E
CITIC Limited Annual Report 2014
Business and Financial Review

Risk Management

In accordance with the Group’s development strategy, CITIC Limited has established a risk management system covering all the business segments to monitor, assess and manage various risks in the Group’s business activities.

The risk management system of CITIC Limited is established along the core concepts of Enterprise Risk Management Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and the Basic Standard for Enterprise Internal Control jointly issued by five ministries and commissions (Ministry of Finance, CSRC, National Audit Office, CBRC and CIRC) in 2008 as well as relevant guidelines and governmental policies.

The risk management system of CITIC Limited comprises “Four Levels” and “Three Lines of Defence” based on the corporate governance structure. The “Four Levels” are the (i) board of directors, (ii) senior management and several committees, (iii) risk management functions of CITIC Limited, and (iv) member companies. The “Three Lines of Defence” are the (i) first line of defence comprised by business units of each level of CITIC Limited, (ii) second line of defence comprised by the risk management functions of each level of CITIC Limited, and (iii) third line of defence comprised by the internal audit departments or functions of each level of CITIC Limited.