Risk Management and Internal Control
In accordance with the Basic Standards for Internal Control of Enterprises and its Implementation Guidance issued by five ministries including the Ministry of Finance and the CSRC and the Internal Control of Listed Companies issued by the Shanghai Stock Exchange, subject to the working discipline of “step-by-step promotion, horizontal and vertical expansion and comprehensive coverage”, the Company established the framework for risk management and internal control at both headquarters and subsidiary and branch levels, covering various aspects including operation, production, management and control, and prepared the working standard and procedural documents according to different business modules in relation to corporate governance, strategic management, production and operation, operation supervision, information disclosure, legal matters, safety quality and environmental protection, human resources, finance management, international business, procurement management and information management, stipulated management measures on internal control system in order to ensure the internal control management of the Company and its subsidiaries and branches has rules in place. Meanwhile, controlling measures have been proactively taken to prevent and manage various risk factors and ensure the smooth production and operation of the Company.
In terms of identification, evaluation and management of significant risks, the Company formed a normalized mechanism of risk management evaluation and reporting. Through preparation of risk evaluation questionnaire and comprehensive application of qualitative and quantitative methods, the Company identifies, distinguishes and evaluates various types of risks and determines the priority of control of significant risk, principle risk and general risk. Based on the above, the Company formulates risk management strategies, solutions and control methods, and forms comprehensive risk management report.
In terms of reviewing the effectiveness of the risk management and internal control system, the Company hasestablished three defense lines in order to review and oversee the effectiveness of the risk management and internal control system :
• The first defence line consists of the functional departments and business units who are in charge of significant risk management control, so as to implement the risk management and control mechanism into specific business procedures;
• The second defence line consists of the leading team of internal control construction system of the Company, management of the Company and the functional department in charge of risk management, which are responsible for the supervision of the formulating and implementing process of significant risk management strategies and solutions of the members of the Company; and
• The third defence line consists of the Board of Directors, the Supervisory Committee, the audit department, the supervision department and external auditors. The audit department of the Company is responsible for organizing and implementing assessment work on risk management and internal control. The supervision department is responsible for supervising the execution of significant risk management strategies and solutions, recognising problems and proposing rectification methods by carrying out various specific investigation activities and reporting to the Board regularly. The Supervisory Committee is responsible for supervising the implementation status of the risk management and internal control of the Board, and putting forward improvement suggestions.
In view of the potential defects of internal control, the Company has established corporate governance structure including the shareholders’ general meeting, the Board of Directors, the Supervisory Committee and senior management, clearly defined the boundaries of power on decision-making, implementation and supervision, formed scientific and efficient mechanism of divisions and balances of duties so as to ensure the effective operation of the internal control system.
In terms of the handling, dissemination and internal supervision of inside information, the Company has formulated the Insiders Registration and Management System and specified the procedures and relevant internal control methods for dissemination of inside information in accordance with the Securities Law, the Administrative Measures for the Disclosure of Information of Listed Companies and other relevant laws and regulations.
The Board is responsible for the on-going supervision of the risk management and internal control system of the Company and reviewing their effectiveness through the Audit and Risk Management Committee. The Audit and Risk Management Committee assists the Board to perform the duties of supervision and corporate governance and review the effectiveness of the risk management and internal control systems of the Company and its subsidiaries at least annually, including the functions of financial, management, compliance, risk management and internal control, and financial resources and internal audit of the Group.
In accordance with the relevant laws and regulations including the Company Law, the Code of Corporate Governance for Listed Companies and the relevant rules and requirements of the Shanghai Stock Exchange and the Hong Kong Stock Exchange, the Company has continued to improve its internal control around the goal of “strengthening internal control, preventing risks and promoting compliance” and ensure effective operation and management of the Company. The first is improving the construction of the internal control system. In 2021, after study and research, the Company has formulated various systems and regulations including the “Regulations on the Supervision of Overseas Financial Funds”, “Regulations on the Management of Financial Personnel Dispatched by Overseas Institutions”, “Interim Measures for the Management of Self-balancing of Cash Flows of Engineering Projects”, “Management Measures for Operating Results Assessment (Trial)” and “Interim Measures for the Management of External Equity Investment”, further consolidated the foundation of internal control and improved the internal control system. The second is further standardizing corporate governance. Through the formulation of “Measures for the Management of Proposals of the Board of Directors”, “Measures for the Management of the Authorization to the Managers by the Board of Directors”, and “Measures for the Tracking, Review and Evaluation of the Implementation of the Board’s Resolutions”, etc., the Company has implemented whole-chain management and control of the proposals of the Board of Directors, facilitated the standardized operation of the Board of Directors from the source, and at the same time clarified the boundary of the powers and responsibilities between the Board of Directors and the management, improved the decision-making efficiency, and strengthened the supervision and guidance of the Board of Directors on the exercise of powers and duties by the managers. The third is building a comprehensive risk management system. After study and research, the Company has formulated the “Comprehensive Risk Management Measures (Trial)” and the “Guiding Opinions on Carrying out the Integrated Construction of Risk Internal Control and Legal Compliance” and made efforts to extend the business risk gateway from post-event to pre-event, from in-balance sheet to off-balance sheet, from the Group to the grassroots and from the internal to the external by focusing on corporate strategies and business processes and embedding risk management into all aspects of production and operation of the Company. The fourth is focusing on building an overall supervision structure. By adhering to the principle of combining prevention and control and giving priority to prevention and facilitating the coordination of inspections by the Party Committee, supervision by the Disciplinary Committee, audit supervision and legal compliance, efforts have been made to build a comprehensive, authoritative and efficient “four-in-one” overall supervision structure.
During the reporting period, the Audit and Risk Management Committee has reviewed the effectiveness of risk management and internal control system of the Group, covering all material aspects, including financial, operational and compliance controls, and taking into account the adequacy of resources, staff qualifications and experience, training programmes and budget of the Group’s accounting, compliance, risk management, internal audit and financial reporting, and has reported relevant matters to the Board. No significant defect in respect of internal control has been discovered by relevant reviews. The Audit and Risk Management Committee has obtained the confirmation of the management on the effectiveness of the risk management and internal control system of the Group during the reporting period. The Board is of the view that the current risk management and internal control system of the Group is adequate to protect the interests of the shareholders during the reporting period.
In addition, the Company carefully complied with regulatory rules and prepared 2021 annual social responsibility report and appraisal report on internal control. The Company engaged PricewaterhouseCoopers Zhong Tian LLP as the internal control auditor of the Company for 2021. PricewaterhouseCoopers Zhong Tian LLP has audited the effectiveness of the Company’s internal control in relation to financial report in 2021 and issued standard unqualified opinions in this respect.