Annual Report 2019

FAR EAST CONSORTIUM INTERNATIONAL LIMITED 140 CORPORATE GOVERNANCE REPORT Risk governance structure The Group has established an enterprise risk management structure in line with the “Three Lines of Defense” model that defines the three layers of roles and responsibilities of oversight, risk monitoring and review, and risk and control ownership. • Internal Audit audit committee/ internal audit 3rd line of Defense: Oversight • Quality and risk management • Financial control • Compliance Senior management/ Risk management function 2nd line of Defense: Risk monitoring and review • Policy and procedures • Internal controls Business Units 1st line of Defense: Risk and control ownership External Audit The Group’s business and functional units are the first line of defense and are responsible for the day-to-day risk management and control processes. The second line of defense is led by a designated risk management taskforce responsible for the design, implementation and monitoring of the risk management system, and provide confirmation to the Audit Committee on the effectiveness of risk management. The third line of defense comprises the Audit Committee and the Group’ outsourced internal auditor who is responsible for the independent assessment of the effectiveness of our risk management and internal control systems. The external auditor of the Group further complements the third line of defense by independently auditing material internal controls over the Group’s financial reporting processes. Both the internal auditor and the external auditor would report on material control weakness to the Audit Committee on a regular basis.