Corporate Governance Back to list
Risk culture and management measures
The Company follows COSO’s guidance on enterprise risk management. Coupled with the formulation and execution of strategies, the Company carried out culture building, competence development and practice in respect of risk while creating, maintaining and realizing value. The Company has formulated the “Risk Assessment and Prevention” system, which specifies the responsibilities of organizations at all levels in the risk management structure: the heads of SITC’s subsidiaries and departments (centers) are the first line of defense for risk management; the audit department of the operation management center together with the Risk Management Committee and the Safety Committee under the Board serve as the second line of defense for risk management; and the Board is the third line of defense for risk management. We will consistently monitor the development of risk management, and continuously improve and optimize our system and measures to ensure comprehensive realization of the Compan’s risk culture.
The Company has been dedicated to building a strong risk culture to ensure all staff have full understanding of the importance of risk management. To achieve this goal, we have adopted the following strategies to facilitate and strength our effective risk culture throughout the group:
1. Measures to report risks
The company encourages employees to proactively identify and report potential risks, and has established the following mechanisms:
1) Internal reporting: The company has established an internal reporting mechanism to encourage employees to proactively identify and report potential risks. The internal reporting mechanism includes telephone hotline, email, website reporting, etc.
2) Supervision and feedback: The company has established an internal audit department to be responsible for the supervision and feedback mechanism to supervise and evaluate the risks reported by employees and provide timely feedback. Supervision and feedback include regular inspections, random inspections, anonymous reports/anonymous questionnaires, etc. to ensure employees are motivated and effective in reporting risks.
3) Protection from retaliation: The Company ensures that employees are protected from retaliation in reporting risks. The company has relevant policies and systems in place to ensure the safety and security of employees in reporting risks.
2. Continuous improvement of risk management practices
The Company continuously improves its risk management practices by engaging employees in a structured feedback process. Employees can put forward suggestions and opinions on risk management to help the company optimize risk management measures.
The company formulates a "Risk Description and Control Summary Table" and the Operations Management Center organizes a revision for all employees of the entire group at least once a year to analyze the various risks faced by the company and focus on important emerging risks that may arise in the next three and five years, including the impact on the business and develop responses.
Employees can submit feedback forms through the company's intranet website to express their views and suggestions on emerging risks. Feedback form submissions will be reviewed and categorized by a dedicated team so that issues can be quickly identified and resolved.
The team will communicate regularly with employees to share their suggestions and comments and explain the steps the company has taken.
The Company will regularly evaluate the effectiveness of the feedback process and make improvements as necessary. Through this feedback process, the company successfully collected a wealth of valuable feedback, including employee suggestions on risk management processes, emerging risk prevention measures, and feedback on training and communication plans.
This case is an epitome of our company's continuous improvement of risk management practices. We are committed to involving employees and management in the risk management process, so that more employees can understand, participate in, and promote risk prevention and control. In this way, the company’s risk management capabilities can be continuously improved to ensure the long-term success of the organization.
The company also organizes middle-level and above-level managers to analyze and rank the identified risks every year from the perspectives of the possibility of risk occurrence and the degree of impact on the company's goals, and determine the focus of attention and the risks that should be prioritized for control. The company's audit department also regularly or irregularly supervises and evaluates whether each company and business unit can carry out risk management work in accordance with relevant regulations and the effectiveness of its work.
For typical risk cases that have occurred, the company will also organize case writing, list warnings and countermeasures, and publish them on the group's internal website to facilitate everyone's continuous learning and improvement.
3. Reward and Punishment Measures
The company incorporates risk management indicators into the reward and punishment system to encourage employees to pay attention to risk management. Specific incentives and indicators include reducing occupational health and safety accidents and reducing environmental risks. For senior managers and business managers, we set different incentives and indicators to ensure that they are held accountable in terms of risk management.
4. Risk management training
The company conducts centralized training on risk management principles throughout the organization. The training includes basic knowledge of risk management, risk identification and assessment, risk control and response, etc., to improve employees' risk awareness and risk management capabilities. We regularly invite experts to conduct internal training and share best practices and cases in risk management.
5. Human Resources Review Process
We incorporate risk management standards into the HR review process for employee evaluations to ensure employees focus on risk management in their daily work. A risk (accident) performance element is included in employee performance evaluations to encourage employees to take proactive steps to reduce risks.
Performance evaluation plan: The company has a specific performance evaluation plan that includes risk performance elements to encourage employees to pay attention to risk management in their daily work. Risk performance elements include employees' performance in risk management, such as discovering and reporting potential risks, taking measures to reduce risks, etc. At the same time, the company ensures that the human resources review process is fair, transparent and operable to ensure that employees pay attention to risk management in their daily work.
6. Risk criteria are incorporated into the planning, development or approval process
As a company that provides maritime logistics services, the company needs to consider possible risks during the transportation service process and take measures to reduce the possibility and impact of these risks. Incorporating risk criteria into the new route development or approval process is one of our key strategies for building a strong risk culture.
Risk control plan: Based on the results of the risk assessment, the company will develop a risk control plan to reduce the likelihood and impact of potential risks. These plans will incorporate key concerns during the development of new routes.
Risk monitoring and improvement: The company has established a monitoring and improvement mechanism to ensure that new routes comply with risk management requirements during service implementation. These mechanisms include regular risk reviews and improvement plans, as well as risk reporting and recording.
7. Other ways to innovate an effective risk culture
In order to further promote the construction of risk culture, the company has also adopted other innovative methods. In order to implement risk prevention and control measures, the company has clarified the corresponding risk prevention and control responsibility positions/responsible persons for each risk identified. And organized the relevant responsible person to supplement, revise and improve the corresponding risk prevention and control measures from time to time