Annual Report 2025

Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2025 116 Corporate Governance Report 企業管治報告 二零二六年主要措施 二零二六年，本集團工作重點將繼續放在： (i) 深化風險管理體系建設，強化事業部自主 管理能力，由集團統籌監督各事業分部風 險管理狀況，以有效管控本集團整體戰略 風險； (ii) 完善風險指標體系，推動各事業分部及部 門拓展關鍵風險指標 (KRI) 的基準管理與行 業對標，增強 KRI 的業務預警作用，加強運 營風險的前瞻識別與閉環改進； (iii) 各事業分部和部門動態識別面臨的風險， 繼續深入推進風險管理常態化、動態化管 理，持續推進風險應對計劃落地； (iv) 加強風險事件庫的及時更新與閉環管理， 固化風險管理經驗，建設並共享風險案例 庫，促進組織學習與能力積澱； (v) 持續推進風險管理與業務的深度融合，將 風險管控要求從總體戰略逐層細化至組織 目標與個人績效，並以內部控制措施為核 心抓手，通過體系與流程的持續優化推動 有效落地； (vi) 推廣風險管理成熟度評估模型，對各事業 部的風險管理水平進行量化評估與精準畫 像，清晰呈現其發展階段，實現差異化的 多態管理。基於評估結果，為各事業部規 劃匹配其現狀的階梯式發展路徑； (vii) 審計部常態檢查各事業分部和部門風險落 地情況，加強重大風險專項檢查； (viii) 優化風險管理智能化系統和搭建風險預警 駕駛艙；及 (ix) 持續進行風險管理賦能，以提高本集團對 風險管理的意識及使命感。 Major Initiatives for 2026 In 2026, the Group’s main focuses will continue to be on: (i) deepening the construction of the risk management system, strengthening the autonomous management capabilities of business divisions, and making the Group oversee and supervise the risk management status of each business division to effectively control the overall strategic risks of the Group; (ii) improving the risk indicator system, promoting benchmark management and industry benchmarking of key risk indicators (KRIs) across business divisions and departments, enhancing the business early warning function of KRIs, and strengthening the forward-looking identification and closed-loop improvement of operational risks; (iii) dynamically identifying the risks that are faced by each business segment and department, continuing to carry out in-depth normalized and dynamic risk management, and continuously promoting the implementation of the risk response plans; (iv) strengthening the timely updating and closed-loop management of the risk event database, consolidating risk management experience, building and sharing a risk case library, and promoting organizational learning and capability accumulation; (v) continuously promoting the deep integration of risk management with business operations, refining risk control requirements from the overall strategy down to organizational objectives and individual performance, and using internal control measures as the core driver to facilitate effective implementation through continuous optimization of systems and processes; (vi) promoting the risk management maturity assessment model, conducting quantitative evaluations and precise profiling of the risk management levels of each business division, clearly presenting their development stages, and achieving differentiated multi- state management. Based on the assessment results, planning a stepwise development path that matches the current situation for each business division; (vii) regularly inspecting the implementation of risks in each business segment and department by the Audit Department, and strengthening special inspections of major risks; (viii) optimizing an intelligent risk management system and building a risk-warning cockpit; and (ix) continuously empowering the risk management to enhance the awareness and sense of commitment in risk management of the Group.