Accountability & Audit

Financial Reporting

In a landmark decision testifying to our dedication to good corporate governance, we announce our interim and final results within one month after the end of the financial periods.

Moreover, the Board endeavors to ensure a balanced, clear and coherent assessment of the Company's position and prospects in annual reports, interim reports, inside information announcements, and other disclosures required under the Listing Rules and other statutory requirements.

Risk Management and Internal Controls

The Board has overall responsibility for the risk management and internal control systems of the Company, in addition to evaluate and determine the nature and extent of the risks it is willing to take in order to achieve the Company’s strategic objectives.  The Audit Committee supports the Board to oversee the effectiveness of our systems on an ongoing basis. 

Management is tasked with the design, implementation, and maintenance of a sound and effective risk management and internal control framework with reference to the COSO (Committee of Sponsoring Organizations of the Treadway Commission) principles, which is crucial in bringing corporate strategies to fruition and ensuring the sustainability of the Company. Like any others, our systems are designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss.

Risk Culture

The Board recognizes that a strong risk culture is essential for effective risk management and long-term sustainability. We foster a culture where risk awareness and accountability are embedded across different levels of the organization and aligned with our vision and mission. Risk considerations are integrated into our strategic planning, decision making, and daily operations of our business activities including leasing activities, and property management. 

Through ongoing training, open communication, clear policies and procedures, and regular assessments, we reinforce a proactive approach to risk management. These systematic actions enable us to navigate uncertainties with resilience and deliver sustainable value to our stakeholders.

Risk Appetite

The Board has overall responsibility for risk management, including determining the nature and extent of risks the Company is willing to take in pursuit of its strategic objectives. We embrace calculated risks that drive performance and support sustainable growth, while committing to the zero tolerance for unethical behavior. The Company has established a risk assessment matrix, approved by the board, to evaluate and prioritize risks in accordance with our defined risk appetite. Principal risks are reviewed and assessed at least annually to ensure that appropriate mitigation measures are in place and that overall risk exposure remains within appropriate and acceptable level.

Risk Management Framework

Our risk governance structure is guided by the “Three Lines Model.” As the first line functions, risk owners of all corporate departments and business units regularly conduct risk and control assessments in the day-to-day operations to evaluate the implications of respective risks identified and the adequacy and effectiveness of actions in place to mitigate these risks.

As the second line, specific functions are established to effectuate risk management and ensure the first line is performing properly. The responsibilities of these functions include but are not limited to financial controls, risk management, legal and compliance, as well as cost and quality measures. Under its approved terms of reference, the Enterprise Risk Management (“ERM”) Working Group (comprising our CEO as Chair and unit heads from major business units and support divisions) oversees risk management activities across all functions and makes a robust assessment of the principal risks and uncertainties that the Company is exposed to.

As the third line, the Internal Audit Department plays a crucial role in assessing the effectiveness of the risk management system, reports regularly to the Audit Committee on key findings, and provides recommendations for improving and tracking the implementation of such measures.

The Board and the Audit Committee reviewed the Company's principal and emerging risks and conducted an annual review of the effectiveness of the ERM framework. Taking into consideration principal risks and mitigation actions, the Board believes the Company has the ability to adequately respond to changes to our business and the external environment. 

Risk Management Process

The Company adopts a proactive risk management process which is fully integrated into our daily operations. This enables risk owners to identify, assess, treat, report and monitor significant risks arising from our business and the constantly changing business environment at different levels within the organization. This integrated approach combines a top-down strategic view with complementary bottom-up operational processes, as illustrated below:

A list of principal risks (including ESG-related risks), covering both strategic and operational risks as identified by our risk management process, is compiled with reference to their residual risk impact and likelihood (after considering mitigation actions and controls) as well as the Company's risk appetite. We review and assess the Company’s risk exposure at least annually and on an ad-hoc basis when there are significant changes to the risk factors or risk indicators. Risk ownership is assigned for each principal risk. The risk owners then coordinate and develop action plans to ensure the proper implementation of these mitigation actions. They are also required to continuously monitor, evaluate, and report on risks for which they bear responsibility. The ERM Working Group reviews and challenges the adequacy of mitigation actions. Relevant controls are also subject to internal audit review and testing.

Through this integrated top-down and bottom-up approach, which enables the identification and prioritization of risks throughout the Company, we maintain effective lines of communication to ensure timely escalation of potential risks and the initiation of mitigation actions to manage them. The Internal Audit Department performs independent and systematic assurance to evaluate the adequacy and proper functioning of the risk management process annually.

Internal Control Framework

The Board is responsible for maintaining an effective internal control system. Our internal control system monitors the Company's overall financial position and ensures it is accurately reflected in our financial and management reporting while safeguarding our assets against major losses and misappropriation; providing reasonable assurance against material fraud and error; and efficiently identifying and correcting non-compliance.

To ensure efficient and effective operations in our business units and functions, relevant internal control policies and procedures, committees, and working groups are in place to achieve, monitor, and enforce internal controls. These policies and procedures are periodically reviewed and updated when necessary. All employees are made aware of the policies and procedures, with comprehensive staff communications and training programs in place to ensure understanding and awareness.

The Audit Committee supports the Board to oversee the effectiveness of internal controls, while management is responsible for designing, implementing, and maintaining an effective internal control system with reference to the COSO principles. In particular, appropriate policies and procedures governing the activities of the Executive Committee, Directors, executives and senior staff, such as delegation of authority, approval of annual and mid-year budgets for all capital, revenue, and expenditure items, etc., have been put in place. Management also continually reviews, updates, and refines the internal control system to anticipate future challenges.

Our Internal Audit Department is independent of our operations and accounting functions. The Head of Corporate Audit reports directly to the Audit Committee. A risk-based internal audit plan is approved by the Audit Committee each year. Based on the audit plan, the Internal Auditor performs an assessment of risks and testing of controls across key business and support units of the Company annually in order to provide reasonable assurance that adequate controls and governance are in effect. In line with the Company’s zero tolerance for fraud and bribery, the Internal Auditor is responsible for the conduct of relevant investigations should fraud or irregularities be uncovered or suspected.

The Audit Committee meets quarterly to discuss internal audit issues with the Internal Auditor and to discuss financial and internal control matters with the External Auditor. The Audit Committee holds four direct discussions with the External Auditor in the absence of management every year. The Audit Committee reports any key issues arising from these meetings to the Board.

Hang Lung’s Tax Policy

Click HERE for details.