Accountability and Audit
Financial reporting
The board recognises the importance of the integrity of its financial information and acknowledges its responsibility for preparing financial statements that give a true and fair view of the Group’s affairs, its results and cash flows in accordance with the Hong Kong Financial Rerpoting Standards and the Hong Kong Companies Ordinance. The board endeavours to present to shareholders a balanced and understandable assessment of CITIC Limited’s performance, position and prospects. Accordingly, appropriate accounting policies are selected and applied consistently, and judgments and estimates made by the management for financial reporting purposes are prudent and reasonable.
New or revised accounting standards became effective during the year, and those most significant and relevant to the Group are disclosed in Note 2 to the consolidated financial statements.
The responsibilities of the external auditors with respect to the accounts for the year ended 31 December 2015 are set out in the Independent Auditor’s Report.
External auditors and their remuneration
The external auditors perform independent reviews or audits of the financial statements prepared by the management. PwC was engaged as the Company’s external auditor since 1989 and retired at the close of the annual general meeting held on 16 May 2013. KPMG was engaged in place of PwC as the Company’s external auditor and subsequently retired at the close of the 2015 AGM. The Company initiated the process of engaging new external auditor for the year 2015 as its largest listed subsidiary, China CITIC Bank Corporation Limited was required to change its external auditor. PwC was appointed as the Company’s external auditor with effect from the close of the 2015 AGM. For 2015, PwC’s fees were approximately as follows:
Statutory audit fee: HK$73 million (2014: HK$113 million (KPMG)).
Fees for other services, including special audits, advisory services relating to systems and tax services: HK$7 million (2014: HK$6 million (KPMG)).
Other audit firms provided statutory audit services at a fee of approximately HK$90 million (2014: HK$45 million) as well as other services for fees of HK$16 million (2014: HK$2 million).
Internal control
The board has overall responsibility for maintaining a sound and effective internal control system, which is designed and operated to provide reasonable assurance that the business objectives of CITIC Limited in the following areas are achieved:
- effectiveness and efficiency of operations, including the achievement of performance and operating targets and the safeguarding of assets;
- reliability of financial and operating information provided by the management, including management accounts and statutory and public financial reports; and
- compliance with applicable laws and regulations by business units and functions.
CITIC Limited’s internal control framework
CITIC Limited is committed to constantly improving its internal control framework for providing assurance of the achievement of its business objectives, which is consistent with the core content of risk management and internal control released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Basic Standard for Enterprise Internal Control implemented in mainland China.
The internal control framework adopted by CITIC Limited is illustrated below:
Key control policies and measures
Under the Group’s internal control framework, risk management and internal control are primarily the collective responsibilities of management and the employee. For consistent compliance by every person across the Group, the following key control policies and measures have been implemented:
The Group has established an audit, risk and internal control team, which constantly reviews policies and work related to audit supervision, risk management and internal control (including but not limited to investment authorisation, the code of conduct, fund management, guarantees and payments by subsidiaries), in order to enhance its management and control over these areas.
Monitoring of internal control effectiveness
During the year, the audit and risk management committee assessed the effectiveness of the risk management and internal control systems on behalf of the board, and considered the adequacy of the resources, qualifications and experience of employees in the internal audit, risk management, accounting and financial reporting functions, as well as the sufficiency of training sessions and related budgets.
The main internal control reviews during the year were as follows:
The board and the management will establish sufficient and effective management and controls through the risk management and internal control framework of CITIC Limited, which will ensure compliance with the Listing Rules and other legal or regulatory requirements of the jurisdictions in which the Group operates, in order to improve the risk management and internal control system.
Internal Audit
CITIC Limited regards internal audit as an important part of the supervisory function of the board and the audit and risk management committee. The primary objective of internal audit, which is set out in the internal audit charter, is to provide independent and objective internal assurance and consulting services, evaluate and improve the effectiveness of risk management and internal control processes for the Company so as to add value and improve the Company’s operations and accomplish its objectives.
Authority
Under the internal audit charter of CITIC Limited, the internal audit department can obtain and access all records, personnel and physical properties relevant to internal audit. The head of the internal audit department has unrestricted access to the board and senior management.
Responsibility
The responsibilities of the internal audit are set out in the internal audit charter, which stipulates that (a) examination and assessment are conducted in respect of risk management and internal control to evaluate whether risks related to the following are effectively controlled: achievement of strategic objectives, reliability and integrity of financial and operational information, efficiency and effectiveness of operations, safeguarding of assets, and compliance with the laws, regulations and policies of the Company; (b) follow-up audits and other measures are conducted to track corrective actions in respect of audit findings; (c) special audits are conducted when required by the board and senior management.
Internal audit staffing and tasks completed in 2015
At 31 December 2015, CITIC Limited had approximately 500 internal audit staff members in the internal audit departments of the head office and major subsidiaries, providing audit services to various business units and functions of the Company.
During the year, the internal audit department prepared an annual internal audit plan in accordance with risk-based principles. Pursuant to the approved annual plan, detailed audit planning for each audit was devised, followed by field audits and discussions with management. Audit reports addressed to the management were prepared after completion of the audits. Work reports were also tabled for review at each meeting of the audit and risk management committee, which included audit findings and follow-up results, work progress and staffing of internal audit.
In 2015, the internal audit department issued audit reports together with reviews on various business segments and subsidiaries of the Company, including financial services, property and infrastructure, project contracting, resources and energy, manufacturing and other businesses.
Other tasks performed by the internal audit department during the year included the following:
- Special training sessions on the revised corporate governance code of the Stock Exchange were held to introduce revised provisions and requirements on internal audit, risk management and internal control to various functional departments and business units of the Company, with the aim of promoting knowledge of the laws and regulations of Hong Kong on the part of relevant staff members and ensuring compliance in the operations.
- Continuous training and development programme, including online training, regular sharing sessions and seminars, for internal audit staff to enhance their audit skills and knowledge.