Annual Report 2020

063 Corporate Governance Report Miramar Hotel and Investment Company, Limited Annual Report 2020 • Connected Transactions Policy provides a clear guideline to employees for handling connected transactions in order to comply with the Listing Rules requirements. • Code of Conduct stipulates the Group policy on matters of personal conduct and relationships. • Approval Authority sets clear authority limits on business decision and daily operations. • Operational Policies and Procedures are set in respect of each business and functional units to provide guidelines on daily operations within the corporate governance framework. During the year, the group has strengthened some of the key controls to cope with the change of regulatory requirements and operational environment. 2nd Line of Defence — Risk Management and Corporate Services Risk Management and Corporate Services Department (“RM&CS”) has direct access to the management and Audit Committee. The key functions include: • Establish and maintain appropriate and effective risk management system to facilitate business and functional units to continuously identify, evaluate and monitor risks to help achieve business objectives; • Support management in assessing and responding to emerging risks; • Lead in modifying control procedures to deal with identified and/or potential irregularities at the business and functional units; • Assist in developing and updating policies and procedures to ensure that key control and monitoring procedures over compliance and risk management have been integrated into daily operations; and • Report key risks and advise on mitigating strategies to the management and Audit Committee on a regular basis. With reference to the globally recognized risk management framework, COSO ERM and ISO 31000, the Group’s risk management process includes risk identification, risk assessment, risk treatment and risk monitoring, which is continuously and consistently applied across the Group involving communication and consultation with different stakeholders. An integrated top- down and bottom-up approach is adopted in the whole risk management process, to provide a more comprehensive view from both management and operation levels. The risk management process is designed to manage and monitor the risks, but not eliminate all risks.