Annual Report 2022

58 SHOUGANG CENTURY HOLDINGS LIMITED 首佳科技製造有限公司 CORPORATE GOVERNANCE REPORT 企業管治報告 用於識別、評估和管理重大風險的程序 於本年度舉行了兩次風險評估會議，大約每半 年一次。本公司及╱或其附屬公司核心業務 單位╱部門主管根據面對不同風險所潛在的 影響及可能性評估風險，包括業務風險、財務 風險、合規風險、營運及其他風險和環境、社 會及管治風險。在舉行會議前，彼等填寫是參 考香港會計師公會發佈之「內部監控和風險管 理－基本框架」的指引而制定的風險評估表。 本公司及╱或其附屬公司核心業務單位╱部 門管理層已參與該等風險評估會議。該等會議 的目的是分別出重大的風險，並討論減輕風險 的措施。此外，在風險評估會議上會跟進上一 次風險評估會議內部監控措施的執行狀況和成 效。 Internal Auditor • Perform internal audit services for the Group 內部核數師 為本集團進行內部審核服務 • Deliver internal audit reports to the audit committee and the Board 向審核委員會和董事會提交內部審核報告 • Meet with the audit committee members to discuss the major findings and make recommendations to improve the risk management and internal control systems of the Group 與審核委員會成員會面，討論主要調查結果並提出改善本集團風險 管理和內部監控系統的建議 Heads of core business units/departments • Assess the risk level based on potential impact and likelihood of risks in different aspects at least semi-annually 核心業務單位╱部門主管 最少每半年根據潛在影響和可能性評估在不同方面的風險之風險程 度 • Identify the material risks and discuss measures to mitigate risks 識別重大風險並討論降低風險的措施 • Give a confirmation annually on the effectiveness of the risk management and internal control systems of its business unit/ department and submit it to the audit committee 每年確認各自業務單位╱部門主管之風險管理和內部監控系統的有 效性，並提交確認函予審核委員會 Process to identify, evaluate and manage significant risks Two risk assessment meetings were held during the year, at approximately half year intervals. The heads of the core business units/departments of the Company and/or its subsidiaries assessed the risk level based on potential impact and likelihood of risks in different aspects including business risks, financial risks, compliance risks, operational and other risks and environmental, social and governance risks that may be exposed to. They fill out the risk assessment form which was devised with reference to the guidance entitled “Internal Control and Risk Management – A Basic Framework” issued by Hong Kong Institute of Certified Public Accountants before the meetings were held. The management of the core business units/departments of the Company and/or its subsidiaries participated in the risk assessment meetings. The meetings aimed to identify the material risks and to discuss the measures to manage risks. Besides, the status and effectiveness on implementation of internal control measures taken after the last risk assessment meeting would be followed up in the risk assessment meetings.