|Board of Directors|
|Delegation by the Board|
|Accountability and Audit|
|Communication with Shareholders|
The Board aims at making a balanced, clear and comprehensive assessment of the Bank’s performance, position and prospects. An annual operating plan is reviewed and approved by the Board on an annual basis. Reports on financial results, business performance and variances against the approved annual operating plan are submitted to the Board for regular review and monitoring at Board meetings.
Strategic planning cycles are generally from three to five years. The Bank’s strategic plan 2013 - 2015 was reviewed and approved by the Board in January 2013. Progress on the implementation of the key initiatives in the strategic plan is reported to and reviewed by the Board on a regular basis.
The annual and interim results of the Bank are announced in a timely manner within the limits of three months and two months respectively after the end of the relevant year or period.
The Directors acknowledge their responsibilities for preparing the accounts of the Bank. As at 31 December 2013, the Directors were not aware of any material uncertainties relating to events or conditions which may cast significant doubt upon the Bank’s ability to continue as a going concern. Accordingly, the Bank’s Directors have prepared the financial statements of the Bank on a going-concern basis.
The responsibilities of the external auditor with respect to financial reporting are set out in the Independent Auditor’s Report attached to the Bank’s 2013 Financial Statements.
The Board is responsible for internal control of the Bank and its subsidiaries and for reviewing its effectiveness.
The Bank’s internal control system comprises a well-established organisational structure and comprehensive policies and standards. Areas of responsibilities for each business and functional unit are clearly defined to ensure effective checks and balances.
Procedures have been designed for safeguarding assets against unauthorised use or disposition; for maintaining proper accounting records; and for ensuring the reliability of financial information used within the business or for publication. The procedures provide reasonable but not absolute assurance against material errors, losses or fraud. Procedures have also been designed to ensure compliance with applicable laws, rules and regulations.
Systems and procedures are in place in the Bank to identify, control and report on the major types of risks the Bank encounters. Business and functional units are responsible for the assessment of individual types of risk arising under their areas of responsibilities, the management of the risks in accordance with risk management procedures and the reporting on risk management. The Bank maintains an effective risk management framework through the setting up of specialised management committees for the oversight and monitoring of major risk areas and the establishment of risk management departments for relevant functions of the Bank. Relevant risk management reports are submitted to Asset and Liability Management Committee, Risk Management Committee, Executive Committee and Risk Committee, and ultimately to the Board for monitoring the respective types of risk. The Bank’s risk management policies and major control limits are approved by the Board or its delegated committees, and are monitored and reviewed regularly according to established policies and procedures.
More detailed discussion on the policies and procedures for management of each of the major types of risk the Bank encounters is set out in the “Risk Management” and “Capital Management” sections of the “Management Discussion and Analysis” in the 2013 Annual Report, and Supplementary Notes to the Bank’s 2013 Financial Statements.
A review of the effectiveness of the Bank’s internal control system covering all material controls, including financial, operational, compliance, and risk management controls, is conducted annually. The review at the end of 2013 was conducted with reference to the COSO (The Committee of Sponsoring Organisations of the Treadway Commission) internal control framework, which assesses the Bank’s internal control system against the five elements of control environment, risk assessment, control activities, information and communication, and monitoring. The Bank has also conducted an annual review to assess the adequacy of resources, qualifications and experience of staff of the Bank’s accounting and financial reporting function, and their training programmes and budget. The approach, findings, analysis and results of these annual reviews have been reported to the Audit Committee, Risk Committee and the Board.
The Bank has put in place a robust framework for the disclosure of inside information in compliance with the Securities and Futures Ordinance. The framework sets out the procedures and internal controls for the handling and dissemination of inside information in a timely manner so as to allow the shareholders, customers, staff and other stakeholders to apprehend the latest position of the Bank and its subsidiaries. The framework and its effectiveness are subject to review on a regular basis according to established procedures.
The internal audit function provides independent, objective assurance to the Management and the Risk and Audit Committees over the risk management and controls framework, to add value and to improve operations. It also helps the Management accomplish its objectives by bringing a systematic and disciplined approach in the evaluation and improvement of the effectiveness of risk management, control, and governance processes.
The scope of work of internal audit function is to determine whether the framework of risk management, control, and governance processes, as designed and represented by the Management, is adequate and functioning by evaluating the effectiveness of internal controls, risk management and governance processes. To assist in meeting these requirements, internal audit function assesses the design and effectiveness of the primary and secondary controls. It places a degree of reliance on the effectiveness of the work completed by the internal control teams. The outcome is a holistic and timely view of how effectively the material risks within the Bank are being managed.
Opportunities for improving management control, profitability, best practice and the Bank’s image may also be identified during audits and will be communicated to the appropriate level of the Management. The Bank’s Head of Audit reports to the Chairman and the Audit Committee.
KPMG is the Bank’s external auditor. The Audit Committee is responsible for making recommendations to the Board on the appointment, re-appointment, removal and remuneration of the external auditor. The external auditor’s independence and objectivity, and the effectiveness of the audit process are also reviewed and monitored by the Audit Committee on a regular basis.
During 2013, fees paid to the Bank's external auditor for audit services amounted to HK$12m, compared with HK$12.7m in 2012. For non-audit services, the fees paid to the Bank’s external auditor amounted to HK$7.7m, compared with HK$7.6m in 2012. In 2013, the significant non-audit service assignments covered by these fees include the following:
|Nature of service||
Fees paid (HK$m)
|Other assurance services||
The Audit Committee assists the Board in meeting its responsibilities for ensuring effective systems of internal control and compliance relating to financial reporting, and in meeting its financial reporting obligations.
The Risk Committee assists the Board in meeting its responsibilities for ensuring effective systems of risk management, internal control and compliance (other than that relating to financial reporting), and in meeting its risk governance obligations.