Market Turnover
-






-
-
|
|
|
|
|
|
-
-
-
About HKEX
About HKEX
About HKEX
Investor Relations
Investor Relations
Corporate Governance
Corporate Governance
Sustainability
Sustainability
Media Centre
Media Centre
Careers
Careers
Related Sites: LME
HKEX Group
HKEX Group
LME
LME
Bond Connect
Bond Connect
QME
QME
HKEXnews
HKEXnews
GEM
CESC
CESC
Sustainable & Green Exchange (STAGE)
Client Connect
Client Connect
Latest Market Data
Our Products
Securities
Equities
Exchange Traded Products
Structured Products
Real Estate Investment Trusts
Debt Securities
Listed Derivatives
Equity Index
Single Stock
Foreign Exchange
Interest Rate
Commodities
OTC Derivatives
Eligible OTC Clear Products
Interest Rate Swaps
Non Deliverable Forwards
Cross Currency Swaps
Deliverable FX
Find a Partner
MSCI Index Futures & Options
HKEX Sustainable & Green Exchange
Our Services
Trading
Securities
Overview
Infrastructure
Derivatives
Overview
Infrastructure
Connectivity
Hosting Services
SDNet/2
Data and Index Services
Real Time Data Services
Historical Data Services
Infrastructure
Index Services
Rules, Forms & Fees
Rules
Forms
Fees
Clearing
Securities
Overview
Infrastructure
Risk Management
CCP Disclosures
Listed Derivatives
Overview
Infrastructure
Risk Management
CCP Disclosures
OTC Clear
Overview
Infrastructure
Risk Management
CCP Disclosures
Settlement and Depository
Settlement - Securities
Depository
Common Nominee Services
Securities Admission into CCASS
PFMI
Unclaimed Entitlements Held by HKSCC Nominees Limited
Uncertificated Securities Market
Platform Services
Client Connect
Corporate Action Messaging Standardisation
FINI - A New Era for Hong Kong’s IPO market
Orion Cash Platform
Orion Derivatives Platform
Integrated Fund Platform
Circulars & Notices
Become a Participant
HKEX Connect Hall
Join Our Markets
IPO
Listing with HKEX
GEM
Southeast Asia Listing Insights
Northbound and Southbound
Stock Connect
Bond Connect
Commodities
LME
QME
Sustainable Finance
Sustainable & Green Exchange (STAGE)
Core Climate
Listing of Specialist Technology Companies
Core Climate
Listing Regulations
How We Regulate
Overview
Listing Newsletters
Listing Committee
Listing Review Committee
Listing Policy Panel Report
Rules and Guidance
Listing Rules
Interpretation and Guidance
Listing of Overseas Issuers
Listing of Biotech Companies
Listing of Specialist Technology Companies
Technology Enterprises Channel (TECH)
Launch of FINI platform
Expansion of the Paperless Listing Regime
Listing e-Forms Guidance Materials
IPO
Application Proof, PHIP and Related Materials
New Listing Information
Listing Matters regarding Sponsor Regulation and Intermediaries Regulation
Other Materials
e-Learning
Listed Issuers
Issuers' Continuing Obligations & Annual Listing Fees
Guides on the Exchange's Practices and Procedures for Handling Listing-related Matters
e-Learning
Current topics
Exchange's Reports
Structured Products
Products and Issuers' Information
Guidance
Debt Securities
Summary of Listing Requirements for Debt Issues to Professional Investors Only
Guidance Materials
Disciplinary & Enforcement
Overview
Disciplinary Procedures
Enforcement Guidance Materials
Disciplinary Sanctions
Enforcement Bulletin
Enforcement Statistics
Request for Assistance
Sustainability & Corporate Governance
ESG Academy
Board Diversity Hub
Corporate Governance Practices
INED Corner
What's New
Listing Newsletters
Contact Us / Make a Complaint
News Centre
Corporate News Releases
Regulatory Announcements
Market Communications
Market Consultations
News Centre
HKEX Calendar
Research Reports
Connect Programmes
Connect Hub
Stock Connect
Bond Connect
Swap Connect
Daily Statistics
Market Highlights
Eligible Securities
Market Data
Stock Quote Lookup
Securities Prices
Equities
Exchange Traded Products
Derivative Warrants
Inline Warrants
Callable Bull / Bear Contracts
Real Estate Investment Trusts
Debt Securities
Futures & Options Prices
Equity Index
Single Stock
Foreign Exchange
Interest Rate
Commodities
Statistics
Consolidated Reports
Securities Market
Derivatives Market
Participant
Clearing, Settlement and Depository
HKEXnews
News Alerts
Market Data Services






Roles and responsibilities Risk management Internal controls Policies on whistleblowing and anti-corruption

Practical considerations for boards

Questions the board should ask when considering the issuer’s procedures to identify and assess risk:

  • Has the board considered and formulated clear objectives? Is the issuer’s process of risk identification and assessment focused on safeguarding these objectives?
  • Is the current risk identification procedure wide enough to cover not only existing risks but also emerging risks?Is there a robust process of continued monitoring for new / emerging risks (and re-evaluation of existing risks)?
  • What is the level of the issuer’s risk tolerance in pursuing its objectives?Has this been clearly communicated throughout the organisation?
  • Has the risk assessment sufficiently taken account of the impact of each risk on the issuer’s objectives? Are the risk management strategies aligned with the issuer’s risk tolerance?
  • Are there any procedures for regularly adjusting the existing risk assessment to reflect developments or changes in the issuer’s objectives or risk profile?
  • Have sufficient resources been committed to the process of risk identification and assessment?
  • Do channels exist for different functions within the issuer to elevate risks or voice concerns in terms of the existing risk assessment procedures?

Risk management

Risk identification and assessment
  • An issuer’s risk management closely interacts with the operational, reporting and compliance objectives of the issuer and the issuer’s framework of internal controls. To understand its exposure to risks, an issuer should first define clear objectives:
    • Operational Objectives – Objectives which facilitate effective and efficient operations by enabling the issuer to achieve strategic, operational and financial performance goals and safeguard such goals against business, operational, financial, compliance and other risks (including fraud).
    • Reporting Objectives – Objectives which safeguard the quality of the issuer’s internal and external reporting, including through the maintenance of proper records and processes that generate timely, relevant and reliable information.
    • Compliance Objectives – Objectives which focus on the issuer achieving regulatory compliance (and compliance with applicable laws) and adherence to internal policies with respect to the operation of the issuer’s business.
  • After defining its objectives, an issuer can identify the risks that may impact or prevent it from achieving these objectives. The risks that each issuer encounters will be different, depending (among other things) on the scale, complexity and geographical locations of its business operations. An issuer should undertake the following steps:
    • Analyse the source of potential risks – The scope of the issuer’s analysis should be broad and cover risks that can develop from internal processes and infrastructure (for example IT infrastructure, issuer’s resources, assets, organisation and operational infrastructure), as well as from external interactions, developments and threats (for example political or economic environment, business developments, and interaction with outside parties). Without limitation, the scope for analysing potential risks should be wide enough to cover material ESG risks, cyber security risks, and fraud risk.
    • Evaluate and prioritise the identified risks – To formulate its risk management strategy, the issuer will have to evaluate identified risks and develop procedures to prioritise addressing significant risks and allocate relevant resources accordingly. This evaluation should be conducted by the board with the support of the issuer’s management.
    • Monitor existing risks (and the emergence of new risks) – The issuer should constantly monitor the development of current and emerging risks.   For the purpose of tracking risks and logging risk responses, an issuer may consider creating a risk register of all identified risks with a particular focus on significant risks.  This risk register should be updated regularly and, in any event, at least annually.
Risk heat map

Download Topic – Risk Management and Internal Controls Download full guide