Annual Report 2024

Corporate Governance Report 企業管治報告 78 Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2024 • 每月監控風險應對措施及年底目標達成落 實情況，並及時修訂應對計劃及風險清單 各項內容； • 各事業分部和部門重點業務流程內控審 閱； • 完善風險管理在跨體系間融合落地； • 優化風險管理體系及總體目標，平衡業務 發展與風險管理； • 各事業分部和部門集中資源應對風險相對 較高的業務活動，針對重點風險進行人員 投入、資源投入以及流程優化； • 內部審計部獨立審閱風險管理體系建設的 充足性及有效性，把審閱結果及改善建議 提交到審核委員會； • 每月收集各事業分部和部門重要風險事 件，形成風險事件庫； • 強化風險事件庫及風險指標閉環管理； • 各事業分部和部門定期召開風險管理檢討 會議；及 • 本集團啟動二零二五年風險管理評估工作。 風險管理政策框架 有效的風險管理及內部監控系統對實現本集團 的戰略目標至關重要。本集團已制定風險管理 政策框架，由董事會及審核委員會審核通過， 並由風險管理工作小組執行，授權本集團採用 貫徹一致及有效的方針，充分管理與戰略、財 務、運營、市場及合規相關的風險。 • Monitored the implementation of the risk response measures every month and progress of the year-end targets and revised the response plan and the contents in the risk checklist in a timely manner; • Conducted internal control review of key business processes of each business segment and department; • Improved risk management in the integration and implementation across systems; • Optimized the risk management system and overall objectives, and made the balance of business development with risk management; • Centralized resources on business activities with relatively high risks, invested in personnel and resources and optimized the process for key risks in each business segment and department; • The i n t e r na l aud i t depa r tmen t i ndependen t l y r e v i ewed the adequacy and effectiveness of the risk management system construction and submitted the review results and recommendations on improvement to the Audit Committee; • Collected the major risk events from each business segment and department every month and formed a risk register; • Strengthened the closed-loop management of risk register and risk indicators; • Risk management review meetings were held regularly by each business segment and department; and • The Group initiated the assessment work of risk management for 2025. Risk Management Policy Framework Effective risk management and internal control systems are critical in achieving the Group’s strategic objectives. The Group has established a risk management policy framework, which was audited and approved by the Board and the Audit Committee, and executed by the Risk Management Group. It authorizes the Group to take a consistent and effective approach applied across the Group to fully manage the risks associated with strategies, financing, operations, market and compliance.