Annual Report 2020

065 Corporate Governance Report Miramar Hotel and Investment Company, Limited Annual Report 2020 3rd Line of Defence — Internal Audit The Internal Audit Department, reporting directly and independently to the Audit Committee, is responsible for carrying out analysis and independent appraisal on adequacy and effectiveness of internal control and risk management systems in accordance with its approved risk-based audit plan. Internal Audit periodically reports key findings and recommendations to Audit Committee and follows up on the implementation of its recommendations. The objective is to ensure that all material controls are in place and functioning effectively. During the year under review, Internal Audit has undertaken to provide the management with assurance that the Group’s business operations and risk management practices complied with international and professional standards. With reference to the COSO (The Committee of Sponsoring Organizations of the Treadway Commission) internal control and risk management framework, the Group has conducted an assessment of the risk management and internal control systems against the five elements of COSO, namely control environment, risk assessment, control activities, information & communication and monitoring. Audit Committee and the Management The Board has overall responsibility for the system of risk management and internal controls of the Group and has reviewed their effectiveness. Our Board has delegated the responsibility for overseeing overall risk management and internal control systems to the Audit Committee. The Audit Committee receives regular reports from Internal Audit Department and Risk Management & Corporate Services Department. The reports include key activities conducted and issues that arose during the period covered. The Audit Committee and the management regularly discuss the nature and impact of the issues and risks to see whether appropriate mitigation measures are in place and whether further action is needed. The management is tasked with ensuring adequate resources to support implementation of the decisions. Annually, the management would confirm to the Board on the status of risk management and internal control systems in respect of their effectiveness, design, implementation and monitoring. Like any others, our systems could only provide reasonable but not absolute assurance against material misstatement, misstep or loss. The Audit Committee has reviewed the financial results of the Group for the year ended 31 December 2020 and discussed with the Assistant Director of Audit, Risk & Corporate Services and independent external auditors regarding matters on auditing, internal control, risk management and financial reporting of the Group. Risk Identification Risk Monitoring & Risk Treatment Escalation Procedures Corporate Key Risks High Velocity Risks Key Risk Indicators and Risk Alerts Closely Monitoring and Immediate Actions Crisis Management Committee Crisis