Annual Report 2023

Corporate Governance Report 企業管治報告 76 Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2023 內部監控系統旨在管理而非消除無法實現業務 目標的風險，且僅能就不會有重大失實陳述或 損失作出合理而非絕對保證。 企業風險管理 董事會知悉其對風險管理工作的有效性負責， 並授權審核委員會作為專業委員會，審閱管理 層提交的風險管理報告，確保管理層已履行建 立有效的風險管理及內部監控系統的職責，並 每年對其進行檢討。本集團已建立系統及程序 以識別、評估、管理及監控各種可能影響本集 團及各主要部門的風險，包括戰略、財務、市 場、運營及合規等方面的風險。董事會認為截 至二零二三年十二月三十一日止年度的風險管 理工作足夠且有效。 本公司的風險管理旨在管理而非消除無法實現 業務目標的風險，且僅能就不會有重大失實陳 述或損失作出合理而非絕對保證。 為增強本集團整體的風險管理及企業管治常 規，並提高內部監控系統的有效性及效率，本 公司已建立企業風險管理（「 企業風險管理 」）系 統。 本集團已組建了由行政總裁擔任組長的風險管 理工作小組（「 風險管理工作小組 」），負責本 集團風險相關的日常管理工作。本集團所有附 屬公司亦成立了風險管理工作團隊，負責各自 公司的風險管理工作。同時，本集團已構建有 效的風險管理整體框架，擁有一支經驗豐富的 風險管理團隊，並聘請國際知名諮詢機構擔任 風險管理顧問，以確保本集團在風險管理、內 部審核及匯報職能方面的資源、員工資歷及經 驗、員工所接受的培訓課程及有關預算是足夠 的。 The internal control systems are designed to manage rather than eliminate the risk of failure to achieve business objectives, and can provide reasonable and not absolute assurance against material misstatement or loss. ENTERPRISE RISK MANAGEMENT The Board acknowledges that the Board is responsible for the effectiveness of the risk management and has authorized the Audit Committee to act as the professional committee to review the risk management reports submitted by the Management, ensuring that the Management has fulfilled its responsibilities to establish effective risk management and internal control systems, and review them annually. Systems and procedures have been established by the Group to identify, assess, manage and monitor various risks including strategy, financing, market, operation and compliance that may have impacts on the Group and each major department. For the year ended 31 December 2023, the Board considered that the risk management is adequate and effective. The risk management of the Company is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss. The Company has built an enterprise risk management (“ ERM ”) system with a view to enhancing the risk management and corporate governance practice, and improving the effectiveness and efficiency of internal control system across the whole Group. The Group has organised and established a risk management group (“ Risk Management Group ”) headed by the Chief Executive Officer, responsible for daily management related to risks of the Group. All of the Group’s subsidiaries have also established their risk management teams, responsible for risk management of their own. At the same time, the Group has built an overall framework for the effective risk management, has an experienced risk management team, and has engaged a world-renowned consultant institution as the risk management consultant to ensure the adequacy of the Group’s resources, staff qualifications and experience, staff training programmes and relevant budget in risk management, internal audit and reporting function.