Annual Report 2020

Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2020 74 Corporate Governance Report 企業管治報告 ENTERPRISE RISK MANAGEMENT The Board is responsible for the effectiveness of the risk management and has authorized the Audit Committee to act as the professional committee to professionally review the risk management reports submitted by the management, ensuring that the management has fulfilled its responsibilities to establish effective risk management and internal control systems, and review them annually. Systems and procedures have been established by the Group to identify, assess, manage and monitor various risks including strategy, financing, market, operation and compliance that may have impacts on the Group and each major department. In respect of the year ended 31 December 2020, the Board considered that the risk management is adequate and effective. The Company has built an enterprise risk management (“ ERM ”) system with a view to enhancing the risk management and corporate governance practice, and improving the effectiveness and efficiency of internal control systems across the whole Group. The Group has organised and established a risk management group (“ Risk Management Group ”) headed by the Chief Executive Officer, responsible for daily management related to risks of the Group. All of the Group’s subsidiaries have also established their risk management teams, responsible for risk management of their own. At the same time, the Group has engaged a world-renowned consultant institution as the risk management consultant to assist the Group in building effective risk management overall framework so as to ensure the adequacy of resources, staff qualifications and experience, staff training programmes and relevant budget of the Group’s risk management, internal audit and reporting function. The Board believes that a heightened focus on risk and compliance is beneficial for the ongoing development and growth of the Company as well as its staff. In establishing the ERM system, all key functions of the Company were carried out by the Risk Management Group of the Group to undertake the following exercises: 1. Enterprise risk assessment – to identify and prioritise the Group’s key business risks; 2. Enterprise risk response – to assess the related internal controls and risk mitigating measures; 企業風險管理 董事會對風險管理工作的有效性負責，並授權 審核委員會作為專業委員會，專業審閱管理層 提交的風險管理報告，確保管理層已履行建立 有效的風險管理及內部監控系統的職責，並每 年對其進行檢討。本集團已建立系統及程序以 識別、評估、管理及監控各種可能影響本集 團及各主要部門的風險，包括戰略、財務、市 場、運營及合規等方面的風險。董事會認為截 至二零二零年十二月三十一日止年度的風險管 理工作足夠且有效。 為增強本集團整體的風險管理及企業管治常 規，並提高內部監控系統的有效性及效率，本 公司已建立企業風險管理（「 企業風險管理 」）系 統。 本集團已組建了由總裁擔任組長的風險管理工 作小組（「 風險管理工作小組 」），負責本集團風 險相關的日常管理工作。本集團所有附屬公司 亦成立了風險管理工作團隊，負責各自公司的 風險管理工作。同時，本集團聘請國際知名諮 詢機構擔任風險管理顧問，協助本集團構建有 效的風險管理整體框架，以確保本集團在風險 管理、內部審核及匯報職能方面的資源、員工 資歷及經驗、員工所接受的培訓課程及有關預 算是足夠的。 董事會認為，高度專注於風險及合規情況有利 於本公司及其員工的持續發展及成長。於建立 企業風險管理系統時，本公司所有關鍵職能均 由本集團風險管理工作小組執行，並推行以下 舉措： 1. 企業風險評估－識別本集團主要業務風險 並區分優先次序； 2. 企業風險應對－評估相關內部監控及降低 風險的措施；