Annual Report 2021

062 Corporate Governance Report Annual Report 2021 Miramar Hotel and Investment Company, Limited Risk Management and Internal Control Effective risk management is an essential and integral part of the Group’s effort at achieving strategic objectives and sustainable development. Our risk management takes a holistic approach, blending seamlessly into business strategy, and operational and financial management. The management continuously implements, reviews and updates risk management directives to cope with the fast-changing environment, and regularly reports on implementation activities to the board who oversees the risk management team to ensure robust risk management framework and effective systems are in place to identify, evaluate and manage key risks faced by the Group. Throughout 2021, key risks and its momentum have been reported to the Board and there were no matters of concern identified in the financial, operational and compliance controls which might have significant impact to the Group. The existing risk management and internal control systems remain appropriate and effective. Our risk management framework is guided by the model of “Three Lines of Defence” as follows: Our risk management and internal control framework is integrated into daily operations and continuously applied under cycles of review, implementation, monitoring, and updating. During the year, there were no changes to the adopted framework but improvements have been made to ensure effectiveness of risk management activities. Details can be found in below sections. 1st Line of Defence — Operational Management and Internal Controls Key internal control activities are integrated into daily operations with clear policies and procedures on governance, risk management and compliance. The policies and procedures are reviewed and updated on a regular basis to ensure their effectiveness, which are shared with our employees through posting to the intranet and comprehensive on-site training. Key Group Policies and Procedures that apply to all employees: • Whistleblowing Policy provides a proper reporting channel for employees to raise genuine concerns about malpractice or suspected wrongdoing. • Inside Information Policy ensures inside information of the Group is to be kept in strict confidence or otherwise disseminated to the public in a timely manner in accordance with the applicable laws and regulations. Monitor and Review Implement Board of Directors / Regulators / External Audit Management Audit Committee 1 st Line of Defence 2 nd Line of Defence 3 rd Line of Defence Risk Management / Compliance & Corporate Control Internal Audit Business Units / Functions Units Develop Update or