Annual Report 2020

Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2020 80 Corporate Governance Report 企業管治報告 Phase 1 Goal Setting The Board establishes common risk assessment criteria and sets up risk reference tables for the Group. Meanwhile, Risk Management Group of the Group and Risk Management Group of each business segment discuss and formulate overall risk management objectives, management requirements and organization methods. Phase 2 Risk Identification Each business segment and department collects risk information related to the Group and identifies the risks that potentially impact the key processes of the operations. The Group also identifies opportunities for improvement. Phase 3 Risk Assessment Each business segment and department uses uniform and quantitative criteria to assess the identified risks along with their impacts on the business and the possibility of their occurrence to determine the risk level. Phase 4 Risk Response Each business segment and department determines the overall response strategy and corresponding response plan for the assessed risks as well as the implementation measures such as risk taking, risk avoidance, risk transfer and risk reduction to deal with the risks. Phase 5 Control Activity Each business segment and department establishes or modifies relevant systems and control activity procedures to ensure that necessary risk responses and action plans are implemented and the risk management response plan is executed, in order to control and manage potential risks. Phase 6 Monitoring Each business segment and department continues to follow up the operation situation of KRI, implementation and effectiveness of the risk response plan, makes timely risk warning, adjusts response plan and reports risks regularly to the relevant management within the Group. The internal audit department independently reviews the adequacy and effectiveness of the framework of risk management system per annum, and submits the review results and recommendations on improvement to the Audit Committee. 第一階段 目標設定 董事會為本集團設定通用的風險評估準則及制 定風險參照列表。同時，本集團風險管理工作 小組和各事業分部風險管理工作小組討論並確 定風險管理總體目標、管控要求與組織方式。 第二階段 風險識別 各事業分部和部門收集與本集團相關的風險信 息，並識別對其營運重要程序具有潛在影響的 風險。本集團亦識別改進機會。 第三階段 風險評估 各事業分部和部門運用統一及量化的標準，就 已識別的風險及其對業務的影響，以及其發生 的可能性作出評估，確定風險等級。 第四階段 風險應對 各事業分部和部門對評估出的風險確定總體應 對策略及相應應對計劃，實施風險承擔、風險 規避、風險轉移及風險降低等措施以處理風險。 第五階段 控制活動 各事業分部和部門建立或修訂相應制度和控制 活動流程，確保採取必要的風險應對和行動計 劃，風險管理應對方案得以執行，以控制和管 理潛在風險。 第六階段 監控 各事業分部和部門持續跟進 KRI 運行情況和風 險應對計劃的實施情況及有效性，及時作出風 險預警，調整應對計劃，並定期向本集團內相 關管理層匯報風險。內部審計部每年獨立審閱 風險管理體系建設的充足性及有效性，把審閱 結果及改善建議提報至審核委員會。