Annual Report 2024

China Merchants China Direct Investments Limited Annual Report 2024 73 CORPORATE GOVERNANCE REPORT (CONTINUED) RISK MANAGEMENT AND INTERNAL CONTROL (CONTINUED) Risk Assessment Methodology The Company’s methodology for its risk assessment comprises four core stages (i.e. Risk Identification, Risk Assessment, Risk Responses, and Risk Monitoring and Reporting). These processes are performed at least once a year to address changes in the Company’s business environment. Review on Effectiveness of Risk Management and Internal Control Systems The Board has conducted an annual review on the effectiveness of risk management and internal control systems, covering all material controls such as financial, operational and compliance controls. In addition, the Board has appointed an international accountancy firm to review the internal control systems of the Company on an ongoing basis. The review covered all material controls, including financial, operational and compliance controls, as well as risk management functions. Board’s Responsibility The Board has the overall responsibility to ensure that effective and sound risk management and internal control systems are maintained, while management is responsible for designing and implementing an internal control system to manage risks, including environmental, social and governance (ESG) risks. The Board is also responsible for reviewing the effectiveness of the Company’s risk management and internal control systems. The risk management and internal control systems can provide reasonable and not absolute assurance against material misstatement or loss, and are designed to manage rather than eliminate the risk of failure in the process of attaining business objectives. Based on the results of the annual review, the Board is satisfied and confident with the effectiveness of risk management and internal control systems currently put in place for the Company. Communication of Risk Events Where risk events, including ESG risks, arise, our communications, both within the Company and to external parties, are an integral part of the risk management system. To enable the Company to make the appropriate decisions and responses to mitigate or address any risk event, relevant information on the incident needs to be communicated by and to the right functions and individuals, completely and accurately, and in a timely manner. With respect to procedures and internal controls for handling and dissemination of inside information, the Company: ‧ has set out written policies and procedures in relation to the handling of inside information under the regulatory requirements of Hong Kong, including but not limited to maintenance of confidentiality, prohibition of insider dealings by the management; ‧ is aware of its obligation under the Listing Rules;