Annual Report 2021

78 Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2021 Corporate Governance Report 企業管治報告 The internal audit department of the Group should ensure that the Company maintains sound and effective internal controls to safeguard the Shareholders’ investment interests and the Group’s assets safety. The main functions of the internal audit department are to audit the operating efficiencies of each subsidiary of the Company, to audit upon resignation of key management personnel, to assist the Board in reviewing the effectiveness of the internal control system of the Group, to review internal control of business processes, to audit the implementation of overall risk management, to promote the construction of anti-malpractice and to audit individual projects (such as compliance of related party transactions and audit report of goods in transit). Evaluation of the Group’s internal controls covering financial, operational compliance controls and risk management functions will be conducted annually by the Board. The internal control systems are designed to manage rather than eliminate the risk of failure to achieve business objectives, and can provide reasonable and not absolute assurance against material misstatement or loss. ENTERPRISE RISK MANAGEMENT The Board acknowledge that the Board is responsible for the effectiveness of the risk management and has authorized the Audit Committee to act as the professional committee to professionally review the risk management reports submitted by the Management, ensuring that the management has fulfilled its responsibilities to establish effective risk management and internal control systems, and review them annually. Systems and procedures have been established by the Group to identify, assess, manage and monitor various risks including strategy, financing, market, operation and compliance that may have impacts on the Group and each major department. In respect of the year ended 31 December 2021, the Board considered that the risk management is adequate and effective. The risk management of the Company is designed to manage rather than eliminate risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss. The Company has built an enterprise risk management (“ ERM ”) system with a view to enhancing the risk management and corporate governance practice, and improving the effectiveness and efficiency of internal control systems across the whole Group. 本集團的內部審計部應確保本公司的內部監控 健全有效，可維護股東的投資權益及本集團的 資產安全。內部審計部的主要職能是審核本公 司各附屬公司的經營效益、審核主要管理人員 的辭任、協助董事會審核本集團內部監控系統 的有效性、審閱業務流程內部監控、審核全面 風險管理落實情況、推動反舞弊建設及審核個 別項目（如關連人士交易合規性及發出商品審 核報告）。董事會每年進行本集團內部監控評 估，其中包括財務、營運合規監控與風險管理 職能。 內部監控系統旨在管理而非消除無法實現業務 目標的風險，且僅能就不會有重大失實陳述或 損失作出合理而非絕對保證。 企業風險管理 董事會知悉其對風險管理工作的有效性負責， 並授權審核委員會作為專業委員會，專業審閱 管理層提交的風險管理報告，確保管理層已履 行建立有效的風險管理及內部監控系統的職 責，並每年對其進行檢討。本集團已建立系統 及程序以識別、評估、管理及監控各種可能影 響本集團及各主要部門的風險，包括戰略、財 務、市場、運營及合規等方面的風險。董事會 認為截至二零二一年十二月三十一日止年度的 風險管理工作足夠且有效。 本公司的風險管理旨在管理而非消除無法實現 業務目標的風險，且僅能就不會有重大失實陳 述或損失作出合理而非絕對保證。 為增強本集團整體的風險管理及企業管治常 規，並提高內部監控系統的有效性及效率，本 公司已建立企業風險管理（「 企業風險管理 」）系 統。