Risk Management Concept
The Board acknowledges that risk management can provide strong support and basic security for the high-quality and sustainable development of the Group. In this connection, the Board regarded risk management as a proactive measure for creating efficiencies and promoted risk management responsibilities to the Board, the management and all staff members as well as its whole business process. The Board has established a risk management structure with three lines of defence, namely “Business, Supervision and Support, Assurance”, for the Group, under which the Group has integrated risk management with its strategic goals. The Board required risk management to be “comprehensive, focused, dynamic and continuous”. As such, the Board regularly studies and clarifies the comprehensive risk indicator system in relation to the Group’s operation through the Risk Management Committee. It has also taken a dynamic approach to set up key risk checkpoints based on the changes in the Group’s internal and external environment, which will be used to monitor the management’s performance in carrying out their responsibilities in relation to dynamic monitoring and ongoing risk management and control during daily operating activities. The Board consistently works on building a “prudent, aggressive and responsible” risk culture through proactive risk management activities with a view to ensuring the high-quality and sustainable development of the Group.
Risk Management Committee
The Risk Management Committee is delegated by the Board with responsibilities to oversee the Group’s overall risk management framework and to advise the Board on the Group’s risk-related issues. The Risk Management Committee is also responsible for approving the Group’s risk management policies and assessing the effectiveness of the Group’s risk controls. The details of the terms of reference of the Risk Management Committee have been posted on the websites of the Company and the Hong Kong Stock Exchange.
The Risk Management Committee held two meetings during 2018 and focused on the discussion on the following matters:
- reviewed the risk management reports for the year 2017 and the first half of 2018 and risk management plan for the year 2018 prepared by the Company’s Internal Audit Department in relation to the Group’s risk management framework, effectiveness of the risk management system, cybersecurity risks and the responsive measures adopted for risk control and risk management policies which govern the identification, assessment, monitoring and reporting of the major risks faced by the Group;
- reviewed and approved the “Development of Internal Control Working System for Risk Management”; and
- reviewed, discussed and approved the connected transactions in relation to the sale and purchase of coal futures between China Power Guorui and the subsidiaries of SPIC in June 2018, and made recommendations to the Board.
Risk Management Framework
Pursuant to the standards regarding risk management framework of the COSO (including standards being updated on an ongoing basis), the Group has established a risk management framework with “three lines of defence”:
- 1st line of defence: Business risk management — During the course of business activities, each of the functional department and business unit, as well as personnel holding the respective business position, shall be the first responsible unit for handling matters within their terms of reference for risk identification and management.
- 2nd line of defence: Supervision and support for risk management — The Risk Management Committee under the Board and the functional departments for risk management, including the departments responsible for the functions of internal audit, legal affairs, compliance, finance, human resources, safety and environmental protection monitoring, shall assist the front-line business departments to assume joint responsibilities for overseeing, inspecting and evaluating those works relating to the implementation of risk management.
- 3rd line of defence: Independent assurance — The Audit Committee under the Board and the Group’s Internal Audit Department shall be responsible for auditing the results of the risk management works and issuing an audit report.
In 2018, to accommodate the needs of its strategic development, the Group has, on the basis of the existing functional departments for risk management, further optimized the setup of risk departments of its subsidiaries and established a comprehensive risk management network, through which the capability and efficiency of functional departments for risk management have been enhanced in terms of allocation of risk management resources within the Group. This also enabled centralized deployment of manpower to engage in risk evaluation works and strengthened team-building for risk management talents of the Group, at the same time solidifying the 1st line of defence on the business front.
Risk Management Mechanism and Procedures
The risk management mechanism and procedures of the Group comprise comprehensive risk management, risk management targeting major investment projects and specific risk management targeting key risk areas.
The procedures of comprehensive risk management are as follows:
Phase 1: Formulate of risk management policies, strategies and risk assessment standards — The Board shall determine risk policies in respect of the Group’s governance, culture and development strategies, and shall take these policies into consideration when determining its business targets. The Risk Management Committee shall be entrusted by the Board to determine the risk management strategy of the Group, while the Group’s Internal Audit Department shall establish common risk assessment standards and set up risk score sheet for the Group.
Phase 2: Comprehensively collect first-hand information for risk management and identify risks — Each department/business unit shall extensively and continuously collect internal and external information in relation to the risks of the Group and the risk management thereof and identify potential risks that may have an impact on the key processes of their operations.
Phase 3: Conduct risk assessment and establish comprehensive risk management ledger — Each department/business unit shall assess and score the risks identified along with their impact on the business and the likelihood of their occurrence. All risks of the Group and its subordinated units shall be recorded in the risk management ledger.
Phase 4: Risk follow up treatment and tracking of risk management ledger on a quarterly basis — Based on the assessment, each department/business unit shall propose measures for monitoring and follow up treatment of risk identified and determine the responsible person for the risk. All these information shall be recorded in the comprehensive risk management ledger and updated on a quarterly basis to ensure that the risks are controllable.
Phase 5: Risk reporting and monitoring — Each department/business unit shall monitor their own risk mitigating works and summarize and report the comprehensive risk management condition to the Risk Management Committee bi-annually, so that the Committee can keep abreast of the distribution and changes of comprehensive risks on a continuous basis, evaluate the effectiveness of the risk management works and suggest measures for improvement. The Risk Management Committee submits the risk management report to the Board annually.
The risk management procedures targeting major investment projects are as follows:
- Project Establishment and Feasibility Study Stage: Business departments and all supporting departments for risk management shall conduct work such as feasibility study and due diligence report for their investment projects, so as to fully identify and assess the risks of the investment projects and the risk cost thereof, and put forward strategies and measures against material risks.
- Investment Decision Stage: Before making investment decisions, the relevant departments shall prepare the risk assessment report for specific project based on the feasibility study and the due diligence report with a view to disclosing the risks of the investment project and the impact of the risk factors, and suggest preventive measures.
- Construction Stage: The relevant departments shall conduct risk analysis on the conditions for commencement of construction, including analysis on compliance risks relating to aspects such as land, environment and energy conservation, technical risks relating to engineering design plan and risks relating to engineering management, etc.. Construction work will be commenced after establishing feasible responsive measures and passing the compliance evaluations.
- Management through closed-loop tracking: A closed-loop tracking mechanism will be implemented for the risk analysis and evaluation conclusion for each of the above stages to ensure all risks are controllable and under control.
The procedures of specific risk management targeting key risk areas are as follows:
- Identify and determine key risk areas: The management shall hold regular meetings to identify new and non-traditional risks arising in the course of strategic development of the Company, and commence specific risk assessment on such area.
- Commence specific risk investigation, research and assessment: Before making investment decisions, the relevant departments shall prepare the risk assessment report for specific project based on the feasibility study and the due diligence report with a view to disclosing the risks of the investment project and the impact of the risk factors, and suggest preventive measures.
- Compile risk assessment report and put forward management advice: The risks assessed and responsive measures thereof shall be submitted to the relevant business management department for consideration and review. The relevant business management department shall put forward management advice for responsive measures relating to mid- or high-level risks, formulate risk assessment and management report upon discussion with the functional departments, and provide guidance to the responsible business unit to commence its risk management works.
- Management through closed-loop tracking: Risk checkpoints identified through the specific risk assessment shall be included in the risk management ledger. Through the integration of specific monitoring and dynamic monitoring, comprehensive tracking and prevention of risks shall be in place, and various requirements relating to risk management and control shall be incorporated into corporate management and corporate procedures.
In 2018, the Group has conducted specific risk assessment in areas such as management of development and construction of new energy projects, procurement of materials, engineering construction, and put forward detailed management advice. Meanwhile, it continued to build the Group’s information platform for compliance management. Information technology will be used to manage the compliance review and assurance procedures for decision-making, contract execution, procurement and capital management. In addition, the Board also continued to attach great importance to risk prevention and control in relation to information security, internet security, sharing of financial information and the relevant confidentiality, and established systems and working mechanism to track the relevant risks according to regulatory requirements on a continuous basis, thereby ensuring the material risks of the Group are controllable and under control.
Pursuant to the risk assessment for 2018, the major risks of the Group are as follows:
|Description of Risks||Target Risk||Key Response Plan(s)|
|Risks relating to macro-economy - The potential downward trend of economic structural adjustment in China might lead to reduction in electricity demand.||
|Risks relating to policy changes - The policy changes in the electricity market were unfavourable to existing coal-fired power plants; and the policy changes in relation to tariff of new energy might affect the tariff of and subsidies for new development projects, and hence resulted in a decrease in revenue and profit. There is still uncertainty as to when the subsidies for the operating new energy projects would be in place, which have had an adverse effect on the operation.||
|Risks relating to competition based on market price of electricity - With the market-oriented reform of the power industry, there were increasing numbers of electricity sales companies which ended up with more choices. Hence, the competition for electricity sales has intensified, and most of the transaction prices of electricity in the market were lower than the benchmark electricity price.||
|Risks relating to construction project
|Risks relating to production management -
|Risks relating to cash flow - With the continuous development of the Group, there would be increase in new construction projects, investment in technical upgrade of power generating units, investment for meeting environmental compliance requirements and thus increase in indebtedness. However, with the tightened monetary policy of the central bank in the PRC, obtaining domestic financing was relatively difficult.||
|Risks relating to compliance management - Subsidiaries in different provinces, which joined the Group as a result of acquisition by the Company, may not have sufficient understanding of the regulatory and disclosure requirements for listed companies in Hong Kong, and hence lack initiative in the compliance with regulatory rules of listed companies and may not be able to report material events on a timely basis. Thus, there was risk relating to the timeliness and accuracy of information disclosure as a listed company.||