搜索
–ABasicFrameworkandInternalControlRiskManagement1FOREWORDSincetheformationoftheCorporateGovernanceCommitteein1995,theHongKongInstituteofCertifiedPublicAccountantsisproudtohavebeenplayingaleadingroleinpromotinggreaterawarenessandhigherstandardsofcorporategovernanceinHongKong.TheInstitutebelievesthatgoodcorporategovernanceisfundamentaltoattractinginvestment,stimulatingeconomicgrowthandreducingthecostofcapital.ItisalsovitaltoHongKong’sroleasoneoftheworld’smajorfinancialcentresandthepremierinternationalcapitalmarketforMainlandChinaandtheregion.Wearesupportive,therefore,oftheStockExchangeofHongKongLimited’srecentamendmentstotheListingRulestointroducetheCodeonCorporateGovernancePractices(“theCode”)andtherequirementsinrelationtotheCorporateGovernanceReport.ThesechangeswillraisethebarforlistedcompaniesinHongKongintermsoftheircorporategovernancepracticesanddisclosures.ThisguideoninternalcontrolandriskmanagementhasbeendevelopedattheinvitationoftheStockExchange,withtheprimaryobjectiveofprovidinggeneralguidanceandrecommendationsonabasicframeworkofinternalcontrolandriskmanagement.Itdrawsonimportantoverseasstudies,whichareacknowledgedbenchmarksofinternationalgoodpracticewhile,atthesametime,takesintoaccountthecurrentsituationoftheHongKongmarket.WebelievethattheprinciplesandrecommendationscontainedinthisguideshouldhelplistedcompaniestounderstandandimplementtherequirementsintheCoderelatingtointernalcontrol,andtodevisetheirowninternalcontrolproceduresthathaveregardtothespecificcircumstancesandcharacteristicsoftheirbusiness.Enhancingcorporategovernanceisnotsimplyamatterofimposingrulesandlawsbutaboutpromotinganddevelopinganethicalandhealthycorporateculture.Ihopethatthisguidemakesitabundantlyclearthatestablishingasoundsystemofinternalcontrolandreviewingitseffectivenessisnotanexerciseinlearninghowtocomplywithunwelcomeandonerousregulatoryrequirementsbut,rather,itisaboutimplementingmechanismsthatwillhelpacompanytoachieveitscorporateobjectivesandfulfiltheexpectationsofitsshareholdersandstakeholders.Atthebasiclevel,theguideemphasisesthat,asapreconditionforhavingeffectivecontrols,acompanymustensurethatithasclearobjectivesthatareagreedbytheboardandwell-understoodbytheseniormanagementandemployees.Thecompanyshouldthenidentify,assessandprioritisetherisksthatcouldpreventitfromachievingthoseobjectives,andestablishprocessestomanagethemeffectively.Itmustalsohaveinplaceearlywarningindicatorssothatifthingsgooffcourse,thesituationisquicklyidentifiedandbroughttotheattentionoftheappropriatepeopleforaction.Forthistohappen,therealsoneedstobegoodcommunicationandaneffectiveflowofinformation,bothinternallyandwithexternalparties,suchasauditorsandregulators.Finally,ongoingmonitoringandreviewsofthesystemarerequiredbecausethebusinessenvironmentandconditionscontinuetochange.Unfortunately,therearefartoomanycompanieswheresome,orall,oftheseelementshavebeenlackingand,indeed,someofthemhavefailedbecauseofit,despitehaving,onpaper,goodbusinessprospects.Somehavegrowntoofast,andgenerallyoutruntheabilityoftheirinternalcontrolandriskmanagementmechanismstocope,othershavefailedtoinstallproperinternalchecksandbalancesandhavethusfailedtoidentifytheearlysignsofproblems,andyetothershavesuccumbedtotheforceofpersonalityofdominantboardmembersandcontrollingshareholders,whoseethicalvaluesfallshortofmarket–ABasicFrameworkandInternalControlRiskManagement2expectationsandthepublicinterest.Weareallfamiliarwithexamplesofthetypeandshouldlearnfromthem.Whilegoodinternalcontrolscannotbeapanaceaforallcorporateproblems,theycanhelptoprovideareasonableassurancethatasoundbusinessinthehandsofdecisionmakerswithgoodsenseandjudgementwillsucceedinitsobjectives.Ihopethatitwillbeobvioustothereaderofthisguidethatitfocusesasmuchonprotectingthebusinessandcreatinganenvironmentwhereitcanthriveandincreaseshareholdervalue,asitdoesoncompliancewithrulesandregulations.Goodethicalgovernanceembracesgoodcorporategovernance,andaneffectivesystemofcorporategovernanceshouldenablebothcomplianceandperformancetobeachievedtothereasonableexpectationofshareholdersandstakeholders.Thisiswhyeffectiveinternalcontrolsandriskmanagementmechanismsshouldbeincorporatedwithinacompany’snormalmanagementandgovernanceprocesses,andshouldconstitutepartofitsframeworkofaccountabilityandregularreportingtoshareholders.InkeepingwiththeCode,theimmediatetargetsofthisguidearelistedcompaniesandtheirsubsidiariesand,beyondthis,othercompaniesinthegroup.However,Ihopethatcompaniesthatarenot(ornotyet)listedandotherinterestedpartieswillalsofindthisguidetobeausefulreference.EdwardK.F.ChowPresident,andChairman,InternalControlandRiskManagementGuideTaskForceHongKongInstituteofCertifiedPublicAccountantsJune2005–ABasicFrameworkandInternalControlRiskManagement3COMPOSITIONOFTHEINSTITUTE’S2005CORPORATEGOVERNANCECOMMITTEEChairman:ChewFookAunKyardLtd.DeputyChairmen:MichaelK.H.ChanLamSoon(HongKong)Ltd.RichardGeorgeDeloitteToucheTohmatsuMembers:NicholasAllenPricewaterhouseCoopersDavidChengHLBHodgsonImpeyChengGordonW.E.JonesCompaniesRegistryQuinnY.K.LawTheWharf(Holding