Annual Report 2021

063 Corporate Governance Report Miramar Hotel and Investment Company, Limited Annual Report 2021 • Connected Transactions Policy provides a clear guideline to employees for handling connected transactions in order to comply with the Listing Rules requirements. • Code of Conduct stipulates the Group policy on matters of personal conduct and relationships. • Approval Authority sets clear authority limits on business decision and daily operations. • Operational Policies and Procedures are set in respect of each business and functional unit to provide guidelines on daily operations within the corporate governance framework. During the year, the Group has strengthened some of the key controls to cope with the changes in regulatory requirements and operational environment. 2nd Line of Defence — Risk Management and Corporate Services Risk Management and Corporate Services Department (“RM&CS”) has direct access to the management and Audit Committee. The key functions include: • Establish and maintain an appropriate and effective risk management system to continuously identify, evaluate and monitor risks with a view to helping business and functional units achieve business objectives; • Support management in assessing and responding to emerging risks; • Lead in modifying control procedures to deal with identified and/or potential irregularities at the business and functional units; • Assist in developing and updating policies and procedures to ensure that key control and monitoring procedures over compliance and risk management have been integrated into daily operations; and • Report key risks and advise on mitigating strategies to the management and Audit Committee on a regular basis. With reference to the globally recognized risk management framework, COSO ERM and ISO 31000, the Group’s risk management process includes risk identification, risk assessment, risk treatment and risk monitoring, which is continuously and consistently applied across the Group involving communication and consultation with the various stakeholders. An integrated top- down and bottom-up approach is adopted in the whole risk management process, to afford a more comprehensive view into every level of managemen t and ope r a t i ons . The r i sk management process is designed to manage and monitor the risks, but not eliminate all risks. Context Establishment ・ Risk Criteria Review Risk Identification & Assessment ・ Risk Workshop ・ Risk Profiling Monitoring & Review ・ Key Risk Indicator ・ Risk Alert ・ Audit Review Risk Treatment ・ Business Continuity Management ・ Policies and Procedures ・ Crisis Management Communication and Consultation