Annual Report - QuamIR
Annual Report - QuamIR
Annual Report - QuamIR
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Corporate Governance <strong>Report</strong> (Continued)<br />
<br />
Control Environment<br />
The Group is a tightly-knit organization, the actions of management and its<br />
demonstrated commitment to effective governance and controls are therefore<br />
very transparent to all. The Group strives to conduct all business affairs based<br />
on good business ethics and accountability. We have in place a formal Code<br />
of Conduct & Business Ethics that is communicated to all staff members.<br />
We aim to build risk awareness and control responsibility into our culture and<br />
regard them as the foundation of our internal control system.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
No matter how well an internal control system is conceived and operated,<br />
it is designed to manage, rather than eliminate, the risk of failure to achieve<br />
business objectives, and can only provide reasonable, but not absolute,<br />
assurance. Recognising this, we maintain an effective internal audit function,<br />
the Internal Control and Risk Management (“ICRM”) Department, whose main<br />
features include:<br />
<br />
<br />
<br />
<br />
<br />
(i) independence from operational management;<br />
(i) <br />
(ii) fully empowered auditors with access to all data and every operation of<br />
the Group;<br />
(ii) <br />
<br />
(iii) adequate resources and well qualified and capable staff; and<br />
(iii) <br />
(iv) risk-based auditing, concentrating on areas with significant risks or where<br />
significant changes have been made.<br />
Risk management<br />
The management has an ongoing process to identify, evaluate and manage<br />
the risks faced by the Group. Each risk is rated in terms of probability of<br />
occurrence and potential impact on performance, which serves as a basis<br />
for better priority setting and resource allocation. Mitigation strategies and<br />
plans with respect to each key risk identified are developed and implemented,<br />
which include establishing or enhancing internal controls and procedures.<br />
(iv) <br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Heads of the departments, projects and business units also review and<br />
analyse the key risks associated with achieving the objectives of their<br />
particular departments, activities and businesses from time to time to provide<br />
reasonable assurance that controls are both embedded and effective within<br />
the business.<br />
<br />
<br />
<br />
<br />
22 HKC (Holdings) Limited • <strong>Annual</strong> <strong>Report</strong> 2011