Annual Report 2021

57 年報 2021 ANNUAL REPORT CORPORATE GOVERNANCE REPORT 企業管治報告 用於識別、評估和管理重大風險的程序 於本年度舉行了兩次風險評估會議，大約每半 年一次。本公司及╱或其附屬公司核心業務單 位╱部門主管根據面對不同風險所潛在的影 響及可能性評估風險，包括業務風險、財務風 險、合規風險、營運風險及其他風險。在舉行 會議前，彼等填寫是參考香港會計師公會發佈 之「內部監控和風險管理－基本框架」的指引 而制定的風險評估表。本公司董事會成員（主 要是執行董事）及╱或其附屬公司核心業務單 位╱部門管理層已參與風險評估會議。該等會 議的目的是分別出重大的風險，並討論減輕風 險的措施。此外，在風險評估會議上會跟進上 一次風險評估會議內部監控措施的執行狀況和 成效。 根據守則和本公司審核委員會的職權範圍書， 本集團每個核心業務單位╱部門之管理層每年 將就其業務單位╱部門的風險管理和內部監控 系統的有效性及足夠性，向內部核數師提供書 面確認函作進一步審閱、評論及建議，而其後 審核委員會將在呈交董事會前審閱該確認函。 內部核數師將根據各核心業務單位╱部門的風 險性質和程度進行進一步審查和建議。 除了上述評估程序外，管理層在每月會議上匯 報及討論本集團需面對及監控之業務運營現有 風險和潛在風險以及本集團現金流的情況。 Process to identify, evaluate and manage significant risks Two risk assessment meetings were held during the year, at approximately half year intervals. The heads of the core business units/departments of the Company and/or its subsidiaries assessed the risk level based on potential impact and likelihood of risks in different aspects, including business risk, financial risk, compliance risk, operational risk and other risks that may be exposed to. They fill out the risk assessment form which was devised with reference to the guidance entitled “Internal Control and Risk Management – A Basic Framework” issued by Hong Kong Institute of Certified Public Accountants before the meetings were held. The Board members (mainly the executive Directors) together with the management of the core business units/departments of the Company and/or its subsidiaries participated in the risk assessment meetings. Those meetings aimed to identify the material risks and to discuss the measures to manage risks. Besides, the status and effectiveness on implementation of internal control measures taken after the last risk assessment meeting would be followed up in the risk assessment meetings. Subject to the Code and terms of reference of the audit committee of the Company, the management of each core business unit/department of the Group will provide the internal auditor with their written confirmation annually in relation to the effectiveness and adequacy of their risk management and internal control systems for further review, comment and recommendation and thereafter the audit committee will review the same prior to submission to the Board. The internal auditor will base on the nature and extent of the risks of each individual core business unit/ department to perform further review and recommendation. In addition to the above assessment process, the management report and discuss at the monthly meeting on the existing risks and potential risks of business operation and cash flow positions of the Group has to face and monitor.