Annual Report 2019

107 Transport International Holdings Limited 2019 Annual Report Corporate Governance Report Control Activities The Group’s franchised and non-franchised bus services involve well-established business processes. Control activities are built on top-level reviews, segregation of duties and physical controls. Written policies and procedures with defined limits of delegated authority are in place. These policies and procedures include but are not limited to: Annual budgeting and planning processes Financial and payment authorisation guidelines Procurement and tendering policies IT security policy Quality Management System The Group’s franchised operations, KMB and LWB, have implemented a quality management system (“QMS”) based on the benchmarks prescribed by the International Organisation for Standardisation (“ISO”). Under ISO requirements, major financial and operational procedures and instructions, including illustrative flow charts, are clearly documented and followed by operations. The Hong Kong Quality Assurance Agency (“HKQAA”) conducts an annual independent audit of QMS to assess its effectiveness, efficiency and conformity. During 2019, there was no non-conformity in QMS noted during the ISO audit of the operations of both KMB and LWB. As of December 2019, both KMB and LWB possessed ISO 9001:2015 quality management system certification. In addition, all KMB depots are ISO45001-certified for their occupational health and safety systems and two of KMB’s major bus depots are ISO 14001-certified for their environmental management systems. Business Continuity Plan The Group’s flagship subsidiary, KMB, has formulated and documented a Business Continuity Plan (“BCP”) in respect of key business and IT operations. The BCP is reviewed and updated from time to time according to changes in circumstances. BCP, which is an integral part of the risk management process, creates a systematic approach for providing effective response that enables management to safeguard shareholder value in a crisis by responding promptly and by resuming KMB’s critical business functions at acceptable pre-defined levels. KMB performs walk- through tests and drills periodically to ensure that the BCP will be able to adequately ensure minimal disruption to key businesses if an unforeseeable event occurs. Information and Communication/Monitoring Activities The Group’s IT systems generate timely data to allow management to monitor business operations and thus achieve business objectives. Regular and ad-hoc management and operational meetings are held to facilitate the proper monitoring of internal control and risk management items. Internal Audit Function The Internal Audit Department plays an important role in the assessment of the effectiveness of the risk management and internal control systems. It is responsible for providing the Audit and Risk Management Committee and senior management with independent and objective assurance that the internal control systems of the Group are effective in achieving their objectives, and that any risks and internal control weaknesses have been adequately addressed. The Internal Audit Department holds a group-wide function and covers both franchised and non-franchised operations of the Group. The Head of the Internal Audit Department reports directly to the Audit and Risk Management Committee and the Managing Director. The Internal Audit Department conducts risk-based internal audit reviews in accordance with the International Standards for the Professional Practice of Internal Auditing. All staff in the Internal Audit Department, including the Head of Internal Audit Department, are required to declare their independence every year.