Annual Report 2020

CORPORATE GOVERNANCE REPORT 企業管治報告 68 SHOUGANG CONCORD CENTURY HOLDINGS LIMITED 首長寶佳集團有限公司 用於識別、評估和管理重大風險的程序 於本年度舉行了兩次風險評估會議，大約每半 年一次。本公司及╱或其附屬公司核心業務單 位╱部門主管根據面對不同風險所潛在的影 響及可能性評估風險，包括業務風險、財務風 險、合規風險和營運及其他風險。在舉行會議 前，彼等填寫是參考香港會計師公會發佈之 「內部監控和風險管理－基本框架」的指引而 制定的風險評估表。本公司及╱或其附屬公司 核心業務單位╱部門管理層已參與該等風險 評估會議。該等會議的目的是分別出重大的風 險，並討論減輕風險的措施。此外，在風險評 估會議上會跟進上一次風險評估會議內部監控 措施的執行狀況和成效。 根據守則和本公司審核委員會的職權範圍書， 本集團每個核心業務單位╱部門之管理層每年 就其業務單位╱部門的風險管理和內部監控系 統的有效性及足夠性，向內部核數師提供書面 確認函作進一步審閱、評論及建議，而其後審 核委員會將在呈交董事會前審閱該確認函。內 部核數師將根據各核心業務單位╱部門的風險 性質和程度進行進一步審查和建議。 除了上述評估程序外，管理層在每月會議上匯 報及討論本集團需面對及監控之現有風險和潛 在風險以及本集團現金流量的情況。 Process to identify, evaluate and manage significant risks Two risk assessment meetings were held during the year, at approximately half year intervals. The heads of the core business units/departments of the Company and/or its subsidiaries assessed the risk level based on potential impact and likelihood of risks in different aspects including business risk, financial risk, compliance risk and operational and other risks that may be exposed to. They fill out the risk assessment form which was devised with reference to the guidance entitled “Internal Control and Risk Management – A Basic Framework” issued by Hong Kong Institute of Certified Public Accountants before the meetings were held. The management of the core business units/ departments of the Company and/or its subsidiaries participated in the risk assessment meetings. The meetings aimed to identify the material risks and to discuss the measures to manage risks. Besides, the status and effectiveness on implementation of internal control measures taken after the last risk assessment meeting would be followed up in the risk assessment meetings. Subject to the Code and terms of reference of the audit committee of the Company, the management of each core business unit/department of the Group will provide the internal auditor with their written confirmation annually in relation to the effectiveness and adequacy of their risk management and internal control systems for further review, comment and recommendation and thereafter the audit committee will review the same prior to submission to the Board. The internal auditor will base on the nature and extent of the risks of each individual core business unit/ department to perform further review and recommendation. In addition to the above assessment process, the management report and discuss at the monthly meeting on the existing risk and potential risks of business operation and cash flow positions of the Group has to face and monitor.