Financial reporting
The board recognises the importance of the integrity of its financial information and acknowledges its responsibility for preparing financial statements that give a true and fair view of the Group’s affairs, its results and cash flows in accordance with the Hong Kong Financial Reporting Standards and the Hong Kong Companies Ordinance. The board endeavours to present to shareholders a balanced and understandable assessment of CITIC Limited’s performance, position and prospects. Accordingly, appropriate accounting policies are selected and applied consistently, and judgments and estimates made by the management for financial reporting purposes are prudent and reasonable.
New or revised accounting standards became effective during the year under review, and those most significant and relevant to the Group are disclosed in Note 2 to the consolidated financial statements.
The responsibilities of the external auditors with respect to the accounts for the year ended 31 December 2023 are set out in the Independent Auditor’s Report.
External auditors and their remuneration
The external auditors perform independent reviews or audits of the financial statements prepared by the management. PricewaterhouseCoopers (“PwC”) was engaged as CITIC Limited’s external auditor since 1989 and retired at the close of annual general meeting held on 16 May 2013. KPMG was engaged in place of PwC as CITIC Limited’s external auditor and subsequently retired at the close of the annual general meeting held on 2 June 2015 (“2015 AGM”). PwC was appointed as CITIC Limited’s external auditor in place of KPMG with effect from the close of the 2015 AGM as its largest listed subsidiary, China CITIC Bank Corporation Limited, was required to change its external auditor. Since then, PwC has been the auditor of CITIC Limited until it retired at the close of annual general meeting held on 21 June 2023 (“2023 AGM”) due to restrictions in respect of the years of continuous appointment by a state-owned financial enterprise of an accounting firm. KPMG was appointed as CITIC Limited’s external auditor in place of PwC with effect from the close of 2023 AGM.
For 2024, KPMG’s fees were approximately as follows:
Statutory audit fee: RMB129 million (2023: RMB105 million).
Fees for other services, including special audits, advisory services relating to systems and tax services: RMB7 million (2023: RMB12 million).
Other audit firms provided statutory audit services at a fee of approximately RMB83 million (2023: RMB80 million) as well as other services for fees of RMB63 million (2023: RMB46 million).
Overview of risk management and internal control
The Group’s risk management and internal control systems are designed to reduce or manage risk to an acceptable level for the Group. They do not eliminate the risk of failure to achieve business objectives, however, can only provide reasonable assurance that the business objectives of CITIC Limited in the following areas are achieved:
- effectiveness and efficiency of operations, including the achievement of performance and operating targets and the safeguarding of assets;
- reliability of financial and operating information provided by the management, including management accounts and statutory and financial reports available to public; and
- compliance with applicable laws and regulations by business units and functions.
The risk management and internal control system of CITIC Limited is established along the core concepts of risk management and internal control released by the Committee of Sponsoring Organisations of the Treadway Commission (COSO), and the Basic Standard for Enterprise Internal Control, as well as relevant guidelines and governmental policies.
The framework of risk management and internal control adopted by CITIC Limited is illustrated below:

The board has overall responsibility for maintaining a sound and effective risk management and internal control system. The audit and risk management committee acts on behalf of the board in providing oversight of the Group’s financial reporting system, risk management and internal control systems, reviewing and monitoring the effectiveness of the internal audit function, and reviewing the Group’s policies and practices on corporate governance.
As a sub-committee of the Executive Committee, the Asset and Liability Management Committee (“ALCO”) has been established to monitor financial risks of the Group in accordance with the relevant financial and treasury risk management policies. Based on the annual budget, ALCO reviews CITIC Limited’s financing plan and instruments, oversees fund management and cash flow positions, and manages risks relating to counterparties, interest rates, currencies, commodities, commitments and contingent liabilities. It is also responsible for formulating hedging policy and approving the use of new risk management tools.
Relevant departments of CITIC Limited are responsible for communicating and implementing the decisions, monitoring the adherence of the management policies and preparing relevant reports. All units have the responsibility for identifying, effectively managing and reporting risks on a timely basis, in accordance with the overall risk framework under the management policies and within the scope of authorisation.
CITIC Limited is committed to constantly improving its risk management and internal control framework at all levels; strengthening the risk assessment and monitoring of major projects and key businesses; staying fully informed of the operations, financial condition and major business progress of its subsidiaries through off-site monitoring, on-site inspections and other means to assess the risks that may arise; reporting on a timely basis any weaknesses and potential risks; supervising and implementing management and control measures; and improving the completeness and effectiveness of its risk management and internal control practices across the Group.
Key control policies and measures
The Group’s risk management and internal control are primarily the collective responsibilities of management and the employee. For consistent compliance by every person in the Group, the following key control policies and measures have been implemented:
Key control policies and measures | |
---|---|
Internal environment |
|
Risk assessment |
|
Control activities |
|
Monitoring |
|
Information and communication |
|
During the year, the audit and risk management committee assessed the effectiveness of the risk management and internal control systems on behalf of the board. The reviews covered material controls, including financial, operational and compliance controls, the adequacy of the resources, qualifications and experience of employees in the internal audit, risk management, accounting and financial reporting functions, as well as the sufficiency of training sessions and related budgets.
The main risk management and internal control reviews during the year were as follows:
Monitoring of risk management and internal control | Particulars of major tasks completed | Observations |
---|---|---|
Internal audit |
|
|
Compliance assessment |
|
|
Review of risk management and internal control system |
|
|
Review of the internal audit, risk management, accounting and financial functions |
|
|
Internal Audit
CITIC Limited regards internal audit as an important part of the supervisory function of the board and the audit and risk management committee. The primary objective of internal audit, which is set out in the internal audit charter, is to provide independent and objective internal assurance and consulting services, evaluate and improve the effectiveness of risk management and internal control processes for the Company so as to add value and improve the Company’s operations and accomplish its objectives.
Authority
Under the internal audit charter of CITIC Limited, the internal audit department can obtain and access all records, personnel and physical properties relevant to internal audit. The head of the internal audit department has unrestricted access to the board and senior management.
Responsibility
The responsibilities of the internal audit are set out in the internal audit charter, which stipulates that (a) examination and assessment are conducted in respect of risk management and internal control to evaluate whether risks related to the following are effectively controlled: achievement of strategic objectives, reliability and integrity of financial and operational information, efficiency and effectiveness of operations, safeguarding of assets, and compliance with the laws, regulations and policies of the Company; (b) track and examine corrective actions in respect of audit findings; (c) special audits are conducted when required by the board and senior management.
Internal audit staffing and tasks completed in 2024
At 31 December 2024, CITIC Limited had approximately 700 internal audit staff members in the internal audit departments of the head office and major subsidiaries, providing audit services to various business units and functions of the Company.
During the year, the internal audit department prepared an annual internal audit plan in accordance with risk-based principles. Pursuant to the approved annual plan, detailed audit planning for each audit was devised, followed by field audits and discussions with management. Audit reports addressed to the management were prepared by the internal audit department after completion of the audits. Work reports were also tabled for review at each meeting of the audit and risk management committee, which included audit findings and follow-up results, work progress and staffing of internal audit. The internal audit department issued audit reports on various business segments and subsidiaries of the Company.
Other tasks performed by the internal audit department during the year included the following:
- Implementation of internal audit assessment to evaluate the quality of the audit work of major subsidiaries in terms of management, quality, performance and coordination, in order to facilitate the effective execution of internal audit.
- Professional training and sharing sessions for internal audit staff to enhance their audit skills and knowledge.