E
CITIC Limited Annual Report 2014
Corporate Governance

Accountability and Audit

Financial reporting

The board recognises the importance of the integrity of its financial information and acknowledges its responsibility for preparing financial statements that give a true and fair view of the Group’s affairs, its results and cash flows in accordance with the Hong Kong Financial Reporting Standards and the Hong Kong Companies Ordinance. The board endeavours to present to shareholders a balanced and understandable assessment of CITIC Limited’s performance, position and prospects. Accordingly, appropriate accounting policies are selected and applied consistently, and judgments and estimates made by the management for financial reporting purposes are prudent and reasonable.

New or revised accounting standards became effective during the year, and those most significant and relevant to the Group are disclosed in Note 2 to the consolidated financial statements on page 163.

The responsibilities of the external auditors with respect to the accounts for the year ended 31 December 2014 are set out in the Independent Auditors’ Report on page 308.

External auditors and their remuneration

The external auditors perform independent reviews or audits of the financial statements prepared by the management. Prior to the Acquisition, PwC was engaged as the Company’s external auditor since 1989 and retired at the close of the 2013 AGM. Since then, KPMG has been appointed as the Company’s external auditor in place of PwC. KPMG was also the auditor of CITIC Corporation Limited. For 2014, KPMG’s fees were approximately as follows:

Statutory audit fee: HK$113 million (2013: HK$41 million).

Fees for other services, including review of the half-year financial statements, special audits, and advisory services relating to systems and tax services: HK$6 million (2013: HK$11 million).

Other audit firms provided statutory audit services at a fee of approximately HK$45 million (2013:HK$15 million) as well as other services for fees of HK$2 million (2013: HK$5 million).

The above-mentioned auditors’ fees for 2013 refer to the remuneration paid to external auditors by CITIC Pacific Limited (now renamed as CITIC Limited).

Internal control

The board has overall responsibility for maintaining a sound and effective internal control system, which is designed and operated to provide reasonable assurance that the business objectives of CITIC Limited in the following areas are achieved:

  • effectiveness and efficiency of operations, including the achievement of performance and operating targets and the safeguarding of assets by the management;
  • reliability of financial and operating information provided by the management, including management accounts and statutory and public financial reports; and
  • compliance with applicable laws and regulations by business units and functions.
CITIC Limited’s internal control framework

CITIC Limited has developed an integrated internal control framework for providing assurance of the achievement of its business objectives, which is consistent with the Enterprise Risk Management Integrated Framework released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Basic Standard for Enterprise Internal Control implemented in mainland China.

The internal control framework adopted by CITIC Limited is illustrated below:

Key control policies and measures

Under the Company’s internal control framework, risk management and internal control are primarily the collective responsibility of every manager and employee. For consistent compliance by every person in the Company, the following key control policies and measures are implemented in the everyday activities, which are summarised below:

The Group has established an audit, risk and internal control team, which reviews systems related to audit supervision, risk management and internal control (including but not limited to investment authorisation, the code of conduct, capital management by subsidiaries, guarantees and payments) in order to enhance its control over these areas.

Monitoring of internal control effectiveness

During the year, the audit and risk management committee assessed the effectiveness of the internal control systems (including financial, operational and compliance control measures as well as risk management) on behalf of the board, and considered the adequacy of the resources, qualifications and experience of employees in the accounting and financial reporting functions, and the sufficiency of training program and related budgets.

The main internal control reviews during the year were as follows:

The board and the management will establish sufficient and effective internal controls through the internal control framework of CITIC Limited. These will ensure that relevant internal controls are in compliance with the Listing Rules and other legal or regulatory requirements of the jurisdictions in which the Group operates in order to improve the internal control system.

Internal Audit

CITIC Limited regards internal audit as an important part of the supervisory function of the board and the audit and risk management committee. The primary objective of internal audit, which is set out in the internal audit charter, is to provide the board and the management with useful information and recommendations on the adequacy and effectiveness of the internal control system of the Group.

Authority and accountability

Under the internal audit charter of CITIC Limited, and as authorised by the board, the audit department may obtain and have access to all records, personnel and physical properties relevant to internal audit. The head of the audit department has unrestricted access to the chairman of the audit and risk management committee and reports directly to, receives directions from, and is accountable to the audit and risk management committee. This reporting relationship enables the Group’s internal audit functions to provide an objective assurance regarding the effectiveness of its internal control system.

Duties

The duties of the internal audit are set out in the internal audit charter, which require that (a) internal audits are conducted with independence, objectivity and due professional care in compliance with the standards, guidelines, and the code of ethics of the Institute of Internal Auditors; (b) audit testing and reviews are carried out at all levels of the Group in order to provide reasonable assurance as to whether the system of internal control is adequate; the assets of the corporation are properly safeguarded; the operations are conducted effectively and efficiently in accordance with the corporation’s strategic objectives, policies and procedures as well as relevant laws and regulations; and the accounting records of the audited entities and operations are reliable; (c) special reviews are conducted by internal audit when required by the management, the audit and risk management committee or the board; and (d) guidance and inspection are provided for the internal audit work of major subsidiaries.

Internal audit resources and work done in 2014

At 31 December 2014, CITIC Limited had approximately 500 audit staff members in the audit department of the head office and internal audit institutions of major subsidiaries providing audit services to various business units and functions of the Group.

During the year, the audit department prepared an annual audit plan in accordance with risk-based principles. Pursuant to the approved annual plan, detailed audit planning for each audit was specified by using the risk-based audit methodology, which was followed by a field audit and discussions with management. Audit reports to the management were prepared after completion of the audit work and summarised for review at each audit and risk management committee meeting. Follow-up work was undertaken by the audit department to evaluate the progress of remedial actions taken by the management of the respective units audited, with follow-up results, progress of work and available resources reviewed at each meeting of the audit and risk management committee.

In 2014, the audit department issued internal audit reports together with review and analysis papers to the management on various business segments and subsidiaries of the Group, including financial, property and infrastructure, project contracting, resources and energy, manufacturing and other business segments. The audit department also conducted other reviews during the year.

Additional tasks performed by the audit department during the year included the following:

  • The department supervised the whistle-blowing channel through which concerns about business conduct are raised by employees and investigations into reported cases are conducted as appropriate.
  • The head of the internal audit department was invited to attend meetings of the Group’s general management to ensure those with internal audit responsibilities remain abreast of major developments of the Group and report the progress of their audit work, major audit findings and related follow-up results in a timely manner.
  • The department provided training to help relevant staff members acquire knowledge of the laws and regulations of Hong Kong, including the Listing Rules, Corporate Governance, and Compliance Code of Conduct.
  • External experts were consulted for conducting continuous follow-up auditing on the Zhongguo Zun project and determining corresponding major areas for auditing according to the progress of the project. These included systems establishment, tendering and procurement, and project progress.
  • Staff of the department worked with a developer of audit management software systems to upgrade and optimise the current audit management system in order to improve the quality of audit work, and developed a collaborative supervision system to promote remedial actions for findings found during auditing.
  • The department implemented a continuous training and development programme, including online training, regular sharing sessions and seminars, for all internal audit staff to enhance their audit skills and knowledge.
  • Various internal audit policies, standards and guidelines were revised in a timely manner in accordance with the laws and regulations and internal audit standards of national regulatory bodies and the Institute of Internal Auditors for consolidation into an Internal Audit Handbook published in December 2014. The handbook will be used across the Group for consistency in the implementation of the policies, standards and guidelines.