Risk Management and Internal Control

The Board has overall responsibility for maintaining and ensuring effective implementation of the risk management and internal control systems of the Group and review their effectiveness to safeguard the Shareholders’ interest and the Company’s assets.

The Group has implemented an effective internal control system which includes a defined management structure with clear lines of responsibility and limits of authority, proper procedures for income and expenditure, monthly review by the Executive Directors of operational and financial reports provided by the management, regular business meetings between the Executive Directors and the core management team and periodic review of the Group’s financial results by the Board.

The Board, through the Audit Committee, continue to review the effectiveness and adequacy of the Group’s system of internal control which includes financial, operational and compliance mechanisms and risk management functions in order to identify, evaluate and manage risks and take appropriate measures to avoid or mitigate those risks that could adversely impact the Group’s business activities. The review also includes the adequacy of resources, qualifications and experience of staff of the Company’s accounting and financial reporting function, and their training programmes and budget. The review process consists of, amongst other matters, assessment and implementation of material control issues identified by an independent external auditor during statutory audit.

The Company has engaged an independent internal audit consultant (the “Independent Internal Audit Consultant”) to assist the management to carry out an entity-level risk assessment which includes identification, evaluation and prioritization of risk factors that the Company is facing. During the year 2016, the Independent Internal Audit Consultant completed the risk assessment and has submitted the assessment results (including an annual internal audit plan) to the management of the Company for review and reported to the Audit Committee for approval. The Board considered that the risk management and internal control system was adequate and effective.

The Independent Internal Audit Consultant, who provides risk assessment services to the Company, has also performed the internal audit reviews for the Group. The Independent Internal Audit Consultant has recommended an internal audit plan to the management of the Company and the Board, and assisted the Company to review the internal control system on certain selected processes for the financial year of 2016. The management of the Company agreed on the findings and adopted the recommendations accordingly.