CORPORATE GOVERNANCE REPORT (CONTINUED)
ACCOUNTABILITY AND AUDIT (Continued)
Risk Management and Internal Controls (Continued)
The process of risk management involves:
:
understanding of organisational objectives;
identifying the risk associated with achieving organisational objectives and assessing the likelihood and potential impact of particular risks;
developing programmes to address the identified risks; and
ongoing monitoring and evaluating the risks, internal control and the arrangements in place to address them.
The risk management of the Group combines a top-down strategic view with a complementary bottom-up operational
process.
The Board, by the top-down approach, has a particular focus on determining the nature and extent of significant risks it is willing to take in achieving the strategic objectives of the Group. The Audit Committee supports the Board to review all significant risks in order to ensure that the activities of the business remain within agreed risk appetite tolerances.
The operating units of the Group are responsible for identifying their own risks and designing, implementing and monitoring the relevant risk management and internal control systems. The setting of business objectives and annual budgeting is one of their key control activities, which shall be refined to take into consideration risk factors. The operating units of the Group consult the Group General Manager on setting the business objectives which are pursuant to the Board's strategic objectives and are consistent with its risk appetite. The process involves the maintenance of risk assessment reports setting out particulars of material risks together with the control strategies as reported by the operating units of the Group. This bottom-up approach is embedded in the operations of the Group and complements the top-down strategic view by identifying the principal risks and ensuring the significant risks to be considered by the Board in determining the risk appetite.
The Internal Audit Department collects the risk assessment reports from the operating units of the Group and then compiles a risk register for review at the meeting of Internal Risk Management Team which is held at least 4 times a year (2 meetings are held before the holding of the Board Meeting to review the interim and annual results of the Group). The
Internal Risk Management Team coordinates risk management activities and assesses the effectiveness of the related system of internal control in managing the significant risks, having regard, in particular, to any significant failings or weakness in internal control that have been reported.
The Internal Audit Department adopted a risk-based approach which included all significant risks in each year's annual audit plan and performed audits to evaluate the proper functioning of the risk management and internal control systems for the financial year ended 31 December 2016. It is intended to carry out this evaluation process on an ongoing basis. Key audit findings and recommendations have been shared with the Internal Risk Management Team. The Audit Committee, after reviewing and considering the risk management findings submitted by the Internal Audit Department, then reported to the Board of the Company and confirmed to the Board that the risk management and internal control systems are effective and adequate.
Hong Kong Ferry (Holdings) Company Limited
Annual Report 2016
33
Page 35Page 36
No comments yet.
Private notes are available after approval.