36

Tradelink Electronic Commerce Limited

Annual Report 2017

Corporate Governance Report

(Continued)

企業管治報告書

（續）

(3) Risk Management & Internal Controls

(Continued)

To further strengthen the risk management and internal control

systems, the Company’s internal auditor (“Internal Auditor”) has

been designated by Audit Committee to conduct a review and

audit tests to verify the effectiveness of risk management and

internal control systems in place. A review report was presented to

Audit Committee, which based on the report formed the opinion

on the effectiveness of Tradelink’s risk management and internal

control systems and reported to the Board accordingly. The

external auditors would obtain an understanding of internal

control relevant to their audit in order to design audit procedures

that are appropriate in the circumstances though not for the

purpose of expressing an opinion on the effectiveness of the

Group’s internal control. The external auditors would

communicate with Audit Committee regarding, among other

matters, the planned scope and timing of the audit and significant

audit findings, including any significant deficiencies in internal

control that they identify during the course of their audit. If

necessary, remedial actions will be taken timely by the Company.

During the year of 2017, Internal Auditor has conducted a review

of Tradelink’s risk management and internal control systems. In

particular, Internal Auditor has conducted the following:

•

A gap analysis and evaluation of effectiveness of risk

management system by using ISO31000:2009 as a basis for

comparison;

•

A COSO entity level control gap analysis (‘COSO Review’) to

ascertain if the Company has established entity level

controls that are consistent with the key concepts of the

control framework recommended by COSO — ‘Internal

Control — Integrated Framework’;

•

Audit tests to verify the effectiveness of the Company’s

internal controls in place.

The Company also has a whistle-blowing procedure in place to

encourage its staff to raise concerns, in confidence, with the

Audit Committee about possible improprieties in any matter

related to the Company. During the reporting year, no whistle-

blowing report received.

(3)

風險管理及內部監控（續）

為進一步加強風險管理和內部監控系統，

本公司內部核數師（「內部核數師」）已由審

核委員會指定進行審閱及審核測試，以核

實現行風險管理及內部監控系統的成效。

審查報告已提交審核委員會，審核委員會

會根據報告就貿易通之風險管理及內部監

控系統成效達成意見，並據此向董事會報

告。外部核數師將瞭解與其審核相關的內

部監控，以設計適合的審核程序，但並非

為對本集團的內部監控成效發表意見。外

部核數師將就（其中包括）審核的計劃範疇

與時間以及重大審核結果與審核委員會溝

通，包括其於審核過程發現的任何重大內

部監控缺失。如有需要，本公司將及時採

取補救行動。

於二零一七年內，內部核數師已對貿易通

的風險管理及內部監控系統進行檢討。具

體而言，內部核數師已進行工作如下：

•

使用

ISO31000:2009

作為比較基礎，

進行風險管理系統成效差距分析和

評估；

•

COSO

實 體 層 面 監 控 差 距 分 析

（「

COSO

審閱」），以確定本公司已建

立與「

COSO

─內部監控─綜合框架」

建議的監控框架關鍵概念一致的實

體層面監控；

•

審核測試以核實本公司現存內部監

控的成效。

本公司亦設有舉報程序，鼓勵其僱員向審

核委員會以保密方式舉報有關本公司可能

存在不當行為的事項。於報告年度，未接

獲任何舉報報告。