Accountability & Audit

Financial Reporting

In a landmark decision testifying to our dedication to good corporate governance, we announce our interim and final results within one month after the end of the financial periods.
 
Moreover, the Board endeavors to ensure a balanced, clear and coherent assessment of the Company's position and prospects in annual reports, interim reports, inside information announcements, and other disclosures required under the Listing Rules and other statutory requirements.

 

Risk Management Framework

The Board has overall responsibility for risk management and for evaluating and determining the nature and extent of significant risks it is willing to take to achieve the Company's strategic objectives. The Audit Committee is delegated to oversee the effectiveness of our risk management system on an ongoing basis.  Management is tasked with the design, implementation, and maintenance of a sound and effective risk management framework with reference to the COSO (Committee of Sponsoring Organizations of the Treadway Commission) principles, which is crucial in bring corporate strategies to fruition and ensuring business sustainability.
 
Our risk governance structure is guided by the “Three Lines of Defense” model. As the first line of defense, risk owners of all corporate departments and business units conduct risk and control assessments on a regular basis to evaluate the implications of identified risks as well as the adequacy and effectiveness of controls in place to mitigate such risks.
 
As the second line of defense, specific functions are established to effectuate risk management and ensure the first line of defense is functioning properly. The responsibilities of these functions include but are not limited to risk management, financial controls, legal and compliance, cost and quality. Under its approved terms of reference, Enterprise Risk Management (“ERM”) Working Group (comprising our CEO as Chair and unit heads from all business units and support divisions) oversees risk management activities across all functions and it takes a robust assessment of the principal risks and uncertainties that the Company is exposed to.

The Internal Audit Department, as the third line of defense, plays an important role in assessing the effectiveness of the risk management system, and reports regularly to the Audit Committee on key findings as well as making recommendations for improvement and tracking the implementation of such measures.

The Board and Audit Committee reviewed the Company's top and emerging risks and conducted the annual review of the effectiveness of the ERM framework.  Taking into consideration the principal risks and mitigating actions, the Board believes that the Company has the ability to adequately respond to changes to our business and the external environment.

The Company takes proactive measures to identify, evaluate, and manage significant risks arising from our business and from the constantly changing business environment at different levels within the organization.  This integrated approach combines top-down strategic view with complementary bottom-up operational process as illustrated below:

A list of principal risks, covering both strategic and operational risks as identified by our risk assessment process, is complied with reference to their residual risk impact and likelihood (after taking into consideration mitigation measures and controls).  Action plans are developed, and risk ownership is assigned for each principal risk.  The risk owners coordinate the mitigation measures to ensure proper implementation of these action plans. They are also required to continuously monitor, evaluate, and report on risks for which they bear responsibility.  Mitigation controls are subject to internal audit review and testing.

Through this integrated top-down and bottom-up risk review processes, which enables risks identification and prioritization throughout the Company, we maintain effective lines of communication to ensure timely escalation of potential risks and initiation of mitigating actions to manage them.

Internal Control Framework

The Board is responsible for maintaining an effective internal control system. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material misstatement or loss.
 
Specifically, our internal control system monitors the Company's overall financial position and ensures it is accurately reflected in its financial and management reporting; safeguards its assets against major losses and misappropriation; provides reasonable assurance against material fraud and error; and efficiently identifies and corrects non-compliance.
 
The Audit Committee is delegated to oversee the effectiveness of internal controls, while management is responsible for designing, implementing, and maintaining an effective internal control system with reference to the COSO principles. In particular, proper policies and procedures governing the activities of the Executive Committee, Board Members, executives and senior staff, such as delegation of authority, approval of annual and mid-year budgets for all capital, revenue, and expenditure items, etc., have been put in place.  Management also continuously reviews, updates, and refines the internal control system to anticipate future challenges.
 
Our Internal Audit Department is independent from our operations and accounting functions.  The Deputy Director (Head of Corporate Audit) reports directly to the Audit Committee.
 
A risk-based internal audit program is approved by the Audit Committee each year.  Based on the audit program, the Internal Auditor performs assessment of risks and testing of controls across all business and supports units of the Company in order to provide reasonable assurance that adequate controls and governance are in effect.  In line with the Company’s zero tolerance for fraud and bribery, the Internal Auditor is responsible for the conduct of relevant investigations should fraud or irregularities be uncovered or suspected.

The Audit Committee meets quarterly to discuss internal audit issues with the Internal Auditor, as well as to discuss financial and internal control matters with the External Auditor. The Audit Committee holds four direct discussions with the External Auditor in the absence of management every year, thereby exceeding the requirements of the Corporate Governance Code.

Select and copy the link below:

Select and copy the link below:

Copied to clipboard