the Board on a bi-annual basis, and the Senior Executive Team is required to attest to the operation of controls that have been agreed to manage or mitigate risks.

Both Capita and each of the Participating Institutions have submitted individual Risk Registers, in line with standard templates agreed with NAMA. These Risk Registers have been reviewed by the NAMA Audit and Risk function and the Risk Management Committee.

Key Internal Financial Control Processes

NAMA has developed policies and procedures in respect of the key aspects of the administration and management of its business. These policies and procedures have continued to be defined and enhanced as NAMA has developed.

NAMA has established a financial reporting framework to support its monthly, quarterly and annual financial reporting and for the preparation of consolidated and Agency financial statements which incorporates the processes and controls described in this statement.

While significant progress has been made in this area, NAMA continues to implement further improvements to its management information systems in order to facilitate further enhanced reporting to the Board, Finance and Operating Committee and Senior Executive Team on its performance.

The Credit Committee is responsible for making credit decisions within its delegated authority from the Board. These include inter alia the approval of debtor asset management / debt reduction strategies, advancement of new money, approval of asset / loan disposals, the setting and approval of repayment terms, property management decisions and decisions to take enforcement action where necessary. The Credit Committee also reviews and makes recommendations to the Board in relation to specific credit requests where authority rests with the Board. It is also responsible for evaluating Asset Recovery policies for ultimate Board approval and provides an oversight role in terms of substantial credit decisions made below the delegated authority level of the Credit Committee. Finally, the Credit Committee reviews Management Information prepared by the Asset Recovery function in respect of NAMA's portfolio.

NAMA has an established procurement policy. The procurement requirements of NAMA are carried out in accordance with the procurement policy, relevant procurement legislation and internal best practice guidelines. NAMA is subject to EU Directive 2004/18/EC as implemented in Ireland by the European Communities (Award of Public Authorities' Contracts) Regulations 2006 (the 'Regulations'), in respect of the procurement of goods, works and services above certain value thresholds set by the EU. Where the Regulations do not apply – either because the value of the procurement is below the EU thresholds or falls outside of the Regulations – NAMA adopts a competitive process designed to obtain the best value for money that can be achieved.

NAMA exercises control over major system implementations and follows a structured project approach for projects undertaken. During 2012, NAMA achieved significant milestones in the ongoing implementation of its core systems, including the Portfolio Management System and Document Management System which have been designed to provide information for the management of NAMA's debtors and for the recording and management of NAMA documents.

Information and Communication

The Finance and Operating Committee monitors the financial and operational management of NAMA and its management reporting and budgeting, including the preparation of annual budgets. An assessment of actual to budget is reported quarterly to the Finance and Operating Committee. The Financial and Operating Committee monitors the development and implementation of NAMA's information systems including the Portfolio Management System and the Document Management System.

NAMA presents monthly, quarterly and annual financial and performance information to the Finance and Operating Committee and Board and presents quarterly and annual financial and performance information to the Minister.

In addition, NAMA provides monthly management information to the Senior Executive Team, the Finance and Operating Committee and the Board on the performance of debtors and the loan portfolio.

Monitoring

NAMA appointed Deloitte as Internal Auditors in August 2010. The Internal Auditor has established an internal audit function, which operates in accordance with the Code of Practice for the Governance of State Bodies. An internal audit plan for 2012 was approved by the Audit Committee. In accordance with this plan, the Internal Auditor has carried out a number of audits of controls in operation in NAMA, Capita and the Participating Institutions. The Internal Auditor reports its findings directly to the Audit Committee. These reports highlight deficiencies or weaknesses, if any, in the systems of internal control and recommend corrective measures to be taken where deemed necessary. The Audit Committee receives updates, on a regular basis, on the status of the issues raised by the Internal and External Auditors and follows-up with NAMA management to ensure appropriate and timely action is being taken in respect of issues raised.

NAMA has established processes to monitor the performance of both the Participating Institutions and Capita, including monthly service reports, regular service reviews (including quality assurance of credit decisions taken under delegated authority) and the establishment of Steering Committees and Credit Review Forums. Steering Committees have been established for each of the Participating Institutions and Capita, and meet on a regular basis to review performance and operational issues. The performance of the loan book managed by the Participating Institutions is reviewed by NAMA via periodic Credit Review Forums and NAMA participation in the Credit Committees of the Participating Institutions. A Quality Assurance Framework has also been implemented by NAMA to review the management of Participating Institution Managed Debtors on an ongoing basis in accordance with the authorities delegated to them by NAMA.

In addition, the activities of the Participating Institutions and Capita are subject to audit by NAMA's internal and external auditors.

The Board's monitoring of the effectiveness of internal control includes the review and consideration of regular reporting to the Board by the Audit Committee (which oversees the work of the Internal Auditor), Risk Management Committee, Credit Committee, Finance and Operating Committee, the Head of Audit and Risk and the Senior Executive Team.

Annual Review of Controls

We confirm that the Board has reviewed the effectiveness of NAMA's system of internal financial control for the year ended 31 December 2012. A detailed review was performed by the Audit Committee, which reported its findings to the Board. The review of the effectiveness of the system of internal financial control included:

• Review and consideration of the work programme of the Internal Auditor and consideration of its reports and findings.
• Review of internal financial control issues identified by the Comptroller and Auditor General in his work as external auditor.
• Review of regular reporting from the Internal Auditor on the status of the internal financial control environment and the status of issues raised previously from their own reports and matters raised by the Comptroller and Auditor General. There is also follow-up with NAMA management to ensure appropriate and timely action is being taken in respect of issues raised.
• Review of letters of assurance received from the NTMA, Capita and the Participating Institutions in respect of the operation of their systems of internal financial control during the year.
• Review of control assurance statements completed by NAMA's Senior Executive Team and Senior Management in respect of the effectiveness of the system of internal financial control during the year.

30 April 2013