1 60 Table of Contents 62 188

Annual Report 2019

Corporate Governance Report 059 Miramar Hotel and Investment Company, Limited Annual Report 2019 • Code of Conduct stipulates the Group policy on matters of personal conduct and relationships. • Approval Authority sets clear authority limits on business decision and daily operations. • Operational Policies and Procedures are set in each business and functional units to provide guidelines on daily operations within the corporate governance framework. 2nd Line of Defence — Risk Management and Corporate Services Risk Management and Corporate Services Department (“RM&CS”) has direct access to the management and Audit Committee. The key functions include: • Establish and maintain appropriate and effective risk management system to facilitate business and functional units to continuously identify, evaluate and monitor risks to business objectives; • Support management in assessing and responding to emerging risks; • Lead in modifying control procedures in dealing with identified and/or potential irregularities at the business and functional units; • Assist in developing and updating policies and procedures to ensure that key control and monitoring procedures over compliance and risk management have been integrated into the daily operations; and • Report key risks and advise on mitigating strategies to the management and Audit Committee on a regular basis. With reference to the globally recognized risk management framework, COSO ERM and ISO 31000, the Group’s risk management process included risk identification, risk assessment, risk treatment and risk monitoring, which is continuously and consistently applied across the Group involving communication and consultation with different stakeholders. An integrated top-down and bottom-up approach is adopted in the whole risk management process, to provide a more comprehensive view from both management and operation levels. The risk management process is designed to manage and monitor the risks, but not eliminate all risks. Communication and Consultation Context Establishment ・ Risk Criteria Review Risk Identification & Assessment ・ Risk Workshop ・ Risk Profiling Risk Treatment ・ Business Continuity Management ・ Polices and Procedures ・ Crisis Management Monitoring & Review ・ Key Risk Indicator ・ Risk Alert ・ Audit Review

RkJQdWJsaXNoZXIy NTk2Nzg=