Risk Management Report

Risk Management Philosophy

The Board acknowledges that risk management provides strong support and basic guarantee for the high-quality and sustainable development of the Group. The Board regards risk management as proactive measures for creating corporate efficiencies, and thus it vigorously promotes risk management responsibilities of the Board, management and all staff members as well as its entire business system.

The Board has established a risk management structure by adopting the “Three Lines Model” for the Group which was published and updated by the Institute of Internal Auditors (the “<>IIA”), under which the Group has integrated risk management with its strategic goals and has formed its risk management practice to be “Comprehensive, Focused, Dynamic and Continuous”.

At the strategic level, the Board regularly studies and clarifies the comprehensive risk indicator system in monitoring material risks associated with the Group’s businesses through the Risk Management Committee. At the operational level, the Group has also taken a dynamic approach to set up key risk checkpoints based on the internal and external changes of the Group, implemented major risk prevention in all aspects and ensured management bears their responsibilities in relation to dynamic monitoring of ongoing risk management and control during daily operating activities. The Board plays a leading role for building a “Prudent, Progressive and Responsible” risk management culture of the Group.

Risk Management Committee

The Risk Management Committee is delegated by the Board with responsibilities to oversee the Group’s overall risk management structure and to advise the Board on the Group’s risk-related issues. The Risk Management Committee is also responsible for approving the Group’s risk management policies and assessing the effectiveness of the Group’s risk controls. For details of the key work performed by the Risk Management Committee during the year 2023, please refer to the “Risk Management Committee Report” set out in this annual report.

Risk Management Framework

Based on the standards regarding the risk management framework of the Committee of Sponsoring Organizations of the Treadway Commission (including standards being updated from time to time) and the latest ISO31000 Risk Management Guidelines for internal control and risk management, the Group has established a risk management framework closely following the “Three Lines Model” published and updated by the IIA.

Source: The IIA’s Three Lines Model — An update of the Three Lines of Defense (July 2020)

An important feature of the updated new Three Lines Model is the shift of the emphasis from value protection and risk reduction to value creation and contribution to the achievement of strategic objectives. This perspective suggests a more proactive role for risk management in identifying opportunities in emerging risks to be seized and exploited for potential future growth and for business decision-making. The Board believes the updated model will better facilitate the Group’s strategic development in attaining its corporate goals.

The Three Lines Model is more principle-based with greater focus on the importance and role of governance and clarity of roles and responsibilities. It is supported through three components:

  1. Governing body (the board and its sub-committees) which is responsible and accountable for the stakeholders.
  2. Management (the first and second line roles) which is responsible for actions to manage risk and achieve organizational objectives.
  3. Internal audit (the third line roles) which is responsible for providing independent assurance

The roles of three lines are as follows.

  • First line <>Business risk management — This group provides control self-assessment during the course of business activities. Each of the operational departments and business units, as well as personnel holding the respective business position, shall be the first response unit for handling matters within their terms of reference for risk identification and management.
  • Second line <>Supervision and support for risk management — This group provides the policies, framework, tools, techniques, and support to enable risk management and compliance in the first line. They include the departments responsible for the functions of internal audit, legal affairs, compliance, finance, human resources, information technology, safety and environmental protection monitoring, shall assist the front-line business departments to assume joint responsibilities for overseeing, inspecting and evaluating the effectiveness of those works relating to the implementation of risk management.
  • Third line <>Independent assurance — The internal audit function that sits outside the risk management processes of the first two lines. Its main roles are to ensure that the first two lines are operating effectively and to advise on all matters relating to the achievement of objectives. The Group’s Internal Audit Department and Supervision Department shall be responsible for auditing the results of the risk management works and issuing an independent audit report and supervisory report.

As a general practice, the Group as a whole, in collaboration with all business departments, continued to carry out scheduled annual major risk prevention and mitigation works and risk assessment, prevention and control for major decision-making so as to ensure the management of major risks through coordination of joint management and joint prevention, and to continuously integrate risk management awareness and concepts into the business operation. In addition, the Group’s Audit Center located in Suzhou, Jiangsu Province has made use of the centralized big data to commence the standardized development of audit, risks and internal control procedures, thereby optimizing the Group’s risk management network. The Group has also established a database of approved organizations providing risk assessment consultancy services for onshore investment projects to ensure prompt response to consultancy needs and to improve the quality of assessments.

Risk Management Mechanisms and Procedures

Having concluded from the practical experience for a long period, the Group has developed a set of risk management mechanisms and procedures that operates steadily, which mainly comprises (i) comprehensive risk management, (ii) targeted risk management for major investment projects, and (iii) specific risk management targeting key risk areas.

(i) The procedures of comprehensive risk management are as follows:

  • Phase 1 <>Formulating risk management policies, strategies and risk assessment standards — The Board shall determine risk policies in respect of the Group’s governance, culture and development strategies, and shall take these policies into consideration when determining its business targets. The Risk Management Committee shall be entrusted by the Board to determine the risk management strategy of the Group, while the Group’s Internal Audit Department shall establish common risk assessment standards and set up the risk score sheet for the Group.
  • Phase 2 <>Comprehensively collecting first-hand information for risk management and risk identification — Each department/business unit shall extensively and continuously collect internal and external information in relation to risks of the Group and risk management thereof and identify potential risks that may have an impact on the key processes of their operations.
  • Phase 3 <>Conducting risk assessment and establishing comprehensive risk management ledger — Each department/business unit shall assess and score risks identified along with their impact on the business and the likelihood of their occurrence. All risks of the Group and its subordinated units shall be recorded in the risk management ledger.
  • Phase 4 <>Risk follow up treatment as well as tracking and update of risk management ledger on a quarterly basis — Based on the assessment, each department/business unit shall propose measures for monitoring and treatment of risk identified and determine the responsible person for the risk. All this information shall be fully recorded in the risk management ledger and updated on a quarterly basis to ensure risks are controllable.
  • Phase 5 <>Risk reporting and monitoring — Each department/business unit shall monitor their own risk mitigating works and summarize and report the comprehensive risk management condition to the Risk Management Committee bi-annually, so that it can keep abreast of the distribution and changes of comprehensive risks on a continuous basis, evaluate the effectiveness of the risk management works and recommend measures for improvement. The Risk Management Committee submits the “Risk Management Report” and the “Sustainability Report” to the Board annually. Since the Strategic and Sustainable Development Committee has taken over the responsibility of the Risk Management Committee in handling sustainability-related matters during the year, the coming Sustainability Reports will be submitted to the Board by the Strategic and Sustainable Development Committee.


(ii) The risk management procedures targeting major investment projects are as follows:

  • Project Initiation and Feasibility Study Stage Business departments and all supporting departments for risk management shall conduct work such as feasibility study and due diligence for their investment projects, so as to fully identify and assess the risks of the investment projects and the risk cost thereof, and put forward strategies and measures against material risks.
  • Investment Decision Stage Before making investment decisions, the relevant departments shall prepare the risk assessment report for specific projects based on the feasibility study and the due diligence report with a view to disclosing the risks of the investment project and the impact of the risk factors, and recommend preventive measures.
  • Construction Stage The relevant departments shall conduct risk analysis on the conditions for commencement of construction, including analysis on compliance risks relating to aspects such as land, environment and energy conservation, technical risks relating to the construction design plan and risks relating to construction management, etc. Construction work will only be commenced after establishing feasible responsive measures and passing the compliance evaluations.
  • Management through closed- loop tracking A closed-loop tracking mechanism will be implemented for the risk analysis and evaluation conclusion for each of the above stages to ensure all risks are controllable and under control.


(iii) The specific risk management procedures targeting key risk areas are as follows:

  • Identification and selection of key risk areas The management shall hold regular meetings to identify new, non-traditional and typical risks arising in the course of strategic development of the Company, and commence specific risk assessment on such area.
  • Commencement of specific risk investigation, research and assessment Prior to the assessment, the functional departments shall collect data, determine risk checkpoints, verify and identify risks on-site and discuss with the business management departments (brainstorming). The identified risks shall be quantified and a risk management ledger shall be established according to risk level. Responsive measures shall be formulated against such risks based on the risk strategy.
  • Compilation of risk assessment report and put forward management advice The risks assessed and responsive measures thereof shall be submitted to the relevant business management department for consideration and review. The relevant business management department shall put forward management advice for responsive measures relating to high-and mid-level risks, formulate risk assessment and management report upon discussion with the functional departments, and provide guidance to the responsible business unit to commence its risk management works.
  • Management through closed-loop tracking Risk checkpoints identified through the specific risk assessment shall be included in the risk management ledger. Through the integration of specific monitoring and dynamic monitoring, comprehensive tracking and prevention of risks shall be in place, and various requirements relating to risk management and control shall be incorporated into corporate management and corporate procedures.


(iv) Other regular risk management procedures

  • Information system security The Group shall conduct specific risk assessments in such areas as network security, financial sharing system, and information confidentiality on an ongoing basis and put forward detailed management advice from time to time, thereby ensuring the risks are controllable and under control. Meanwhile, it shall continue to develop the information platform for compliance management. Information technology shall be used to manage the compliance review and assurance procedures for decision-making, contract execution, procurement and capital management.
  • Risk management responsibility appraisal The Group shall require all business units to establish a comprehensive risk management responsibility system and fulfill their risk prevention and mitigation responsibilities. The Group shall incorporate all risk control requirements into its management and operation procedures while including risk management responsibilities as a factor in annual performance appraisal, with the aim of raising the risk prevention awareness of all business units and encouraging them to plan for and implement risk prevention measures proactively.


During 2023, focusing on the Group’s strategic vision of becoming a “<>World-class Green and Low-carbon Energy Provider” and the mission of “<>Lower Carbon Empower Better Life”, the Risk Management Committee, as agreed with the management and approved by the Board has identified five major risks of the Group upon risk assessments based on the changes in recent and mid- to long-term internal and external conditions, including risks relating to green transformation and innovative development, risks relating to the compatibility between operational control and management mechanisms, financial risks, market risks, and supply chain risks. Details of the relevant risks are as follows:

No. 1 — Risks relating to green transformation and innovative development
Description of Risks Key Response Measures
<>Keen competition in bidding for projects. Under the national dual carbon strategy, the competition for new energy projects with good investment returns and excellent development conditions is intense, and the government accordingly imposes higher standards and requirements on the investment strategy, execution and management capabilities of investors.
  • Strengthen cooperation with local governments and quality strategic partners, and dedicate every effort to identify and bid for quality projects with better returns.
  • Consolidate our advantageous position as the first-mover in the strategic emerging industries such as “technology-based, service-oriented and asset-light” industries, and increase our support and cultivation of these industries with a focus on competitive advantages by differentiation.
<>Development of new energy business. Despite the Group’s first-mover advantages in green emerging industries, namely green power transportation, energy storage and integrated intelligent energy solutions, it is still faced with various challenges such as uncertain supporting government policies, unrealized profitability, large investment in innovation and technology, rapid technology and product upgrades and shortage of professional talents.
  • Capitalize on the marketing environment and its evolving development trends to promote the release of value of the investment in green emerging industries.
  • Innovate development and investment modes to closely integrate market development and capital operation, and make use of financing tools such as equity financing and industrial funds.
  • Conduct in-depth study on relevant supporting policies of national and local governments to take countermeasures in advance and capitalize on the development advantages arising therefrom.
  • Continuously carry out product technology upgrades and innovative R&D, launch new products that meet market demand, increase investment in R&D to master core technologies.
  • Continuously improve and develop the professional capabilities of our employees through training and incentive schemes and build a sizeable team of professionals.
<>Risks of core technology leakage. The self- developed core technologies are the key drivers for the Group to maintain its competitive advantage. It will weaken the Group’s competitiveness in certain extent if the core technology leakage occurs.
  • Strengthen network security and continuously improve the network security defense system.
  • Carry out emergency drills for network security incidents to improve response capabilities to network attacks and security incidents.
  • launch network information security training regularly
<>Risks of changes in industrial policies. An adjustment in government subsidies for clean energy could adversely affect the Group’s production and operation.
  • In order to attain grid parity for photovoltaic and wind power projects and narrow the cost difference between new energy production and fuel-based generation, it is crucial to consistently monitor technological upgrades throughout the market industry chain and improve our level of project management to minimize the dependence on subsidies.
<>Quality risks of investment projects. The investment management of some subsidiaries is not stringent enough, risk assessment of individual projects are not sufficient and boundary conditions are over-optimistic. Accordingly, there exists a risk that the profitability of those projects fail to meet expectations.
  • Carry out solid research and analysis on the boundary conditions of target projects.
  • Make efforts to improve the depth of feasibility study and due diligence.
  • Conduct strict audits of returns from target projects.
  • Raise requirements for the quality of investment projects.
<>Risks of transformation of coal-fired power generation units. The Group undergoes a transformation towards green and low-carbon energy development. There are potential risks of being phased out for coal-fired power generation units.
  • Analyze the national electricity pricing policies and grasp the opportunities in transformation of coal-fired power generating units to support the development of new energy business.
  • Continue to promote the optimization of existing coal-fired power assets to increase capacity and reduce consumption to improve the operating efficiency of coal-fired generating units.
No. 2 — Risks relating to the compatibility between operational control and management mechanisms transformational development
Description of Risks Key Response Measures
<>Organizational structure. The current organizational structure of some business units, which was derived from coal-fired power operation and management, is incompatible with the new landscape of “green and low carbon” transformational development of the Company and the management characteristics of various emerging energy industries. There are problems such as incomplete governance structure, unclear authorities and responsibilities for management and uncoordinated staffing.
  • Timely adjust the management and control capacity and mode, specify authorities and responsibilities of management, optimize staffing and enhance incentive measures for those business units concerned.
  • Accelerate the establishment of more sound policy and system, management structure and composite talent pool that are in line with the Company’s strategic goals and are necessary and appropriate for its transformational development.
<>Inadequate management innovation. Some members of management lack management experience in the new energy industry, and the management mode of the emerging green energy industries is still in the exploration stage. In particular, the industry policies of energy storage and rural revitalization are unclear. It is necessary to dynamically align management resources and innovate the management mode according to the development progress.
  • Based on innovation-driven development, carry out full labor productivity benchmarking and assessment, and attract management talents in the new energy industry through the reform with market-oriented incentive mechanisms such as share incentive and project co-investment.
  • Closely follow policy orientation, strengthen industrial policy research and establish the corresponding management and control modes according to the characteristics and needs of the new intelligent green energy business forms.
<>The rapid growth of the overall scale of the Group. It will pose a potential management risk to the Company if the level of management fails to be adjusted and improved accordingly.
  • Recruit talents with international management experience to join the Group.
  • Schedule training for employees to improve their proficiency in business management and professional skills, with the goal of nurturing talent to drive the Company’s transformation and growth.
  • Implement appropriate incentive mechanisms to retain and motivate talents through system design.
No. 3 — Financial risks
Description of Risks Key Response Measures
<>High gearing ratio. The hydropower segment experienced financial setbacks, and the returns on certain new energy investment projects fell short of our expectations, which hinders the reduction of gearing ratio.

The Group has focused on the transformation towards, and continued to expand investment in, new energy development, thus accelerating the increase of gearing ratio.
  • Through application of management tools such as “Plan-Budget-Assessment-Incentive” (JYKJ) and “Dual Benchmark and Dual Incentive” (SDSJ) throughout the entire cycle of investment projects to enhance profitability and cash flow recovery.
  • Increase capital injection by ways of debt-to-equity swaps, REITs and issuance of preferred shares and to bring in strategic investors.
<>Cash flow pressure. The problem of inadequate clean energy subsidies cannot be effectively alleviated in the short term, resulting in tight cash flow and rising financial costs for clean energy companies, which limits the funding supply and investment in new projects.
  • Actively communicate and engage with power grid companies and other customers to recover receivables from electricity sales in advance.
  • Adapt to the clean energy subsidy recovery policies, effectively put efforts in recovery of subsidies to improve cash flow recovery.
  • Appropriately streamline investment amount, and to bring in strategic investors through the issuance of medium- and long-term bonds.
<>Financial and taxation risks of overseas operations. There are certain differences in the policies, regulations, accounting and taxation systems of various countries and regions, and exchange rate fluctuations in overseas currencies will bring risks to the investment return of the projects.
  • Strengthen the analysis and understanding of various overseas policies, regulations, accounting and taxation systems.
  • Utilize RMB and local currency cross-currency swap financing to reduce exchange rate exposure.
  • Recruit talents with accounting and taxation background, international perspective and are familiar with the local operations practices.
No. 4 — Market risks
Description of Risks Key Response Measures
<>Market-oriented reform of electricity sales. The Group’s major customers are regional power grid companies. As the electricity reform continues to deepen, the Group’s power generating units have gradually entered the spot market for power trading. Faced with a completely different market trading model, it is anticipated that the Group will be confronted with risks of reduced market share and reduced power production quota.
  • Effectively implement strategic cooperation with major customers, carry out in-depth cooperation in, among other things, green and low-carbon energy supply.
  • Vigorously explore the market for small and medium-sized customers and continue to expand our market share. Increase efforts in market development and commit more personnel to give full play to the role of our platform companies engaged in electricity sales and enhance market awareness of the Group’s electricity sales.
<>Reduced price of electricity sales. As competition in the electricity trading spot market intensifies, electricity tariffs are reduced by various parties to boost sales volume, thus leading to the risk of lowered market electricity tariffs, which in turn affects revenue.
  • Continue to conduct training to develop new energy market trading capabilities and enhance marketing personnel’s understanding of the spot market to increase their abilities to cope with electricity trading in the spot market. Continue to optimize relevant systems for assistance in decision-making to enhance preciseness and efficiency.
<>Uncertainties in emerging green energy trading markets. The supply and demand situation in the carbon trading and green power/green certificate markets is unclear with a high degree of uncertainty. The price of green certificates is high but lacks a secondary market for trading, which results in poor liquidity.
  • Strengthen policy research and market analysis. Pay close attention to industry and market policies to be launched and formulate countermeasures.
  • Properly analyze the supply and demand in the power market, ancillary services, green power/green certificates and carbon trading market, and direct all business units to participate in trading.
<>Shortage of specialists for directing electricity trading. Staffing ratio of personnel to trading level is insufficient to meet market demand. Newly operating new energy projects also lack, to a certain extent, staff with the capability in trading of electricity, green power, green certificates and ancillary services.
  • Strengthen the building of the marketing team, promote the accurate implementation of the three-year development plan for staffing of marketing personnel, and properly train and build up marketing personnel reserve to respond to the complicated market environment and fierce market competition.
No. 5 — Supply chain risks
Description of Risks Key Response Measures
<>Commodity price fluctuations. With the impact of rapidly increasing prices for commodity, the situation that the successful bidder refuses to enter into contract or fails to fully perform its obligations in accordance with the contract occurs, resulting in the suspension of material supply which affects the safe operation of the power generating units.
  • Strengthen market research and assessment, appropriately increase the amount of material reserves, expand the suppliers base, and opt to cooperate with well-qualified suppliers who have the ability to fulfill contract obligations.
  • Enhance contractual terms, increase the penalty for suppliers’ breach of contract, and proactively introduce price adjustment mechanisms to achieve risk sharing. Conduct monthly briefing on material and procurement management, and promptly identify and rectify problems.
<>Fluctuation in construction cost of new projects. Prices of building materials, components, wind turbines accounts for the largest proportion of the power station investment. If prices were to rise significantly, it would lead to difficulties in controlling project construction costs, resulting in overbudgets, contract disputes, delays in construction schedules and delaying the return from investment.
  • Improve construction cost, project settlement and other related systems, and improve the standard of construction cost management with assistance of external think tanks such as cost consultancy agencies and process audit units.
  • Strengthen management and supervision over process settlement, and promptly solve issues in relation to material and equipment price increase in the course of contract performance to enhance project progress management.
<>Coal supply and purchase price fluctuations. Although the current coal market supply has improved, if coal prices were suddenly to rise, coupled with the social responsibility of ensuring stable power supply, the operating costs of the Group’s coal-fired power business would be at risk.
  • Increase the amount of long-term coal procurement agreements so as to give full play to the stabilizing effect of coal supply assurance under long-term agreements.
  • Reasonably adjust the procurement structure to control and reduce procurement costs.

For details about the risks and opportunities related to climate change and the environment that pose to the Group, please refer to the Sustainability Report 2023 of the Company, which is available on the websites of the Company and the Hong Kong Stock Exchange.