Risk Management Report

Risk Management Philosophy

The Board acknowledges that risk management provides strong support and basic guarantee for the high-quality and sustainable development of the Group. The Board regards risk management as proactive measures for creating corporate efficiencies, and thus it vigorously promotes risk management responsibilities of the Board, management and all staff members as well as its entire business system.

The Board has established a risk management structure by adopting the “Three Lines Model” for the Group which was published and updated by the Institute of Internal Auditors (the “IIA”), under which the Group has integrated risk management with its strategic goals and has formed its risk management practice to be “Comprehensive, Focused, Dynamic and Continuous”.

At the strategic level, the Board regularly studies and clarifies the comprehensive risk indicator system in monitoring material risks associated with the Group’s businesses through the Risk Management Committee. At the operational level, the Group has also taken a dynamic approach to set up key risk checkpoints based on the internal and external changes of the Group, implemented major risk prevention in all aspects and ensured management bears their responsibilities in relation to dynamic monitoring of ongoing risk management and control during daily operating activities. The Board plays a leading role for building a “Prudent, Progressive and Responsible” risk management culture of the Group.

Risk Management Committee

The Risk Management Committee is delegated by the Board with responsibilities to oversee the Group’s overall risk management structure and to advise the Board on the Group’s risk-related issues. The Risk Management Committee is also responsible for approving the Group’s risk management policies and assessing the effectiveness of the Group’s risk controls. For details of the key work performed by the Risk Management Committee during the year 2024, please refer to the Risk Management Committee Report set out in this annual report.

Risk Management Framework

Based on the standards regarding the risk management framework of the Committee of Sponsoring Organizations of the Treadway Commission (including standards being updated from time to time) and the latest ISO31000 Risk Management Guidelines for internal control and risk management, the Group has established a risk management framework closely following the “Three Lines Model” published and updated by the IIA.

Source: The IIA’s Three Lines Model — An update of the Three Lines of Defense (July 2020)

An important feature of the updated new Three Lines Model is the shift of the emphasis from value protection and risk reduction to value creation and contribution to the achievement of strategic objectives. This perspective suggests a more proactive role for risk management in identifying opportunities in emerging risks to be seized and exploited for potential future growth and for business decision-making. The Board believes the updated model will better facilitate the Group’s strategic development in attaining its corporate goals.

The Three Lines Model is more principle-based with greater focus on the importance and role of governance and clarity of roles and responsibilities. It is supported through three components:

  1. Governing body (the board and its sub-committees) which is responsible and accountable for the stakeholders.
  2. Management (the first and second line roles) which is responsible for actions to manage risk and achieve organizational objectives.
  3. Internal audit (the third line roles) which is responsible for providing independent assurance.

The roles of three lines are as follows.

  • First line Business risk management — This group provides control self-assessment during the course of business activities. Each of the operational departments and business units, as well as personnel holding the respective business position, shall be the first response unit for handling matters within their terms of reference for risk identification and management.
  • Second line Supervision and support for risk management — This group provides the policies, framework, tools, techniques, and support to enable risk management and compliance in the first line. They include the departments responsible for the functions of internal audit, legal affairs, compliance, finance, human resources, information technology, safety and environmental protection monitoring, shall assist the front-line business departments to assume joint responsibilities for overseeing, inspecting and evaluating the effectiveness of those works relating to the implementation of risk management.
  • Third line Independent assurance — The internal audit function that sits outside the risk management processes of the first two lines. Its main roles are to ensure that the first two lines are operating effectively and to advise on all matters relating to the achievement of objectives. The Group’s Internal Audit Department and Supervision Department shall be responsible for auditing the results of the risk management works and issuing an independent audit report and supervisory report.

As a general practice, the Group as a whole, in collaboration with all business departments, continued to carry out scheduled annual major risk prevention and mitigation works and risk assessment, prevention and control for major decision-making so as to ensure the management of major risks through coordination of joint management and joint prevention, and to continuously integrate risk management awareness and concepts into the business operation. In addition, the Group’s Audit Center located in Suzhou, Jiangsu Province has made use of the centralized big data to commence audit projects, thereby optimizing the Group’s risk management network.

Risk Management Mechanisms and Procedures

Having concluded from the practical experience for a long period, the Group has developed a set of risk management mechanisms and procedures that operates steadily, which mainly comprises (i) comprehensive risk management, (ii) targeted risk management for major investment projects, and (iii) specific risk management targeting key risk areas.

(i) The procedures of comprehensive risk management are as follows:

  • Phase 1 Formulating risk management policies, strategies and risk assessment standards — The Board shall determine risk policies in respect of the Group’s governance, culture and development strategies, and shall take these policies into consideration when determining its business targets. The Risk Management Committee shall be entrusted by the Board to determine the risk management strategy of the Group, while the Group’s Internal Audit Department shall establish common risk assessment standards and set up the risk score sheet for the Group.
  • Phase 2 Comprehensively collecting first-hand information for risk management and risk identification — Each department/business unit shall extensively and continuously collect internal and external information in relation to risks of the Group and risk management thereof and identify potential risks that may have an impact on the key processes of their operations.
  • Phase 3 Conducting risk assessment and establishing comprehensive risk management ledger — Each department/business unit shall assess and score risks identified along with their impact on the business and the likelihood of their occurrence. All risks of the Group and its subordinated units shall be recorded in the risk management ledger.
  • Phase 4 Risk follow up treatment as well as tracking and update of risk management ledger on a quarterly basis — Based on the assessment, each department/business unit shall propose measures for monitoring and treatment of risk identified and determine the responsible person for the risk. All this information shall be fully recorded in the risk management ledger and updated on a quarterly basis to ensure risks are controllable.
  • Phase 5 Risk reporting and monitoring — Each department/business unit shall monitor their own risk mitigating works and summarize and report the comprehensive risk management condition to the Risk Management Committee bi-annually, so that it can keep abreast of the distribution and changes of comprehensive risks on a continuous basis, evaluate the effectiveness of the risk management works and recommend measures for improvement. The Risk Management Committee submits the Risk Management Report and the Safety and Environmental Protection Risk Management Report to the Board annually.

 

(ii) The risk management procedures targeting major investment projects are as follows:

  • Project Initiation and Feasibility Study Stage Business departments and all supporting departments for risk management shall conduct work such as feasibility study and due diligence for their investment projects, so as to fully identify and assess the risks of the investment projects and the risk cost thereof, and put forward strategies and measures against material risks.
  • Investment Decision Stage Before making investment decisions, the relevant departments shall prepare the risk assessment report for specific projects based on the feasibility study and the due diligence report with a view to disclosing the risks of the investment project and the impact of the risk factors, and recommend preventive measures.
  • Construction Stage The relevant departments shall conduct risk analysis on the conditions for commencement of construction, including analysis on compliance risks relating to aspects such as land, environment and energy conservation, technical risks relating to the construction design plan and risks relating to construction management, etc. Construction work will only be commenced after establishing feasible responsive measures and passing the compliance evaluations.
  • Management through closed- loop tracking A closed-loop tracking mechanism will be implemented for the risk analysis and evaluation conclusion for each of the above stages to ensure all risks are controllable and under control.

 

(iii) The specific risk management procedures targeting key risk areas are as follows:

  • Identification and selection of key risk areas The management shall hold regular meetings to identify new, non-traditional and typical risks arising in the course of strategic development of the Company, and commence specific risk assessment on such area.
  • Commencement of specific risk investigation, research and assessment Prior to the assessment, the functional departments shall collect data, determine risk checkpoints, verify and identify risks on-site and discuss with the business management departments (brainstorming). The identified risks shall be quantified and a risk management ledger shall be established according to risk level. Responsive measures shall be formulated against such risks based on the risk strategy.
  • Compilation of risk assessment report and put forward management advice The risks assessed and responsive measures thereof shall be submitted to the relevant business management department for consideration and review. The relevant business management department shall put forward management advice for responsive measures relating to high-and mid-level risks, formulate risk assessment and management report upon discussion with the functional departments, and provide guidance to the responsible business unit to commence its risk management works.
  • Management through closed-loop tracking Risk checkpoints identified through the specific risk assessment shall be included in the risk management ledger. Through the integration of specific monitoring and dynamic monitoring, comprehensive tracking and prevention of risks shall be in place, and various requirements relating to risk management and control shall be incorporated into corporate management and corporate procedures.

 

(iv) Other regular risk management procedures

  • Information system security The Group shall conduct specific risk assessments in such areas as network security, financial sharing system, and information confidentiality on an ongoing basis and put forward detailed management advice from time to time, thereby ensuring the risks are controllable and under control. Meanwhile, it shall continue to develop the information platform for compliance management. Information technology shall be used to manage the compliance review and assurance procedures for decision-making, contract execution, procurement and capital management.
  • Risk management responsibility appraisal The Group shall require all business units to establish a comprehensive risk management responsibility system and fulfill their risk prevention and mitigation responsibilities. The Group shall incorporate all risk control requirements into its management and operation procedures while including risk management responsibilities as a factor in annual performance appraisal, with the aim of raising the risk prevention awareness of all business units and encouraging them to plan for and implement risk prevention measures proactively.

 

During 2024, the Group continued to focus on the strategic vision of becoming a “World-class Green and Low-carbon Energy Provider” and the mission of “Lower Carbon Empower Better Life”. Coupled with the risk assessments based on the changes in recent and mid- to long-term internal and external conditions, the Risk Management Committee, as agreed with the management and approved by the Board, identified and confirmed six major risks of the Group. These risks included innovation risks, financial risks, market risks, new energy business investment and operational risks, construction project risks, and human resources risks. Details of the relevant major risks are as follows:

No. 1 — Innovation risks
Description of Risks Key Response Measures
Risk of insufficient innovation and development capability: Due to the fierce external competitive environment of certain emerging industries, the failure of the management team to take agile actions to capture or respond to market demands, and insufficient core competitiveness of potential newly developed products posed challenges to the innovation-driven development.
  • Compile industry dynamics reports, conduct market and competitor analysis, and understand industry trends and customer needs.
  • Based on market and user feedback, adjust corporate strategies in a timely manner, and continuously enhance product features and user experience.
  • Assign management personnel with extensive experience to assist the management teams involving the emerging industries to improve the management mechanism, so as to enhance their market responsiveness and decision-making efficiency.
  • Cooperate with higher education institutions, research institutes and other enterprises to promote the exchange of technology and knowledge and strengthen research on tackling technological challenges.
Technological innovation risk: Technological innovation involves new technologies or theories, causing risks of application failure, loss of funds or reputational damage.
  • Strictly control the conditions for the initiation of scientific research and development projects, conduct in-depth validation and testing of projects, and review their feasibility and innovation to reduce the risk of project failure and optimize the allocation of resources.
  • Strengthen the management of scientific research and development processes, establish a monthly tracking mechanism, prepare an implementation report, and rectify problems in a timely manner.
  • Timely dispose of or stop the loss from scientific research and development projects that fail to be commercialized or are loss-making for a long period of time.
No.2 — Financial risks
Description of Risks Key Response Measures
High gearing ratio: The rates of return of certain new energy investment projects fell short of expectations and negatively impacted the gearing ratio. In addition, the Group rapidly expanded the overall scale of its new energy projects through mergers and acquisitions for cash consideration, which also accelerated the rise in the gearing ratio.
  • Promote the recovery of the profitability and cash flow of investment projects through management means, such as adopting the “Plan-Budget-Assessment-Incentive” (JYKJ) and “Dual Benchmark and Dual Incentive” (SDSJ) mechanisms throughout the entire cycle of projects.
  • Introduce strategic investors through various forms of capital injection such as debt-to-equity conversion, REITs and issuance of preferred shares.
  • Conduct thorough due diligence prior to mergers and acquisitions to ensure the financial soundness of the target companies.
  • Include additional relevant protection clauses in the terms of the merger and acquisition transaction agreements, e.g. the transferor will be responsible for compensating for losses if the target companies’ clean energy subsidies are withdrawn or reduced.
Cash flow risk: The unification and marketization of the electricity market resulted in the fall in tariffs for new energy, which coupled with the increase in investment and the slow recovery of clean energy subsidies, have led to cash flow shortage and increased operating pressure.
  • Actively communicate with the government to fully understand the new energy subsidy policy and promote the collection of subsidies, so as to improve cash flow.
  • Flexibly adjust the investment strategy and asset structure according to market changes, and prioritize investment in power generation projects with faster returns and stable tariff recovery.
  • Conduct regular forecasts of cash flow, such as tracking and updating the Company’s interest-bearing liabilities on a monthly basis, paying attention to the ratio of long-term and short-term loans, identifying potential risks of shortage of funds in advance, and formulating corresponding countermeasures.
  • Enhance cost control and optimize operational efficiency to reduce overall expenses, such as commencing coal-and-power joint-operation projects to stabilize fuel costs.
Impairment risk: The unification and marketization of the electricity market have also widened the discrepancy between the actual tariffs and the projected tariff at the initiation of new energy projects. Moreover, the regional electricity market between provinces has not yet matured, which limited the consumption of green electricity and resulted in continued losses from clean energy projects. In addition, the power production quota of certain clean energy projects were withdrawn or reduced due to changes in local policies, and the cost of the invested projects could not be recovered as a result, which in turn led to asset impairments. Failure to timely identify impairment indicators also hindered the treatment of impairment in a timely manner, thereby causing overestimations of the carrying value of assets and earnings.
  • At the project initiation stage, conduct a comprehensive cost-benefit analysis and adopt a scenario analysis approach. By considering different market and policy scenarios, the financial performance of the projects is assessed under various situations to formulate more resilient investment strategies.
  • Regularly assess the impact of local policy changes on the projects and make timely adjustments to project planning and operation strategies.
  • Establish a financial risk early warning system, identify and respond to potential impairment indicators in a timely manner, and conduct impairment tests regularly to ensure compliance of accounting treatments with relevant standards.
No. 3 — Market risks
Description of Risks Key Response Measures
Electricity value risk: As the scope and scale of the electricity spot market, green electricity and green certificate trading market are gradually expanding, the value of the Group’s electricity is uncertain.
  • Conduct annual medium- and long-term trading properly to stabilize the overall transaction volume and price throughout the year. Strengthen the response to the spot market to increase spot trading level and market returns.
  • Conduct trend analysis of the green power and green certificate trading markets to enhance the sensitivity to market changes and improve the rationality and accuracy of spot trading decisions.
Fuel procurement risk: Coal price mechanism under long-term contracts may pose challenges on the implementation, which could increase the difficulty of achieving cost reduction and control.
  • Stabilize the long-term cooperation with existing key coal enterprises and develop coal-and-power joint-operation to enhance the fulfillment rate of long-term contracts.
  • Strengthen market analysis, seize the market opportunities brought about by the lower prices, and control procurement costs through staggered procurement, storage in low seasons and consumption in peak seasons, and securing long-term supply in advance.
No.4 — New energy business investment and operational risks
Description of Risks Key Response Measures
Investment risk: The income generated from investment projects in the new energy sector is primarily influenced by electricity prices and consumption, which are significantly affected by fluctuations in the electricity market. The implementation of power restriction policies has led to a decrease in the volume of electricity connected to the grid. Additionally, adjustments to electricity pricing policies have caused market-trading-tariff to decline. The risks associated with power restrictions and falling tariffs have not been fully evaluated, resulting in potential investment and operational risks.
  • Strictly control the project costs before investment decisions are made, keeping enough margins for risk control to mitigate and control the investment risk.
  • Enhance the preliminary work of projects to ensure that issues such as land, power connection and consumption are resolved before investment decisions are made. At the same time, the conditions of power connection and market consumption are fully substantiated, and power storage and distribution, participation in market trading and time-based tariff adjustment are considered in advance.
  • Track the progress of key projects on an ongoing basis, report the development progress monthly, and resolve difficult issues with the quarterly coordination meetings.
  • Proactively study national policies, pay close attention to market changes, and make timely adjustments to project development strategies according to the situation.
Risk of changes in industrial policies: Adjustments to the government policies on subsidizing clean energy may adversely affect the Group’s production and operation.
  • Closely monitor technological changes in the market and industrial chain, and reduce reliance on subsidy policies by upgrading the level of project management. Achieve grid parity for photovoltaic and wind power projects and reduce the cost gap between new energy power generation and fuel power generation.
No.5 — Construction project risks
Description of Risks Key Response Measures
Construction quality risk: Inadequate quality control, supervision as well as inspection and acceptance during the project construction and testing stage can result in potential quality problems in construction projects. In addition, new energy projects under construction acquired by the Group through mergers and acquisitions are also subject to construction quality risks upon handover.
  • Supervise the project unit to establish and optimize the quality control system, and hire a qualified supervision company for monitoring and timely rectification of the problems identified to ensure that the construction quality meets the standards.
  • Prior to mergers and acquisitions, conduct comprehensive due diligence, pay special attention to the quality of work, construction progress and compliance of projects under construction, and ensure that all relevant documents and certificates are complete.
  • Set quality inspection and acceptance standards, and ensure that the projects comply with relevant laws, regulations and industry standards at the time of handover.
  • Specify the legal responsibilities of all parties during the handover of the project, including the liability for defects in the quality of works and breach of contract, and ensure that there are legal grounds for recourse.
Construction safety risk: Certain projects are not fully staffed with safety management personnel, and the relevant management system is not effectively implemented, resulting in inadequate safety management.
  • Optimize the safety management system, formulate special precautionary measures for dangerous project operations, carry out regular safety drills, and improve the emergency response capability to ensure that production safety is controllable and under control.
Construction bidding and tendering risk: In the process of construction bidding and tendering, the lack of a strict approval process and insufficient review of contractors’ technical qualifications can increase the risks of construction safety and quality.
  • Strengthen the review of bidders’ qualifications, standardize bidding and tendering documents and procedures, and improve process supervision to ensure the compliance of the bidding and tendering process with laws, regulations and project requirements.
No. 6 — Human resources risks
Description of Risks Key Response Measures
Shortage of talents to guide power trading: Newly commissioned new energy projects lack personnel with sufficient knowledge and capability for trading green power, green certificate and provision of ancillary trading service, leading to failure in catching electricity sales during high tariff periods.
  • Recruit and train specialized traders to enhance their capacity in green power, green certificate and ancillary trading services.
  • Develop real-time monitoring and data analysis systems to capitalize on the market dynamics and high tariff periods in a timely manner.

For details about the risks and opportunities related to climate change and the environment that pose to the Group, please refer to the Sustainability Report 2024 of the Company, which is available on the websites of the Company and the Hong Kong Stock Exchange.