Annual Report 2018

83 年報 ANNUAL REPORT 2018 企業管治報告 CORPORATE GOVERNANCE REPORT 用於識別、評估和管理重大風險的程序 每年應舉行兩次風險評估會議，大約每半年一 次。本公司及或其附屬公司核心業務單位部門 主管根據面對不同風險所潛在的影響及可能性 評估風險，包括業務風險、財務風險、合規風 險和營運及其他風險。在舉行會議前，彼等填 寫是參考香港會計師公會發佈之「內部監控和 風險管理－基本框架」的指引而制定的風險評 估表。本公司董事會成員（主要是執行董事）及 其附屬公司核心業務單位╱部門管理層會參與 該等風險評估會議。該等會議的目的是分別出 重大的風險，並討論減輕風險的措施。此外， 在風險評估會議上將跟進上一次風險評估會議 內部監控措施的執行狀況和成效。 根據守則和本公司審核委員會的職權範圍書， 本集團每個核心業務單位╱部門之管理層將每 年就其業務單位╱部門的風險管理和內部監控 系統的有效性及足夠性，提供書面確認函予內 部核數師作進一步審閱、評論及建議，而其後 審核委員會將在呈交董事會前審閱該確認函。 內部核數師將根據各核心業務單位╱部門的風 險性質和程度進行進一步審查和建議。 Process to identify, evaluate and manage significant risks Two risk assessment meetings shall be held during each year, at approximately half year intervals. The heads of the core business units/departments of the Company and/or its subsidiaries assessed the risk level based on potential impact and likelihood of risks in different aspects including business risk, financial risk, compliance risk and operational and other risks that may be exposed to. They fill out the risk assessment form which was devised with reference to the guidance entitled “Internal Control and Risk Management – A Basic Framework” issued by Hong Kong Institute of Certified Public Accountants before the meetings are held. The Board members (mainly the executive Directors) together with the management of the core business units/ departments of the Company and/or its subsidiaries shall participate in the risk assessment meetings. The meetings aim to identify the material risks and to discuss the measures to manage risks. Besides, the status and e f f ec t i veness on imp l emen t a t i on o f i n t e rna l con t ro l measures taken after the last risk assessment meeting will be followed up in the risk assessment meetings. Subject to the Code and terms of reference of the audit committee of the Company, the management of each core business unit/department of the Group will provide the internal auditor with their written confirmation annually in relation to the effectiveness and adequacy of their risk management and internal control systems for further review, comment and recommendation and thereafter the audit committee will review the same prior to submission to the Board. The internal auditor will base on the nature and extent of the risks of each individual core business unit/ department to perform further review and recommendation.