Construction Industry Council - Annual Report 2024

ANNUAL REPORT 2024 35 CORPORATE GOVERNANCE REPORT FIRST LINE Operational management is responsible for maintaining effective internal controls on a day-to-day basis. Internal policies and procedures are established and documented in the CIC’s operation manuals. All divisions and departments are required to conduct regular reviews on their operational manuals and ensure staff’s compliance with internal operational policies and procedures. Operational management reports, including areas with control deficiencies, if identified, and rectifying measures and controls, are compiled on a regular basis. SECOND LINE Financial control, quality assurance, compliance and risk management functions are in place to ensure proper internal controls over daily operations (i.e. the First Line of Risk Management). A team of experienced staff with accounting expertise and relevant qualifications is responsible for the financial reporting and accounting functions. By an integrated top-down and bottom-up risk review process, risk items in CIC are identified and prioritised for monitoring by different levels of management according to the risk levels. An open and effective communication channel is created to ensure controls of top risks, timely reporting of emerging risk exposures and formulating relevant mitigation measures. CIC maintains a corporate level risk register and a departmental level risk register and these are reviewed and updated periodically under the risk management mechanism. Under the mechanism, views from all managerial staff are solicited to identify top tier risks and cross department risks the CIC is facing. Forums and/or interviews facilitating the discussion of strategies to manage the identified potential risks are held where appropriate. The risk management mechanism lays down a defined way to assess risks and increase the awareness of staff in relation to risk management. THIRD LINE The Internal Audit Department is responsible for reviewing the effectiveness of governance, risk management and internal controls in the first two Lines of Risk Management. The Department is comprised of staff with professional qualifications and has unhindered access to operational information for executing its duties. Through a risk-based audit approach, the Department assesses the effectiveness of internal controls of CIC across key business processes. The Committee of Sponsoring Organisations of the Treadway Commission (COSO) Framework is also adopted to assess the five major components of internal controls, namely control environment, risk assessment, control activities, information and communication, and monitoring activities. The Department, with the assistance of an external vendor specialising in internal audit, conducts internal audit exercises according to the annual internal audit plan approved by the Audit Committee. Findings are discussed and confirmed with the senior management and reported to and considered by the Audit Committee, to ensure the highest level of independence and objectivity.