The Board is responsible for the Group's system of risk management and internal controls and its effectiveness. Such a system is designed to prudently manage the Group's risks within an acceptable risk profile. The Board has delegated to management the implementation of such system of risk management and internal controls as well as the review of relevant financial, operational and compliance controls and risk management procedures.
The management under the supervision of the Board has established an on-going process for identifying, evaluating and managing the significant risks faced by the Group and this process includes updating the system of risk management and internal controls when there are changes to business environment or regulatory guidelines.
The management assists the Board with the implementation of all relevant policies and procedures on risk and control by identifying and assessing the risk faced and designing, operating and monitoring suitable internal controls to mitigate and control these risks. The key processes that have been established in reviewing the adequacy and integrity of the system of risk management and internal controls include the following:
A defined management structure is maintained with specified limits of authority and control responsibilities, which is designed to (a) safeguard assets from inappropriate use; (b) maintain proper accounts; (c) ensure compliance with regulations; and (d) identify, manage and mitigate key risks to the Group.
The Audit Committee, inter alia, reviews the financial controls, risk management and internal controls systems of the Group and any significant internal control issues identified by the internal audit department, external auditors and management. It also conducts review of the internal audit functions with particular emphasis on the scope and quality of the internal audits and independence of the internal audit department. During its annual review, the Audit Committee also considers the adequacy of resources, qualifications and experience of staff of the Group's accounting and financial reporting function, and their training programmes and budgets.
The internal audit department monitors compliance with policies and procedures and the effectiveness of the risk management and internal control system and highlights significant findings in respect of any non-compliance. It plays an important role in the Group's internal control framework, and provides objective assurance to the Board that a sound internal control system is maintained and operated in compliance with the established processes and standards by performing periodic checking. The internal audit department issues reports to the Board and relevant management covering various operational and financial processes of the Group and provides summary reports to the Audit Committee together with the status of implementation of their recommendation in each Audit Committee meeting.
The Board is satisfied that the internal control system in place covering all material controls including financial, operational and compliance controls and risk management functions is reasonably effective and adequate.