33
二零一七年年報
貿易通電子貿易有限公司
Corporate Governance Report
(Continued)
企業管治報告書
(續)
(3) Risk Management & Internal Controls
(Continued)
Once risks, including those which are Environmental, Social and
Governance-related, have been identified, recorded, analysed, and
the agreed treatments have been implemented, an appropriate
monitoring and reporting regime will be established to provide
assurance that the treatment is effective and helps to control the
risk. Appropriate risk treatments are embedded into daily
operations. The risk will be continuously monitored depending on
the subsequent risk rating and the strength of controls to treat
the risks. All staff have the responsibility for the continuous
monitoring of risks and operation of controls within their area of
responsibility. In particular, close attention would be paid to those
risk areas with a strong reliance on internal controls and processes
to bring the risk to an acceptable level.
The Company believes that effective communication and
consultation is essential throughout the risk management process
as it enhances the understanding of risk identification, analysis
and evaluation among process owners and risk management team
in the Group. During the reporting year, individual departments of
the Company at least monthly reviewed and updated their
respective own risk logs. The responsible persons of the
departments updated and reported the risk logs to the Risk
Manager and the responsible executive director (the “Responsible
ED”) of the Group on a regular basis. The Responsible ED then
presented the consolidated risk logs to Senior Management for
identification and assessment at management and Group levels.
Senior Management updated the Board on any significant risks
and progress via monthly reports or in Board meetings.
The Board recognizes the need for sound and effective risk
management and internal controls systems to safeguard
shareholders’ investment and the Group’s assets. The Board
acknowledges its overall responsibility for the Group’s risk
management and internal control systems. With the support of
Senior Management and the Audit Committee, the Board
reviewed the effectiveness of the systems which covered different
areas, including without limitation, the financial, operational and
compliance controls in compliance with Code Provisions C.2,
Appendix 14 of the Listing Rules. Such systems were designed to
manage rather than eliminate the risk of failure to achieve the
Group’s business objectives, and could only provide reasonable
and not absolute assurance against material mis-statement or loss.
(3)
風險管理及內部監控(續)
各類風險(包括與環境、社會及管治相關
者)一經確定、記錄、分析及實施協定處理
措施,將建立適當監察及報告制度,確保
措施有效並有助於監控風險。適當風險處
理措施已納入日常營運。風險將視乎其後
的風險評級及監控力度持續進行監察,以
便處理。全體員工皆有責任在彼等責任範
圍內持續監察及控制風險。特別是,會密
切注意與內部監控及程序息息相關的風險
範圍,使風險達至可接受水平。
本公司相信有效溝通及諮詢於整個風險管
理程序中是必要的,因其加深對本集團程
序所有人及風險管理團隊對於風險識別、
分析及評估的理解。於報告年度內,本公
司各部門至少每月審閱並更新其各自的風
險日誌。各部門負責人定期向本集團風險
管理人及負責執行董事(「負責執行董事」)
更新及匯報風險日誌。負責執行董事其後
將綜合風險日誌呈交高級管理人員,以便
在管理層及本集團層面識別及評估。高級
管理人員透過每月匯報或於董事會會議向
董事會報告任何重大風險及進展。
本公司深明需要維持健全有效的風險管理
及內部監控系統,以保障股東的投資及本
集團資產。董事會知悉其對本集團風險管
理及內部監控系統的整體責任。在高級管
理人員及審核委員會支持下,董事會檢討
涵蓋不同範圍的系統成效,包括但不限於
財務、營運及遵守上市規則附錄十四守則
條文
C.2
的合規監控。該系統旨在管理而非
消除未能達成本集團業務目標的風險,並
且只能就不會有重大的失實陳述或損失作
出合理而非絕對的保證。