34
Tradelink Electronic Commerce Limited
Annual Report 2017
Corporate Governance Report
(Continued)
企業管治報告書
(續)
(3) Risk Management & Internal Controls
(Continued)
The risk management system framework adopted by the Group
was designed by reference to the principles and process outlined
in the international standard of ISO31000:2009. Appropriate risk
management activities were embedded into business planning,
project management, contract management, business operations
and organisational procedures. The six steps involved in the risk
management process are:
1.
Establish the risk context (both external and internal
environments)
2.
Identify the risk
3.
Analyse the risk
4.
Evaluate the risk
5.
Modify the risk (risk treatment)
6.
Monitor and review the risk treatment
Our risk management process and risk management framework
can be represented diagrammatically as follows:
Risk Management Process ISO31000:2009
Communication and Consultation
溝通與諮詢
Establish the context
確立風險背景
Risk Identification
風險識別
Risk analysis
風險分析
Risk evaluation
風險評價
Risk treatment
風險處理
Monitoring and Review
監察及檢討
Risk Assessment
風險評估
(3)
風險管理及內部監控(續)
本集團所採用的風險管理系統框架乃參照
ISO31000:2009
國際標準中概述的原則及程
序設計。適當風險管理活動已納入業務規
劃、項目管理、合約管理、業務營運及組織
程序。風險管理程序涉及的六個步驟為:
1.
確立風險背景(外部和內部環境)
2.
識別風險
3.
分析風險
4.
評價風險
5.
紓緩風險(風險處理)
6.
監察及檢討風險處理措施
我們的風險管理程序及風險管理框架可以
圖表顯示如下:
風險管理程序
ISO31000:2009