Risk Management and Internal Control
Risk management is an integral part of the Group’s operations at every level. We prioritise the timely identification and mitigation of risks, as it forms the foundation of our risk management approach. With a comprehensive risk management framework, policies and procedures safeguarding group-level and departmental-level operations, we conduct risk management workshops regularly to ensure the concept of risk management is properly cascaded.
In November 2022, a half-day Chinachem Group Business Strategy Risk Management Offsite Retreat was held, with 98 participants from all business and supporting units joined.
Regulator
EXCO
Senior Management
Departments / Sections
- Own and manage risk
- Develop, implement and maintain adequate internal control measures for risk mitigation
Enterprise Risk Management Working Group
- Oversee risks / risk control and compliance
- Work in conjunction with Department to set up procedures and risk mitigation framework
Regulator
Audit Committee
Internal Audit
- Perform independent review on the adequacy, effectiveness, and compliance of internal control system
To ensure the sustainable development of the Group, we are actively addressing the increasing number of risks arising in the rapidly changing environment by establishing a comprehensive risk management mechanism. At the corporate level, we have implemented the Enterprise Risk Management (“ERM”) framework, which enables us to effectively identify, analyse and manage risks. To ensure comprehensive risk assessment, we have formed an ERM working group leading by the Chief Operating Officer and Chief Financial Officer. This group is responsible for supporting departments to identify and prioritise known and emerging risks, and evaluating the existing controls and appropriate further risk mitigation measures. Annual review is conducted by the ERM working group and enterprise top risks are reported to the Executive Committee.
At Group level, we have established, we have implemented the Risk Management P&P and the Internal Control Framework and Management P&P to support our departments in identifying, evaluating and handling risks.
- The Risk Management P&P outlines the responsibilities of our Division / Department Heads in establishing and defining the risk management process for their respective divisions/departments.
- Our Internal Control Framework and Management P&P align with the Internal Control - Integrated Framework (“COSO Framework”) issued by the Committee of Sponsoring Organisations of the Treadway Commission (“COSO”). This framework provides a robust internal control structure adopted by our Group. Additionally, our Internal Audit Department conducts independent reviews of the internal control system across the Group and reports their findings and relevant remediations to the Audit Committee.
The risk control mechanism extends its coverage to development and construction projects as well. Each project is assigned a risk controller who incorporates a risk assessment register (“register”) into the implementation plan. This register comprehensively documents the potential risks, their probabilities and impacts, risk control and mitigation measures, as well as the designated colleague responsible for overseeing each risk item. The register undergoes annual updates until the project is transferred to the project owners.
Recognising the significance of climate change in presenting both risks and opportunities, we have further strengthened our climate risk assessment. For more information, please refer to the ”Climate-related Financial Disclosures” section of this Report.