Risk Management and Internal Control

Risk Management and Internal Control

The Board has overall responsibility for maintaining and ensuring effective implementation of the risk management and internal control systems of the Group and reviewing their effectiveness by the Audit Committee to safeguard the shareholders’ interest and the Company’s assets. However, these systems are designed to manage rather than eliminate risk of failure in operational system, and can only provide reasonable but not absolute assurance against material misstatement or loss.

The Group has implemented an effective internal control system which includes a defined management structure with clear lines of responsibility and limits of authority, proper procedures for income and expenditure, monthly review by the Executive Directors of operational and financial reports provided by the management, regular business meetings between the Executive Directors and the core management team and periodic review of the Group’s financial results by the Board.

The Board, through the Audit Committee, reviews regularly the effectiveness and adequacy of the Group’s internal control system which includes financial, operational and compliance mechanisms and risk management functions in order to identify, evaluate and manage risks (including Environment, Social and Governance ("ESG") risks) and take appropriate measures to avoid or mitigate those risks that could adversely impact the Group’s business activities. The review also includes the adequacy of resources, qualifications and experience of staff of the Company’s accounting and financial reporting functions, training programmes and budget, internal audit as well as those relating to the Company's ESG performance and reporting. The review process consists of, amongst other matters, assessment and implementation of material control issues identified by an independent external auditor during statutory audit.

The Company has engaged an independent consultant to perform an internal audit review on the operations of the Group in order to assist the Group to assess its internal control system in general. The consultant also assisted the Group to perform an ESG risk assessment by identifying ESG issues of the environmental and social aspects, assessing and prioritizing the ESG risks as well as considering upcoming plans for enhancing the current ESG practices of the Group. An ESG working committee comprising management members and led by an Executive Director was formed to review and monitor the Group's ESG matters and ensure the compliance with the ESG related regulatory requirements.


The work approach of the review conducted by the independent consultant includes:

  1. making enquiries with appropriate management and key process owners to obtain a thorough understanding of the operations of the in-scope processes and to identify major risks, respective internal controls and significant design deficiencies of the internal control system;
  2. performing walkthrough tests and identifying implementation deficiencies for the key internal control procedures;
  3. performing necessary substantive procedures to identify operating deficiencies of the key internal control procedures; and
  4. following completion of the review, the independent consultant summarizes the findings and certain deficiencies identified and also makes appropriate recommendations for improving and strengthening the Group’s internal control system to the Audit Committee for approval.


Handling and Dissemination of Inside Information

The Group acknowledges its responsibilities under the Securities and Futures Ordinance (Chapter 571 of the Laws of Hong Kong) and the Listing Rules and the overriding principle that inside information should be announced immediately when it is the subject of a decision.

The Board adopted the Inside Information Policy in August 2019 which provides a general guide to the Group’s officers and employees in handling confidential information and ensure that inside information of the Company is to be disseminated to the public in a timely manner in accordance with the applicable laws and regulations.

Below is a summary of key provisions of the Inside Information Policy:

  1. officers and employees must follow the reporting channels for disclosing the inside information and take reasonable care for safeguard the confidentiality of all inside information;
  2. the Executive Directors are empowered to take appropriate actions to ensure compliance with the disclosure requirements including issuing announcements and making a request to The Stock Exchange of Hong Kong Limited for a trading halt in case the Company is facing an unexpected and significant event; and
  3. Directors and employees of the Group must not deal in the Company’s securities when they are in possession of unpublished inside information.

    The Group also keeps the Directors and employees appraised of the latest regulatory updates on disclosure requirements of inside information.