Skip to Content

Assessment of Risk Management and Internal Control Effectiveness

Updated: 23 May 2017
  • The Risk Committee is delegated by the Board with responsibilities to oversee the Group’s overall Risk Management Framework and to advise the Board on the Group’s risk-related matters. It is also responsible for approving the Group’s risk policies and assessing the effectiveness of the Group’s risk controls/mitigation tools.
  • The Audit Committee, on behalf of the Board, assesses the adequacy and effectiveness of the internal control system in detecting fraud, irregularities or infringement of laws, rules and regulations or material control failures on a regular basis by reviewing the work and findings of Internal Audit Department (IAD). The Audit Committee has delegated authority from the Board to review the adequacy of resources, staff qualifications and experience, training programmes and budget of the Group’s accounting, internal audit and financial reporting functions on an annual basis and monitor HKEX’s compliance with the requirements of the Corporate Governance Code in respect of risk management and internal controls.
  • The Board has reviewed the adequacy and effectiveness of the Group’s risk management and internal control systems, at least quarterly, through the Risk Committee and the Audit Committee. The management’s annual confirmation on the effectiveness of the Group’s risk management and internal control systems is reviewed by the Audit Committee/Risk Committee and is submitted to the Board.
  • Divisions and departments assess effectiveness of existing controls, provide treatment plans where required, and monitor risk mitigating activities.
  • Enterprise Risk Management reports risks regularly at appropriate management levels within the Group and provides assurance on the progress of treatment plans. Details of the Group Risk Report, including the top risks to the Group, changes in the nature and extent of the significant risks, and associated action plans and controls, are set out in the Risk Committee Report.
  • IAD conducts independent reviews of the adequacy and effectiveness of the Group’s internal control system and regularly reports the review results to the Board through the Audit Committee. The IAD’s work covers all material controls, including financial, operational, IT, compliance and risk management controls.