China Communications Services Corporation Limited - Corporate Governance

Home > Corporate Governance > Rules & Practices > Risk Management & Internal Control

Risk Management & Internal Control

Risk Management and Internal Control System

The Board of Directors of the Company is fully responsible for establishing and maintaining an appropriate and effective risk management and internal control system to safeguard the investment of the shareholders and the assets of the Group. The Company has set up an internal control system and risk management mechanism in compliance with the COSO standards and defined management structure and its authority, which aims at ensuring the efficient utilization of the resources of the Company to achieve its business targets and safeguard its assets, with a view to preventing unauthorized utilization or disposal of the resources of the Company, securing appropriate accounting records to provide reliable financial evidence for internal use or external dissemination, so as to ensure that its operating activities are in compliance with relevant laws and rules. The above control system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material misstatement or loss. The Company has a Code of Conduct for Employees to ensure ethical values and competency and it attaches great importance to the prevention of fraud risk and has established an internal reporting mechanism to encourage anonymous reporting of irregularities by the Company’s employees, especially senior management. The Audit Committee has the power to make inquiries of the President and Chief Financial Officer of the Company regarding any fraud, whether material or not, involving management or other employees who play a significant role in the internal controls of the Company. For more information on the Company’s anti-corruption initiatives, please refer to the “Environmental, Social and Governance Report” section of 2023 annual report.

The Company attaches great importance to risk management in the course of its daily operation. With a decade of development since the listing, the Company has established a risk management culture appropriate to its business practices. The Company put in place a set of practicable risk management methods as well as a sound organization structure and management mechanism for risk management, which solidified risk management procedures, enhanced risk management efficiency and perfected its comprehensive risk management mechanism. In 2023, the Company took into account the requirements of Rule D.2 of the Corporate Governance Code of the Stock Exchange and continued to strengthen the identification, classification, assessment and control of risks, paid attention to environmental changes, strengthened green and energy-saving measures, innovation and transformation, and compliant operation. The Company actively shouldered social responsibilities, improved management efficiency, and monitored and tracked significant risks related to environmental, social, and governance, to promote its long-term sustainable development. No material risk issue was identified during the year. After strict identification, assessment and analysis of risks, the Company conducted assessments on the potential risks that the Company may be exposed to in 2024, such as market risks and financial risks, as well as the significant risks related to environmental, social and governance, and proposed practicable corresponding solutions. The Company formulated the annual risk management report which sets out the risk management work in 2023 and the assessment of material risks and the control plan for 2024. For details of the major risks of the Company, please refer to the “Report of the Directors” and “Environmental, Social and Governance Report” sections of this annual report.

Since its listing in 2006, the Company has formulated the internal control manual, internal control assessment rules and other systems based on the COSO internal control framework. Over the years, the Company has striven to improve the systems related to internal control and risk management in light of the changes in internal and external operating environments and business development requirements. In 2023, according to the internal and external regulatory requirements, as well as in response to the strategy of corporate transformation, the Company adapted to the changes in its operation management and policy environment and completed the revision of the internal control manual, and optimized and improved the internal control authority list. The Company has newly added internal control procedures related to environmental, social and governance as well as business practices on network information security management, overseas investment business, equity investment management and debt financing management. We revised the business processes for capital management, fixed asset management, contract management and procurement, and improved the management practices for safety production business, guarantee business management and assets rights management to ensure that the Company’s internal control manual meets the management needs of the Company.

The Company has established an internal audit division, which is responsible for organizing the Company’s daily risk management and internal control assessment and reporting to the Audit Committee and the Board of Directors to ensure that the Board and management maintain and operate a sound risk management and internal control system in accordance with established procedures and standards. In 2023, the Company further strengthened audit supervision, attached importance to the audit rectification and utilization of the results of audit, and continued to strengthen the construction of its audit team and centralized its audit resources in order to foster management improvement and prevent loopholes. The above work plays an important role in supporting the Board, the management and the risk management and internal control assessment.

The Company has formulated guidelines on information disclosure management to regulate the disclosure of the periodical result announcements, sensitive information and other important information of the Company and to make proper disclosure in accordance with the requirements of the Stock Exchange. The Company has established a progressive accountability, verification and reviewing system, to ensure the truthfulness, accuracy and timeliness of information disclosure. The Company will appoint external independent advisors, such as legal advisors, for reviewing and verifying when necessary. The Executive Vice President and the Company Secretary of the Company are responsible for coordinating and organizing information disclosure to ensure the compliance of the information disclosure. The Company Secretary is responsible for the daily management of information disclosure, including the disclosure of inside information. The Company also has the Office of the Board to assist in the detailed work regarding information disclosure.

In order to fulfill the requirements of the Stock Exchange, to ensure connected transactions are carried out according to the pricing policy or mechanism under the framework agreements and to regulate and enhance the management of connected transactions, the Company has formulated the “Administrative Measures of Connected Transactions of China Communications Services Corporation Limited”. The Company enters into a connected transaction framework agreement with China Telecommunications Corporation and applies for the annual caps of connected transactions every three years. At the end of each year, the Company evaluates the connected transactions entered into in each province in the previous year. In order to ensure the compliance and effective operation of connected transactions on financial services with China Telecom Group Finance Co., Ltd., the Company has formulated the “Administrative Measures of Connected Transactions on Financial Services of China Communications Services Corporation Limited”, through transaction verifying mechanism, daily monitoring mechanism, price checking mechanism and contingency planning mechanism, providing safeguards for the internal control of connected transactions on financial services, to ensure compliance with relevant regulatory requirements. The Company develops the monthly budget for deposit services, monitors the total amount of deposits of the provincial companies, and ensures that the caps of connected transactions is not exceeded. In addition, the risk identification and control targets for connected transactions formulated by the Company are set out in the internal control manual. A series of internal control procedures have been established in respect of the reporting and determination of the annual caps for connected transactions, signing and execution of contracts, reconciliation with connected parties, data verification, accounting, verification of information disclosure and information disclosure, and on-going improvements are made to the management process for connected transactions.

Annual Risk Management and Internal Control Assessment

The Company continues to focus on strengthening internal control and risk management and has sound internal control and management systems in place. The main internal control and risk management measures of the Company in 2023 are summarized as below:

In 2023, the internal audit division of the Company took the lead in organizing self-assessment for internal control within the whole Group. During the year, the Company continued its risk-oriented internal control self-assessment, which was organized from top to bottom and under a unified manner. With the changes in the Company’s internal and external environments as well as the continuous expansion of its business scale, the Company increased its attention to comprehensive risk management. On the basis of its risk-oriented internal control self-assessment system and a comprehensive assessment, the Company identified the key areas and processes to focus on according to the major risks that might be faced by the Company during the year, included environmental, social and corporate governance (ESG) risks in the scope of the evaluation, and effectively and adaptively prepare the list of contents to be addressed for the self-assessment in the year, so as to accomplish a comprehensive and well-targeted inspection and assessment, which covered all of its subsidiaries.

The internal control self-assessment was conducted under the supervision of the Company’s comprehensive risk management committee, with the President of the Company acting as its director. Leading by the internal audit division, it organized and coordinated the relevant departments of each risk issue to coordinate and assess their own risks, emphasizing the business departments playing a leading role in dealing with the risk management issues at source. The Company further promoted the effective combination between the self-assessment and daily operation management and ensured the effectiveness of the self-assessment work. The business departments were to decide on the persons responsible, exert themselves as the first line of defense of risk management, and instill the risk prevention awareness into all areas of the Company’s operations, so as to enhance the effectiveness of their self-assessment efforts and promote the improvement of their management.

After the completion of the assessment, the Company focused on prevention of material risks, and reviewed and examined the design and implementation of its internal control and risk management systems. The Company also formulated practical and effective rectification measures in relation to defects identified during the self-assessment to ensure the effectiveness of the rectification, aiming to make ongoing improvements to the internal control system and process so that it could function better to prevent risks and contribute to good management practice. Meanwhile, in the subsequent internal audit, attention was paid to the effectiveness of the internal control for various businesses and inspection was made on assessment of internal control and rectification of defects, so as to ensure that the assessment is effective.

In 2023, the Company further improved its internal audit system and continued to promote the execution of the audit project plan and conduct comprehensive internal audits. The Company made independent and objective supervision and assessment of the operation activities and the appropriateness, compliance and effectiveness of its internal control, with an aim to enhance its operation and create more value for the Company, improve the processes for risk management, control and corporate governance and contribute to the fulfillment of its strategic goals. In light of the requirement on annual key risk control and the characteristics of its operation and management. The internal audit carried out during the year mainly included economic accountability audit, revenues and expenses audit and special audit on relevant matters, with a focus on income and cost accounting, cash management, and product distribution business management. Upon the request of the management of the Company and in light of the needs of relevant business departments, the internal audit division made use of the data from the audit and the audit outcomes to hold the audit joint meetings, so as to provide advice for the decision-making and operation and management activities of the Company.

In 2023, the Company continued to promote audit standardization and widely applied the standard audit plan to various special audits based on its audit informatization system. The Company utilized informatization audit measures to manage the audit projects and established an internal audit quality assessment system to conduct quality assessment so as to improve audit quality and achieve full audit coverage. In 2023, the Company completed not only the planned economic accountability audit, but also the revision of internal control manual and the special audit on the efficiency of internal control process, and promoted the implementation of strategic control to all levels of the Company.

The Board continued to monitor and supervise the risk management and internal control systems of the Company through the Audit Committee, and conducted an annual review on the risk management and internal control systems of the Company and its subsidiaries for the financial year ended 31 December 2023. The review covered all significant aspects of controls, including financial controls, operational controls and compliance controls. After receiving the report from the internal audit division as to the effectiveness of the relevant systems (including the environmental, social and governance related risk management and internal control systems) and the relevant confirmation from the management to the Board, the Board considered that the risk management and internal control systems of the Company were stable, healthy, proper, effective and adequate. The annual review also confirmed that the adequacy of resources, staff qualifications and experience, training programmes, and budget for the Company’s accounting, internal audit, financial reporting functions, as well as those relating to the Company’s environmental, social and governance performance and reporting. The Company has satisfied the requirements under Rule D.2 of the Corporate Governance Code of the Stock Exchange regarding risk management and internal control.