Q. RISK MANAGEMENT AND INTERNAL CONTROL
Where an issuer includes the board's statement that it has conducted a review of its risk management and internal control systems in the annual report under code provision C.2.1, it must disclose the following:
(a) whether the issuer has an internal audit function;
(b) how often the risk management and internal control systems are reviewed, the period covered, and where an issuer has not conducted a review during the year, an explanation why not; and
(c) a statement that a review of the effectiveness of the risk management and internal control systems has been conducted and whether the issuer considers them effective and adequate.