Risk Management Report

Risk Management Concept

In pursuit of sustainable steady business growth, the Board acknowledges that the Group has to maintain a balance between risk management and development. Thus, risk management provides strong support and basic security for the high-quality and sustainable development of the Group. As such, the Board regards risk management as a proactive measure for creating efficiencies and promotes risk management responsibilities to the Board, the management and all staff members as well as its entire business system, thereby identifying risks early for effective risk control. The Board has established a risk management framework with three lines of defence, namely “Business, Supervision and Support, Assurance”, for the Group, under which the Group has integrated risk management with its strategic goals and required risk management to be “Comprehensive, Focused, Dynamic and Continuous”. The Board regularly studied and clarified the comprehensive risk indicator system in relation to the Group’s operation through the Risk Management Committee. It has also taken a dynamic approach to set up key risk checkpoints based on the internal and external changes of the Group, implemented major risk prevention in all aspects and monitored the management’s performance in bearing their responsibilities in relation to dynamic monitoring and ongoing risk management and control during daily operating activities. The Board consistently works on building a “Prudent, Aggressive and Responsible” risk culture through proactive risk management activities with a view to ensuring the high-quality and sustainable development of the Group.

Risk Management Committee

The Risk Management Committee is delegated by the Board with responsibilities to oversee the Group’s overall risk management framework and to advise the Board on the Group’s risk-related issues. The Risk Management Committee is also responsible for approving the Group’s risk management policies and assessing the effectiveness of the Group’s risk controls. The details of the terms of reference of the Risk Management Committee have been posted on the websites of the Company and the Hong Kong Stock Exchange.

The Risk Management Committee held two meetings during 2020 and focused on the discussion on the following matters:

  • reviewed and approved the “Risk Management Report” for the year 2019 and the first half of 2020 and risk management plan for the year 2020 prepared by the Company’s Internal Audit Department in relation to the Group’s risk management framework, the effectiveness of the risk management system, specific risk management conditions and the responsive measures adopted for risk control, and risk management policies which govern the identification, assessment, monitoring and reporting of the major risks faced by the Group;
  • reviewed and approved the adequacy of resources, staff qualifications and experience in respect of the Company’s risk management functions;
  • reviewed, considered and approved the establishment of the Sustainability Working Committee under the Risk Management Committee and confirmed its terms of reference which were submitted to the Board for approval; and
  • reviewed and confirmed the revised version of the terms of reference of the Risk Management Committee to support the establishment of the Sustainability Working Committee and submitted it to the Board for approval.


Risk Management Framework

Pursuant to the standards regarding the risk management framework of the COSO (including standards being updated on an ongoing basis), the Group has established a risk management framework with “three lines of defence”:

  • 1st line of defence: Business risk management – During the course of business activities, each of the functional departments and business units, as well as personnel holding the respective business position, shall be the first response unit for handling matters within their terms of reference for risk identification and management.
  • 2nd line of defence: Supervision and support for risk management – The Risk Management Committee under the Board and the functional departments for risk management, including the departments responsible for the functions of internal audit, legal affairs, compliance, finance, human resources, safety and environmental protection monitoring, shall assist the front-line business departments to assume joint responsibilities for overseeing, inspecting and evaluating those works relating to the implementation of risk management.
  • 3rd line of defence: Independent assurance – The Audit Committee under the Board and the Group’s Internal Audit Department shall be responsible for auditing the results of the risk management works and issuing an audit report.


In 2020, the Group incorporated post-pandemic risk management to further strengthen the comprehensive risk management system that integrates hierarchical management and control with the “three lines of defence”. Working with various business departments, it continued to carry out annual major risks prevention and mitigation works as well as major decision-making for risk assessment, prevention and control regularly, so as to ensure the management of major risks through coordination of joint management and joint prevention. In addition, the audit center established by the Group commenced operation in the first half of the year and the development of risk management and internal control systems was incorporated into the centralized planning of the audit center. By making full use of big data, the Group promoted the standardized development of audit, risk and internal control procedures, thereby realizing risk alert and compliant operation and further optimizing its risk management network.

Risk Management Mechanisms and Procedures

Having concluded from the practical experience for a long period, the Group has developed a set of risk management mechanisms and procedures that operates steadily and mainly comprises (i) comprehensive risk management, (ii) risk management targeting major investment projects, and (iii) specific risk management targeting key risk areas.

(I) The procedures of comprehensive risk management are as follows:

  • Phase 1: Formulating risk management policies, strategies and risk assessment standards – The Board shall determine risk policies in respect of the Group’s governance, culture and development strategies, and shall take these policies into consideration when determining its business targets. The Risk Management Committee shall be entrusted by the Board to determine the risk management strategy of the Group, while the Group’s Internal Audit Department shall establish common risk assessment standards and set up the risk score sheet for the Group.
  • Phase 2: Comprehensively collecting first-hand information for risk management and risk identification – Each department/business unit shall extensively and continuously collect internal and external information in relation to the risks of the Group and the risk management thereof and identify potential risks that may have an impact on the key processes of their operations.
  • Phase 3: Conducting risk assessment and establishing comprehensive risk management ledger – Each department/business unit shall assess and score the risks identified along with their impact on the business and the likelihood of their occurrence. All risks of the Group and its subordinated units shall be recorded in the risk management ledger.
  • Phase 4: Risk follow up treatment as well as tracking and update of risk management ledger on a quarterly basis – Based on the assessment, each department/business unit shall propose measures for monitoring and treatment of risk identified and determine the responsible person for the risk. All this information shall be fully recorded in the risk management ledger and updated on a quarterly basis to ensure the risks are controllable.
  • Phase 5: Risk reporting and monitoring – Each department/business unit shall monitor their own risk mitigating works and summarize and report the comprehensive risk management condition to the Risk Management Committee bi-annually, so that the Committee can keep abreast of the distribution and changes of comprehensive risks on a continuous basis, evaluate the effectiveness of the risk management works and recommend measures for improvement. The Risk Management Committee submits the “Risk Management Report” and the “Sustainability Report” to the Board annually.


(II) The risk management procedures targeting major investment projects are as follows:

  • Project Initiation and Feasibility Study Stage: Business departments and all supporting departments for risk management shall conduct work such as feasibility study and due diligence for their investment projects, so as to fully identify and assess the risks of the investment projects and the risk cost thereof, and put forward strategies and measures against material risks.
  • Investment Decision Stage: Before making investment decisions, the relevant departments shall prepare the risk assessment report for specific projects based on the feasibility study and the due diligence report with a view to disclosing the risks of the investment project and the impact of the risk factors, and recommend preventive measures.
  • Construction Stage: The relevant departments shall conduct risk analysis on the conditions for commencement of construction, including analysis on compliance risks relating to aspects such as land, environment and energy conservation, technical risks relating to the construction design plan and risks relating to construction management, etc. Construction work will only be commenced after establishing feasible responsive measures and passing the compliance evaluations.
  • Management through closed-loop tracking: A closed-loop tracking mechanism will be implemented for the risk analysis and evaluation conclusion for each of the above stages to ensure all risks are controllable and under control.


(III) The specific risk management procedures targeting key risk areas are as follows:

  • Identification and selection of key risk areas: The management shall hold regular meetings to identify new, non-traditional and typical risks arising in the course of strategic development of the Company, and commence specific risk assessment on such area.
  • Commencement of specific risk investigation, research and assessment: Prior to the assessment, the functional departments shall collect data, determine risk checkpoints, verify and identify risks on-site and discuss with the business management departments (brainstorming). The identified risks shall be quantified and a risk management ledger shall be established according to risk level. Responsive measures shall be formulated against such risks based on the risk strategy.
  • Compilation of risk assessment report and put forward management advice: The risks assessed and responsive measures thereof shall be submitted to the relevant business management department for consideration and review. The relevant business management department shall put forward management advice for responsive measures relating to high-and mid-level risks, formulate risk assessment and management report upon discussion with the functional departments, and provide guidance to the responsible business unit to commence its risk management works.
  • Management through closed-loop tracking: Risk checkpoints identified through the specific risk assessment shall be included in the risk management ledger. Through the integration of specific monitoring and dynamic monitoring, comprehensive tracking and prevention of risks shall be in place, and various requirements relating to risk management and control shall be incorporated into corporate management and corporate procedures.


Other regular risk management procedures

  • Information system security: The Group shall conduct specific risk assessments in such areas as network security, financial sharing system, and information confidentiality on an ongoing basis and put forward detailed management advice from time to time, thereby ensuring the risks are controllable and under control. Meanwhile, it shall continue to develop the information platform for compliance management. Information technology shall be used to manage the compliance review and assurance procedures for decision-making, contract execution, procurement and capital management.
  • Risk management responsibility appraisal: The Group shall require all business units to establish a comprehensive risk management responsibility system and fulfill their risk prevention and mitigation responsibilities. The Group shall incorporate all risk control requirements into its management and operation procedures while including risk management responsibilities as a factor in annual performance appraisal, with the aim of raising the risk prevention awareness of all business units and encouraging them to plan for and implement risk prevention measures proactively.


Pursuant to the risk assessment for 2020, the major risks of the Group are as follows:

No.1 Type of Risks Risks relating to policies
Description of Risks Target Risk
Trend 2020
Key Response Measures
  • As the State prioritizes wind power and photovoltaic grid parity projects, the level of tariffs and subsidies of other newly developed clean energy projects may be affected and hence results in a decrease in revenue and profit.
  • There are still uncertainties as to when the government subsidies for the operating renewable energy projects will be granted, which have an adverse effect on the operation.
  • The lack of comprehensive ancillary policies for integrated intelligent energy development, coupled with uncertainties in relation to the pricing mechanism and the growth of customer load, pose difficulties to grid connection.
  • Through more effective policies and measures, China is committed to reaching the carbon emissions peak and carbon neutrality by 2030 and 2060, respectively.
  1. Step up efforts in the analysis of policies to make timely adjustments to development strategies.
  2. Promote the strategic conversion of wind power and photovoltaic power projects which are in the process of applying government subsidies within the approved effective term into grid parity projects on a voluntary basis.
  3. Closely monitor the progress status of policies on tariff subsidies for renewable energy and timely apply for such subsidies.
  4. Strengthen the communication with local government authorities, and closely monitor the adjustment of policies, laws and regulations.
  5. Accelerate the development of clean and low-carbon energy projects and make dedicated efforts to the building of zero-carbon green base.
  6. Actively seek cooperation with other parties in developing existing coal-fired projects and reduce the shareholding in coal-fired power enterprises.
No.2 Type of Risks Risks relating to production management
Description of Risks Target Risk
Trend 2020
Key Response Measures
  • In order to achieve carbon emissions peak and carbon neutrality, China will impose stricter requirements for carbon emission. Any failure to meet such requirements may result in the shutdown of generating units or suspension of production, and hence increase the risks relating to production management.
  • Major overhaul maintenance and repairs of power generating units, delay of completion of technical upgrade projects as well as failure to meet the designed standard of inspection and repairs give rise to risks that facilities might be affected and unable to commence production or operation as scheduled.
  1. Strictly adhere to the national laws and regulations regarding environmental protection, and perform technical upgrade, inspection and repair of coal-fired power generating units in due course, so as to reduce pollution and greenhouse gas emission for each unit of power generation. Enhance the efficiency of power generating units and reduce the consumption of fossil fuel for each unit of power generation.
  2. Increase input in technical research and development to pursue breakthroughs in clean energy and low-carbon emission technology. Develop the intelligent management and control system for safer, more reliable and efficient performance of power generating units.
  3. Continue to strengthen the supervision and inspection over preliminary production and ensure that its employees are equipped with the skills required for their positions. Ensure the construction areas are safely isolated when the facilities are put into operation or trial run.
No.3 Type of Risks Risks relating to post-investment management and control
Description of Risks Target Risk
Trend 2020
Key Response Measures
  • The management and control relation between the newly acquired subsidiaries and the Company remains to be further improved.
  • There are significant differences between the annual investment plans and their final implementation for certain projects with a larger investment amount.
  • There is a mismatch between the operational efficiency and the scale of assets for the new energy segment. Many clean energy power plants still rely on the integrated management of traditional coal-fired power plants and their management needs to be refined.
  1. Formulate the checklist of responsibilities and authorities to specify the Company’s systematic management and control policies towards subsidiaries.
  2. Establish the segregation of power in the operation model under coordinated control. Strengthen management and control through five mechanisms, which include the “target coordination mechanism, information sharing mechanism, joint management mechanism for specific events, evaluation and overseeing mechanism, and appraisal and incentive mechanism”.
  3. Enhance implementation of investment plans and formulate such plans with a scientific and reasonable approach.
  4. Research on the incorporation of project investment appraisal and evaluation indicators into the “Plan-Budget-Assessment-Incentive” appraisal system.
  5. Continue to develop more professional and refined management capability, so as to maintain the competitiveness of the clean energy business.
No.4 Type of Risks Market risks
Description of Risks Target Risk
Trend 2020
Key Response Measures
  • The acceleration of marketisation reform of the power sector has further reduced the basic power generation and tariffs guaranteed by the government’s program, which resulted in the decline of revenue and profit.
  • Given the excessive installed power generating capacity in certain regions of China and the intense competition in the power market, the Group faces more difficulties in marketing.
  1. Analyze the demand and supply profile in the power market, vigorously expand the free trade market for electricity beyond the basic guaranteed power program, and actively devote efforts in relation to direct power supply transactions with major power users.
  2. Strengthen the efforts in relation to inter-regional power transactions with a view to increasing the volume of power output.
  3. Develop diverse and integrated energy services that can provide various energy services including electricity, heat, cold energy and water for industrial use simultaneously to users, and push forward the intense development of integrated energy application including “coal-fired power, wind power and photovoltaic power storage”.
  4. Enter into development agreements with various new economic development zones to build gigawatt-level new energy demonstration bases with intelligent ecosystems, and enhance the operation capabilities of various new energy assets through the use of intelligent management platform.
  5. Carry out heat supply system renovations for large-scale coalfired power generating units with a view to expanding into the new market of heat supply. Currently, over half of the coal-fired power plants are capable of co-generation of electricity and heat supply simultaneously.
  6. Capitalize on the entrusted management of overseas assets of the parent company to explore opportunities for overseas development.
No.5 Type of Risks Risks relating to cash flow
Description of Risks Target Risk
rend 2020
Key Response Measures
With the increase in working capital requirements due to the construction of new projects, investment in the technical upgrade of power generating units, investment for meeting environmental compliance requirements and repayment of borrowings as and when they fall due, coupled with the relatively narrowed financing channels of certain subsidiaries and the delayed grant of government subsidies for renewable energy projects, the cash flow position may be under greater pressure.
  1. Enhance the level of management, diversify the source of revenue, strengthen cost control, and enhance the level of operation of the existing projects.
  2. Assessment of investment projects shall give utmost priority to cash flow generation of such project. Projects that fail to meet the profit margin conditions for investment may not be commenced in principle and shall be considered with reference to the capital flow position of the Company.
  3. Introduce other strategic investors for projects with substantial capital requirements in order to expand financing channels.
  4. In 2020, the Company issued RMB3 billion perpetual medium-term notes and RMB500 million super & short-term commercial paper in China. Wu Ling Power, a subsidiary of the Company, also issued RMB1 billion super & short-term commercial paper to further improve the cash flow.
  5. Adopt various measures to further reduce the corporate debt ratio, further enhance the Company’s and each of the project company’s multi-channel financing ability through various financial products such as supply chain financing, cross-border direct loans and note discounting, while enhancing the management on the working capital budget to reduce funding risks.
  6. Take part in the designated asset-backed finance scheme for the subsidized new energy assets to realize the cash flow from these subsidized assets.
No.6 Type of Risks Risks relating to project construction and management
Description of Risks Target Risk
Trend 2020
Key Response Measures
  • In respect of the safety of construction projects, there are risks relating to personal injuries, while safety incidents will affect the Group’s reputation and cost of the projects.
  • In respect of the project progress, there are risks that certain construction projects may not be completed on schedule due to the impact of the COVID-19 pandemic.
  • If the projects’ construction in progress fails to meet the requirements in the stage of commissioning and quality acceptance, there will be risks that the timing of commencement of production and operation of the project may be affected.
  1. Strengthen the selection of contractors for construction projects to ensure compliance with the stringent tendering process and that the construction quality can meet the government’s requirements based on their expertise.
  2. Strengthen the training for and management over construction workers to enhance the level of safety management and the prevention and protection skills of the staff.
  3. For construction projects that involve more dangerous works, precautionary measures and prearranged plan for emergencies have been formulated.
  4. Develop emergency measures for pandemic prevention and control in a timely manner and form the leadership group for pandemic prevention and control to ensure all pandemic prevention measures are implemented properly. Resume the operation of all projects when the pandemic has been brought under control, so that all projects commenced operation as scheduled.
  5. Strengthen the tracking and on-site inspection during the construction process to ensure the safety risks of the construction projects are controllable and under control.
No.7 Type of Risks Risks relating to compliance management
Description of Risks Target Risk
Trend 2020
Key Response Measures
Some of the newly acquired subsidiaries still do not have sufficient knowledge on the regulatory and disclosure requirements for listed companies in Hong Kong, and hence may not be able to report material events on a timely basis, thereby leading to the risk relating to the timeliness and accuracy of information disclosure as a listed company.
  1. Foster cooperation and communication in relation to continuing connected transactions and internal risk control through the online information-sharing system comprising the financial sharing center and audit center. Establish a standardized and effective management system for statutory information disclosure.
  2. Adopt various measures to ensure definite segregation of responsibilities and authorities of each subsidiary of the Company with a checklist of authorities delegated to subsidiaries, specific requirements on benchmarking of management and control and the division of their responsibilities and authorities promulgated, with a view to enhancing their awareness towards compliance and disclosure.
  3. Step up efforts in the promotion of the rule of law, systems and policies, and strengthen the training on regulatory rules and systems of statutory information disclosure as a listed company for newly acquired subsidiaries, including training sessions and exchange forums on the review of connected transactions.