The Board has overall responsibilities for maintaining effective risk management and internal control systems of the Group and determining the nature and extent of the risks it is willing to take in achieving the Group’s objectives, and such systems are designed to manage rather than eliminate those risks, and can only provide reasonable and not absolute assurance against material misstatement or loss.

The Risk Committee assists the Board in deciding the Group’s risk level and risk appetite, considering the Group’s risk management strategies and giving guidelines where appropriate, and ensuring the soundness and effectiveness of the Group’s risk management system. The risk management process involves identification, analysis, evaluation, mitigation, reporting and monitoring of risks.

The Group’s internal control system comprises, among others, a well-defined governance structure with clearly defined lines of responsibility and authority and relevant financial, operational and compliance controls, and risk management procedures are in place. The Executive Directors review monthly management reports and hold periodical meetings with senior operational and finance management to discuss business performance and market outlooks.

The Internal Audit Department of the Company reports directly to the Audit Committee and is independent of the Company’s daily operation. It is responsible for conducting regular audit on the major activities of the Group. Its objective is to ensure that all material controls, including financial, operational and compliance controls and risk management functions are in place and functioning effectively.

The risks which may have significant impact to the Group were identified from internal and external environments and were managed properly. An annual review of the internal control and risk management systems of the Group was conducted, and report on the results of the review and opinion were submitted to the Audit Committee and the Risk Committee. The Audit Committee and the Risk Committee reviewed the reports and followed up on the implementation of the action plan, and reported to the Board.

Based on the reports from the Audit Committee and the Risk Committee, the Board is satisfied with the effectiveness of the Group’s risk management and internal control systems as well as the adequacy of resources, staff qualifications and experience, training programmes and budget of the Group’s accounting, internal audit and financial reporting functions, as well as those relating to the Group’s ESG performance and reporting.