Annual Report 2024

Corporate Governance Report 企業管治報告 73 舜宇光學科技（集團）有限公司 • 2024 年報 本集團的內部審計部應確保本公司的內部監控 健全有效，可維護股東的投資權益及本集團的 資產安全。內部審計部的主要職能是審核本公 司各附屬公司的經營效益、審核主要管理人員 的辭任、協助董事會審核本集團內部監控系統 的有效性、審閱業務流程內部監控、審核全面 風險管理落實情況、推動反舞弊建設及審核個 別項目（如關連交易合規性及發出商品審核報 告）。董事會每年進行本集團內部監控評估，其 中包括財務、營運合規監控與風險管理職能。 內部監控系統旨在管理而非消除未能達成業務 目標的風險，而且只能就不會有重大的失實陳 述或損失作出合理而非絕對的保證。 企業風險管理 董事會知悉其對風險管理工作的有效性負責， 並授權審核委員會作為專業委員會，審閱管理 層提交的風險管理報告，確保管理層已履行建 立有效的風險管理及內部監控系統的職責，並 每年對其進行檢討。本集團已建立系統及程序 以識別、評估、管理及監控各種可能影響本集 團及各主要部門的風險，包括戰略、財務、市 場、運營及合規等方面的風險。董事會認為截 至二零二四年十二月三十一日止年度的風險管 理工作足夠且有效。 本公司的風險管理旨在管理而非消除無法實現 業務目標的風險，且僅能就不會有重大失實陳 述或損失作出合理而非絕對保證。 為增強本集團整體的風險管理及企業管治常 規，並提高內部監控系統的有效性及效率，本 公司已建立企業風險管理（「 企業風險管理 」）系 統。 The internal audit department of the Group should ensure that the Company maintains sound and effective internal controls to safeguard the Shareholders’ investment interests and the Group’s assets safety. The main functions of the internal audit department are to audit the operating efficiencies of each subsidiary of the Company, to audit upon resignation of key management personnel, to assist the Board in reviewing the effectiveness of the internal control system of the Group, to review internal control of business processes, to audit the implementation of overall risk management, to promote the construction of anti-malpractice and to audit individual projects (such as compliance of connected transactions and audit report of goods in transit). Evaluation of the Group’s internal controls covering financial, operational compliance controls and risk management functions will be conducted annually by the Board. The internal control systems are designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss. ENTERPRISE RISK MANAGEMENT The Board acknowledges that the Board is responsible for the effectiveness of the risk management and has authorized the Audit Committee to act as the professional committee to review the risk management reports submitted by the Management, ensuring that the Management has fulfilled its responsibilities to establish effective risk management and internal control systems, and review them annually. Systems and procedures have been established by the Group to identify, assess, manage and monitor various risks including strategy, financing, market, operation and compliance that may have impacts on the Group and each major department. For the year ended 31 December 2024, the Board considered that the risk management is adequate and effective. The risk management of the Company is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss. The Company has built an enterprise risk management (“ ERM ”) system with a view to enhancing the risk management and corporate governance practice, and improving the effectiveness and efficiency of internal control system across the whole Group.