The Privatisation and Corporatisation Board (PCB) has directed all state-owned enterprises to strengthen their internal audit and risk management functions, in a move aimed at reinforcing accountability and improving corporate governance.
The decision was taken at the board’s 30th meeting and applies to government-owned companies, their subsidiaries and state-run commercial entities. Under the directive, enterprises must confirm the existence of a risk management function, either as an independent unit or integrated within the internal audit department, and establish one immediately if it does not already exist.
The PCB emphasised the importance of conducting needs assessments to determine staffing requirements, instructing companies to prioritise the recruitment of technically skilled personnel capable of carrying out operational responsibilities, rather than focusing on management-level appointments.
To enhance transparency, companies have been instructed to regularly share procurement data, quarterly financial statements and related documentation with their internal audit teams.
The directive also requires existing audit bodies to be renamed as ‘Audit and Risk Committees’. Annual compliance reviews must be conducted to assess adherence to PCB instructions, with findings submitted to company boards to support institutional improvements and strengthen governance practices.
The PCB has set a deadline of 31 January 2026 for the full implementation of all structural and procedural changes outlined in the directive.