34

Tradelink Electronic Commerce Limited

Annual Report 2017

Corporate Governance Report

(Continued)

企業管治報告書

（續）

(3) Risk Management & Internal Controls

(Continued)

The risk management system framework adopted by the Group

was designed by reference to the principles and process outlined

in the international standard of ISO31000:2009. Appropriate risk

management activities were embedded into business planning,

project management, contract management, business operations

and organisational procedures. The six steps involved in the risk

management process are:

1.

Establish the risk context (both external and internal

environments)

2.

Identify the risk

3.

Analyse the risk

4.

Evaluate the risk

5.

Modify the risk (risk treatment)

6.

Monitor and review the risk treatment

Our risk management process and risk management framework

can be represented diagrammatically as follows:

Risk Management Process ISO31000:2009

Communication and Consultation

溝通與諮詢

Establish the context

確立風險背景

Risk Identification

風險識別

Risk analysis

風險分析

Risk evaluation

風險評價

Risk treatment

風險處理

Monitoring and Review

監察及檢討

Risk Assessment

風險評估

(3)

風險管理及內部監控（續）

本集團所採用的風險管理系統框架乃參照

ISO31000:2009

國際標準中概述的原則及程

序設計。適當風險管理活動已納入業務規

劃、項目管理、合約管理、業務營運及組織

程序。風險管理程序涉及的六個步驟為：

1.

確立風險背景（外部和內部環境）

2.

識別風險

3.

分析風險

4.

評價風險

5.

紓緩風險（風險處理）

6.

監察及檢討風險處理措施

我們的風險管理程序及風險管理框架可以

圖表顯示如下：

風險管理程序

ISO31000:2009