貿易通 2021 年年報

47 二零二一年年報 貿易通電子貿易有限公司 Corporate Governance Report (Continued) 企業管治報告書（續） (3) 風險管理及內部監控（續） 本公司相信，有效溝通及諮詢能加深本集團 程序所有人及風險管理團隊對於風險識別、 分析及評估的理解，因此在整個風險管理程 序中不可或缺。於報告年度內，本公司各部 門至少每月審閱並更新其風險日誌。各部門 負責人定期向本集團風險管理人及負責執 行董事（「負責執行董事」）更新及匯報風險日 誌。負責執行董事其後將綜合風險日誌呈交 高級管理人員，以便在管理層及本集團層面 識別及評估。高級管理人員透過每月匯報或 於董事會會議向董事會報告任何重大風險及 進展。 董事會深明需要維持健全有效的風險管理及 內部監控系統，以保障股東的投資及本集團 資產。董事會知悉其對本集團風險管理及內 部監控系統的整體責任。在高級管理人員及 審核委員會支持下，董事會檢討涵蓋不同範 圍的系統成效，包括但不限於財務、營運及 合規監控以遵守上市規則附錄十四的相關守 則條文。該等系統旨在管理而非消除未能達 成本集團業務目標的風險，並且只能就不會 有重大的失實陳述或損失作出合理而非絕對 的保證。 本集團所採用的風險管理系統框架乃參照 ISO31000 國際標準中概述的原則及程序設 計。適當的風險管理活動已納入業務規劃、 項目管理、合約管理、業務營運及組織程 序。風險管理程序涉及的六個步驟為： 1. 確立範圍、背景及標準 2. 風險評估（風險識別、風險分析、風險 評價） 3. 風險處理 4. 監察及檢討 5. 記錄及匯報 6. 溝通與諮詢 (3) Risk Management & Internal Controls (Continued) The Company believes that effective communication and consultation are essential throughout the risk management process as we enhance the understanding of risk identification, analysis and evaluation among process owners and risk management team in the Group. During the reporting year, individual departments of the Company reviewed at least monthly and updated their own risk logs. The responsible persons of the departments updated and reported the risk logs to the Risk Manager and the responsible executive director (the “Responsible ED”) of the Group on a regular basis. The Responsible ED then presented the consolidated risk logs to Senior Management for identification and assessment at management and Group levels. Senior Management updated the Board on any significant risks and progress via monthly reports or in Board meetings. The Board recognizes the need for sound and effective risk management and internal controls systems to safeguard shareholders’ investment and the Group’s assets. The Board acknowledges its overall responsibility for the Group’s risk management and internal control systems. With the support of Senior Management and the Audit Committee, the Board reviewed the effectiveness of the systems which covered different areas, including without limitation, the financial, operational and compliance controls in compliance with the relevant Code Provisions in Appendix 14 of the Listing Rules. Such systems were designed to manage rather than eliminate the risk of failure to achieve the Group’s business objectives, and could only provide reasonable and not absolute assurance against material misstatement or loss. The risk management system framework adopted by the Group was designed by reference to the principles and process outlined in the international standard of ISO31000. Appropriate risk management activities were embedded into business planning, project management, contract management, business operations and organisational procedures. The six steps involved in the risk management process are: 1. Establish the scope, context and criteria 2. Risk assessment (Risk identification, risk analysis, risk evaluation) 3. Risk treatment 4. Monitoring and review 5. Recording and reporting 6. Communication and consultation