Annual Report 2016

二零一六年年報

33

Corporate Governance Report

企業管治報告書

(3) Risk Management & Internal Controls (continued)

To further strengthen the risk management and internal control systems,

the Company’s internal auditor (“Internal Auditor”) has been designated

by Audit Committee to conduct a review and audit tests to verify the

effectiveness of risk management and internal control systems in place.

A review report would be presented to Audit Committee, which based

on the report formed the opinion on the effectiveness of Tradelink’s risk

management and internal control systems and reported to the Board

accordingly. The external auditors would obtain an understanding of

internal control relevant to their audit in order to design audit procedures

that are appropriate in the circumstances though not for the purpose

of expressing an opinion on the effectiveness of the Group’s internal

control. The external auditors would communicate with Audit Committee

regarding, among other matters, the planned scope and timing of the

audit and significant audit findings, including any significant deficiencies

in internal control that they identify during the course of their audit. If

necessary, remedial actions will be taken timely by the Company.

During the year of 2016, Internal Auditor has conducted a review of

Tradelink’s risk management and internal control systems. In particular,

Internal Auditor has conducted the following:

• A gap analysis and evaluation of effectiveness of risk management

system by using ISO31000:2009 as a basis for comparison;

• A COSO entity level control gap analysis (‘COSO Review’) to

ascertain if the Company has established entity level controls that

are consistent with the key concepts of the control framework

recommended by COSO – ‘Internal Control – Integrated Framework’;

• Audit tests to verify the effectiveness of the Company’s internal

controls in place.

The Company also has a whistle-blowing procedure in place to encourage

its staff to raise concerns, in confidence, with the Audit Committee about

possible improprieties in any matter related to the Company. During the

reporting period, no whistle-blowing report received.

Based on the confirmation from the Senior Management, the reviews

from the Internal Auditor and the Audit Committee, the Board considered

that the risk management and internal control systems are adequate and

effective for the reporting year. There were no significant control failings,

weakness or significant areas of concern identified during 2016.

The Board also considered the resources, staff qualifications and

experience, training programs and budget of the Group’s accounting,

internal audit and financial reporting functions were adequate.

(3)

風險管理及內部監控（續）

為進一步加強風險管理和內部監控系統，本公司內部

核數師（「內部核數師」）已由審核委員會指定進行審閱

及審核測試，以核實風險管理及內部監控系統的成

效。審查報告將提交審核委員會，審核委員會會根據

報告就貿易通之風險管理及內部監控系統成效達成意

見，並據此向董事會報告。外部核數師將瞭解與其審

核相關的內部監控，以設計適合的審核程序，但並非

為對本集團的內部監控成效發表意見。外部核數師將

就（其中包括）審核的計劃範疇與時間以及重大審核結

果與審核委員會溝通，包括其於審核過程發現的任何

重大內部監控缺失。如有需要，本公司將及時採取補

救行動。

於二零一六年內，內部核數師已對貿易通的風險管理

及內部監控系統進行檢討。具體而言，內部核數師已

進行工作如下：

•

使用

ISO31000

：

2009

作為比較基礎，進行風險管

理系統成效差距分析和評估；

• COSO

實體層面監控差距分析（「

COSO

審閱」），以

確定本公司已建立與「

COSO

─內部監控─綜合框

架」建議的監控框架關鍵概念一致的實體層面監

控；

•

審核測試以核實本公司現存內部監控的成效。

本公司亦設有舉報程序，鼓勵其僱員向審核委員會以

保密方式舉報有關本公司可能存在不當行為的事項。

於報告期間，未接獲任何舉報報告。

根據高級管理人員確認、內部核數師及審核委員會的

審閱，董事會認為於報告年度內風險管理及內部監控

系統屬充分及有效。二零一六年內未發現重大監控缺

陷、缺點或重大留意範疇。

董事會亦認為本集團在會計、內部審核及財務匯報職

能的資源、僱員資歷及經驗，培訓課程及有關預算屬

足夠。