Staying current with risk management best practices is a key part of our service. We continuously monitor regulatory changes, emerging risks, and industry trends. This knowledge is integrated into our risk advisory services, ensuring that your organization's risk management approach remains relevant and effective. Additionally, we provide ongoing training and workshops to keep your team informed and prepared for the evolving risk landscape.

Recognizing the uniqueness of every organization, we tailor our risk management strategies to align with your specific needs and industry context. Following a thorough risk assessment, we create bespoke solutions, taking into account factors like your company's size, structure, business model, and industry trends. Our multidisciplinary team of experts in engineering, accounting, finance, ESG, surveying, and compliance uses its diverse knowledge base to address the specific risks associated with various industries. We refine our approach according to your unique requirements, delivering solutions that are both industry-specific and holistic. Regardless of your industry background, we are committed to helping you navigate the complex risk landscape effectively and responsibly.

Our risk identification and assessment process begins with a thorough understanding of your organization's operations, industry practices, and strategic objectives. We use a variety of tools and techniques, including interviews, surveys, and data analysis, to identify potential risks. Once identified, these risks are evaluated based on their likelihood and potential impact. We then prioritize them using a risk matrix and develop strategies to manage them effectively.

The relevant code provisions are specified in Section D.2 of the Corporate Governance Code.
Below are the key provisions:

• The board should oversee the issuer’s risk management and internal control systems on an ongoing basis, ensure that a review of the effectiveness of the issuer’s and its subsidiaries’ risk management and internal control systems has been conducted at least annually and report to shareholders that it has done so in its Corporate Governance Report. The review should cover all material controls, including financial, operational and compliance controls.
• The board’s annual review should ensure the adequacy of resources, staff qualifications and experience, training programmes and budget of the issuer’s accounting, internal audit, financial reporting functions, as well as those relating to the issuer’s ESG performance and reporting.
• The board’s annual review should consider:
     > the changes of significant risks
     > scope and quality of management’s ongoing monitoring of risks and of the internal control systems
     > extent and frequency of communication of monitoring results to the board
     > significant control failing or weakness identified and their impact on financial performance
     > effectiveness of processes for financial reporting and listing rules compliance

An effective risk management system must be endorsed by the senior management and the Board of Directors from a top-down approach.

The key components of a risk management system are:

• Risk identification
• Risk assessment & evaluation
• Risk mitigation
• On-going monitoring

Companies could take reference from the “Internal Control-Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) and “Internal Control & Risk Management - A Basic Framework” issued by HKICPA.

A risk-based internal control review plan is particularly important and should be formulated and approved by the Audit Committee. The findings and recommendations should also be carefully considered by the Audit Committee, and ongoing monitoring should be put in place.

Internal control and risk management are conducted based on different rules and guidelines, including but not limited to:

• US COSO Internal Control Integrated Framework, US SOX Act Section 404；
• US COSO Internal Control Integrated Framework, US SOX Act Section 404；
• HKICPA Assistance Options to New Applicants and Sponsors in connection with Due Diligence Obligations, including Internal Controls over Financial Reporting
• HKEX Mainboard Chapter 14 / GEM Chapter 15 – Corporate Governance Code

For example, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has provided a framework for Enterprise Risk Management and organized it into five interrelated components, 1) Governance and Culture, 2) Strategy and Objective-Setting, 3) Performance, 4) Review and Revision and 5) Information, Communication and Reporting. These five components are supported by a set of principles.

We serve a broad spectrum of industries, leveraging our extensive experience and in-depth knowledge in sectors such as finance, technology, manufacturing, healthcare, retail, and energy. Our team of experts is well-equipped to understand the unique risk landscapes across these sectors, enabling us to provide highly specialized risk management solutions.

The management is responsible for the board's risk management policy and procedures execution and implementation. It should design, implement, and supervise the risk management and internal control systems, to ensure the systems' effectiveness to the board.

The board takes responsibility for the identification and control of risk and should discuss the issuer's long-term strategic objectives and internal control issues concurrently. For instance, the issuer's risk appetite, risk management, and internal control systems, risk and return trade-off.