貿易通2019 年年報

二零一九年年報 貿易通電子貿易有限公司 43 Corporate Governance Report (Continued) 企業管治報告書 （續） (3) 風險管理及內部監控（續） 為進一步加強風險管理和內部監控系統， 本公司內部核數師（「內部核數師」）已由審 核委員會指定進行審閱及審核測試，以核 實現行風險管理及內部監控系統的成效。 審查報告已提交審核委員會，審核委員會 會根據報告就貿易通之風險管理及內部監 控系統成效達成意見，並據此向董事會報 告。外部核數師將瞭解與其審核相關的內 部監控，以設計適合的審核程序，但並非 為對本集團的內部監控成效發表意見。外 部核數師除其他事項外，將就審核的計劃 範疇與時間以及重大審核結果與審核委員 會溝通，包括其於審核過程發現的任何重 大內部監控缺失。如有需要，本公司將及 時採取補救行動。 於二零一九年內，內部核數師已對貿易通 的風險管理及內部監控系統進行檢討。具 體而言，內部核數師已進行工作如下： • 使 用 ISO31000 ： 2018 作 為 比 較 基 礎，進行風險管理系統成效差距分 析和評估； • COSO 實 體 層 面 監 控 差 距 分 析 （「 COSO 審閱」），以確定本公司已建 立與「 COSO — 內部監控 — 綜合框 架」建議的監控框架關鍵概念一致的 實體層面監控； • 審核測試以核實本公司現存內部監 控的成效。 本公司亦設有舉報程序，鼓勵其僱員向審 核委員會以保密方式舉報有關本公司可能 存在不當行為的事項。於報告年度，未接 獲任何舉報報告。 (3) Risk Management & Internal Controls (Continued) To further strengthen the risk management and internal control systems, the Company’s internal auditor (“Internal Auditor”) has been designated by Audit Committee to conduct a review and audit tests to verify the effectiveness of risk management and internal control systems in place. A review report was presented to Audit Committee, which based on the report formed the opinion on the effectiveness of Tradelink’s risk management and internal control systems and reported to the Board accordingly. The external auditors would obtain an understanding of internal control relevant to their audit in order to design audit procedures that are appropriate in the circumstances though not for the purpose of expressing an opinion on the effectiveness of the Group’s internal control. The external auditors would communicate with Audit Committee regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that they identify during the course of their audit. If necessary, remedial actions will be taken timely by the Company. During the year of 2019, Internal Auditor has conducted a review of Tradelink’s risk management and internal control systems. In particular, Internal Auditor has conducted the following: • A gap analysis and evaluation of effectiveness of risk management system by using ISO31000:2018 as a basis for comparison; • A COSO entity level control gap analysis (‘COSO Review’) to ascertain if the Company has established entity level controls that are consistent with the key concepts of the control framework recommended by COSO — ‘Internal Control — Integrated Framework’; • Audit tests to verify the effectiveness of the Company’s internal controls in place. The Company also has a whistle-blowing procedure in place to encourage its staff to raise concerns, in confidence, with the Audit Committee about possible improprieties in any matter related to the Company. During the reporting year, no whistle- blowing report received.