Annual Report 2025

Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2025 96 Corporate Governance Report 企業管治報告 ENTERPRISE RISK MANAGEMENT The Board acknowledges its responsibility for assessing the adequacy and the effectiveness of the risk management and has authorized the Audit Committee to act as the professional committee to review the risk management reports submitted by the Management, ensuring that the Management has fulfilled its responsibilities to establish effective risk management and internal control systems, and review them annually. Systems and procedures have been established by the Group to identify, assess, manage and monitor various risks including strategy, financial, market, operation and compliance that may have impacts on the Group and each major department. For the year ended 31 December 2025, the Board considered that the risk management is adequate and effective for the purposes set out in Principle D2 of the Corporate Governance Code. The risk management of the Company is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss. The Company has built an enterprise risk management (“ ERM ”) system with a view to enhancing the risk management and corporate governance practice, and improving the effectiveness and efficiency of internal control system across the whole Group. The Group has organised and established a risk management group (“ Risk Management Group ”) headed by the CEO, responsible for daily management related to risks of the Group. All of the Group’s subsidiaries have also established their risk management teams, responsible for their own risk management. At the same time, the Group has built an overall framework for effective risk management, and has an experienced risk management team to ensure the adequacy of the Group’s resources, staff qualifications and experience, staff training programmes and relevant budget in the Company’s accounting, internal audit, financial reporting functions as well as those relating to the Company’s ESG performance and reporting. 企業風險管理 董事會知悉其評估風險管理工作充足性及有效 性的責任，並授權審核委員會作為專業委員 會，審閱管理層提交的風險管理報告，確保管 理層已履行建立有效的風險管理及內部監控系 統的職責，並每年對其進行檢討。本集團已建 立系統及程序以識別、評估、管理及監控各種 可能影響本集團及各主要部門的風險，包括戰 略、財務、市場、運營及合規等方面的風險。 截至二零二五年十二月三十一日止年度，基於 企業管治守則 D2 原則所載的目的，董事會認為 風險管理工作充足且有效。 本公司的風險管理旨在管理而非消除無法實現 業務目標的風險，且僅能就不會有重大失實陳 述或損失作出合理而非絕對保證。 為增強本集團整體的風險管理及企業管治常 規，並提高內部監控系統的有效性及效率，本 公司已建立企業風險管理（「 企業風險管理 」）系 統。 本集團已組建了由首席執行官擔任組長的風險 管理工作小組（「 風險管理工作小組 」），負責 本集團風險相關的日常管理工作。本集團所有 附屬公司亦成立了風險管理工作團隊，負責各 自公司的風險管理工作。同時，本集團已構建 有效的風險管理整體框架，並擁有一支經驗豐 富的風險管理團隊，以確保本集團在本公司會 計、內部審核及財務匯報職能方面及與本公司 ESG 績效與報告相關的資源、員工資歷及經 驗、員工所接受的培訓課程及有關預算是足夠 的。