Tradelink Electronic Commerce Limited

貿易通電子貿易有限公司

30

Corporate Governance Report

企業管治報告書

(3) Risk Management & Internal Controls (continued)

The Company believes that effective communication and consultation

is essential throughout the risk management process as it enhances

the understanding of risk identification, analysis and evaluation among

process owners and risk management team in the Group. During the

reporting year, individual departments of the Company at least monthly

reviewed and updated their respective own risk logs. The responsible

persons of the departments updated and reported the risk logs to the Risk

Manager and the responsible executive director (the “Responsible ED”)

of the Group on a regular basis. The Responsible ED then presented the

consolidated risk logs to the Senior Management for identification and

assessment at management and Group levels. The Senior Management

updated the Board on any significant risks and progress via monthly

reports or in Board meetings. The Group also engaged an external

consultant to review and assist in reporting the significantly high-risk

areas from the risk assessment result prepared by the Group.

The Board recognizes the need for sound and effective risk management

and internal controls systems to safeguard shareholders’ investment and

the Group’s assets. The Board acknowledges its overall responsibility

for the Group’s risk management and internal control systems. With the

support of the Senior Management and the Audit Committee, the Board

reviewed the effectiveness of the systems which covered different areas,

including without limitation, the financial, operational and compliance

controls in compliance with Code Provisions C.2, Appendix 14 of the

Listing Rules. Such systems were designed to manage rather than

eliminate the risk of failure to achieve the Group’s business objectives,

and could only provide reasonable and not absolute assurance against

material mis-statement or loss.

The risk management system framework adopted by the Group was

designed by reference to the principles and process outlined in the

international standard of ISO31000:2009. Appropriate risk management

activities were embedded into business planning, project management,

contract management, business operations and organisational

procedures. The six steps involved in the risk management process are:

1. Establish the risk context (both external and internal environments)

2. Identify the risk

3. Analyse the risk

4. Evaluate the risk

5. Modify the risk (risk treatment)

6. Monitor and review the risk treatment

(3)

風險管理及內部監控（續）

本公司相信有效溝通及諮詢於整個風險管理程序中是

必要的，因其加深對本集團程序所有人及風險管理團

隊對於風險識別、分析及評估的理解。於報告年度

內，本公司各部門至少每月審閱並更新其各自的風險

日誌。各部門負責人定期向本集團風險管理人及負責

執行董事（「負責執行董事」）更新及匯報風險日誌。負

責執行董事其後將綜合風險日誌呈交高級管理人員，

以便在管理層及本集團層面識別及評估。高級管理人

員透過每月匯報或於董事會會議向董事會報告任何重

大風險及進展。本集團亦委聘一名外部顧問，根據本

集團編製的風險評估結果，審閱及協助匯報重大高風

險領域。

本公司深明需要維持健全有效的風險管理及內部監控

系統，以保障股東的投資及本集團資產。董事會知悉

其對本集團風險管理及內部監控系統的整體責任。在

高級管理人員及審核委員會支持下，董事會檢討涵蓋

不同範圍的系統成效，包括但不限於財務、營運及遵

守上市規則附錄十四守則條文

C.2

的合規監控。該系統

旨在管理而非消除未能達成本集團業務目標的風險，

並且只能就不會有重大的失實陳述或損失作出合理而

非絕對的保證。

本集團所採用的風險管理系統框架乃參照

ISO31000

：

2009

國際標準中概述的原則及程序設計。適當風險管

理活動已納入業務規劃、項目管理、合約管理、業務

營運及組織程序。風險管理程序涉及的六個步驟為：

1.

確立風險背景（外部和內部環境）

2.

識別風險

3.

分析風險

4.

評價風險

5.

紓緩風險（風險處裡）

6.

監察及檢討風險處理措施