Risk Management and Internal Control Practice - Part 2 (1)
Source : JFU
21 October 2015
JFU Approach to Meeting the New Listing Rule Requirements
Companies listed in Hong Kong are required to observe certain internal control requirements under the Hong Kong Exchange Listing Rules. Internal control provisions are embedded in Appendix 14 of the rules, in particular, Sections C.2.1 to C.2.5, as shown in our previous note.
This note sets out our analysis of the C.2.1 requirements and proposed approach to meeting such requirements, with a summary of action pointers that can be adopted as risk management and internal control policy initiatives.
Analysis of C.2.1 Requirements
The board should
- oversee the issuer's risk management and internal control systems ("Systems") on an ongoing basis
- ensure that a review of the effectiveness of the issuer's and its subsidiaries' Systems has been conducted at least annually and
- report to the shareholders that it has done so in its Corporate Governance Report.
- the review should cover all material controls, including
- operational and
- compliance controls.
JFU Approach 1(a)
The board can fulfill this obligation by forming a workgroup ("WG") comprising senior members of the management drawn from finance, operation and legal functions to be responsible for the design, setup and working of the Systems. An administrator can facilitate the running of workgroup by organizing meetings on a regular basis (monthly), compiling issues, discussion papers, agendas, meeting notes and working reports. The reports are circulated to the board for information, with summaries, highlighting issues arising and disposal of the issues. The board can acknowledge the receipt of the reports, noting issues arising, offer comments or directions as appropriate, as evidence of ongoing oversight.
The administrator can be the internal auditor or his / her deputy.
1(a) Action Pointers
- Form WG
- Nominate members
- Appoint administrator / internal auditor
- Conduct monthly WG meeting
- Circulate WG monthly report
- Sign off by board as evidence of ongoing oversight
JFU Approach 1(b) & 1(d)
The issuer should firstly evidence that the Systems have been put in place with formal documentation, such as a handbook with sections for respective unit or process "owners". The annual review ("AR") should comprise the following elements in order to assess the effectiveness of the Systems: (1) a scope review to ensure the Systems cover all aspects of governance and management, together with operations, projects, units or entities of the business particularly those newly added ones during the year under review; (2) a follow up review to ensure issues arising during the year have been properly disposed of, that is, recommendations reviewed, approved and implemented; (3) a compliance review, that is, conduction of compliance tests on sample transactions, activities and events to confirm that the operation of the Systems conforms with the design.
The scope, follow-up and compliance reviews should apply to financial controls, operational controls and compliance controls, under respective WG members.
1(b) & (d) Action pointers
- Document Systems
- Assign section owners
- Conduct scope review on financial, operational and compliance controls
- Conduct follow up review on financial, operational and compliance controls
- Conduct compliance review on financial, operational and compliance controls
JFU Approach 1(c)
The WG should produce a report upon completion of the AR, signed off by its members representing finance, operation and legal, and submit the AR report to the board as evidence. The board, upon review and approval of the AR report, directs that an affirmative statement be included in governance report accordingly.
1(c) Action pointers
- Produce AR report
- Sign off by WG members representing finance, operation and legal
- Submit AR report to board
- Include affirmation in governance report
Ms. Law for more information
Tel: +(852) 3719 6000