Annual Report 2019

ANNUAL REPORT 2019 141 CORPORATE GOVERNANCE REPORT Risk management process 01 Risk Identification 02 Risk Assessment and Prioritization 03 Risk Owner Appointment 04 Risk Treatment 05 Upward Reporting and Monitoring The Group has established the risk management process that includes risk identification, risk assessment and prioritization, risk owner appointment, risk treatment and upward reporting and monitoring of identified risks to the Group and the Audit Committee. Management’s input on changes of risk exposures across the business lines was solicited through a structured risk identification and update questionnaire to refresh the Group’s risk universe. Identified risks were further assessed and evaluated by a scale rating process by management across the business lines to evaluate their impact to the Group and likelihood of their occurrence as a result of changes in internal and external factors, future events or otherwise. The risks were then prioritized based on the evaluation results and further interviews with senior management for confirmation. The top risks of the Group, as well as whether these risks are being effectively managed; and if not, the need for establishing further actions, were reported through the risk management report. A corporate risk register has also been complied to track and document the identified risks, risk owners, mitigating actions and control measures, and facilitates continuous update of risk treatments.