Accountability and Audit
The board of directors recognises the importance of integrity of financial information and acknowledges its responsibility for preparing financial statements that give a true and fair view of the Group's affairs and of its results and cash flows in accordance with Hong Kong Financial Reporting Standards and the Hong Kong Companies Ordinance. The board endeavours to present to shareholders a balanced and understandable assessment of CITIC Pacific's performance, position and prospects. Accordingly, appropriate accounting policies are selected and applied consistently, and judgments and estimates made by the management for financial reporting purpose are prudent and reasonable.
There are new or revised accounting standards that became effective during the year, of which the most significant and relevant to the Group are disclosed in Note 1(a).
The responsibilities of the external auditor with respect to the accounts for the year ended 31 December 2013 are set out in the Independent Auditor's Report.
External auditors and their remuneration
The external auditors perform independent review or audit of the financial statements prepared by the management. PwC has been engaged as CITIC Pacific's external auditor since 1989 and retired at the close of the 2013 AGM. Since then, KPMG has been appointed as CITIC Pacific's external auditor in place of PwC; more details in relation to the appointment are disclosed in the announcement of CITIC Pacific dated 2 April 2013. For year 2013, KPMG's fees for its services were approximately as follows:
Statutory audit fee: HK$41 million (2012: HK$21 million)
Fees for other services, including review of the half-year financial statements, special audits, advisory services relating to systems and tax services: HK$11 million (2012: HK$6 million).
Other audit firms (including PwC) provided statutory audit services at a fee of approximately HK$15 million (2012: HK$44 million) and provided other services for fees of HK$5 million (2012: HK$9 million).
The board has overall responsibility for maintaining a sound and effective internal control system, which is designed and operated to provide reasonable assurance that the business objectives of CITIC Pacific in the following areas are achieved:
- effectiveness and efficiency of operations, including the achievement of performance and operating targets and the safeguarding of assets by the management;
- reliability of financial and operating information provided by the management, including management accounts and statutory and public financial reports; and
- compliance with applicable laws and regulations by business units and functions.
CITIC Pacific's internal control framework
CITIC Pacific has developed an integrated internal control framework for providing assurance of the achievement of its business objectives, which is consistent with the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework and the Basic Standard for Enterprise Internal Control (the “Basic Standard”), which takes effect from 2012 in mainland China and is commonly called China-Sox.
The internal control framework adopted by CITIC Pacific is demonstrated below:
In May 2013, the COSO released an updated and enhanced version of its COSO internal control framework ("the new COSO"). The board and management are now assessing the impact of the new requirements for ensuring smooth implementation across the Group by end of 2014.
As part of this internal control initiative, new internal control self-assessment tools will be deployed, and the internal control questionnaires will be updated.
Key control policies and measures
Under CITIC Pacific’s internal control framework, risk management and internal control are primarily the collective responsibility of every manager and employee. For consistent compliance by every person in CITIC Pacific, the following key control policies and measures are implemented in the everyday activities, which are summarised below:
Monitoring of internal control effectivenessMonitoring of internal control effectiveness
On behalf of the board, the audit committee during the year evaluated the effectiveness of the internal control system of the Group, including financial, operational and compliance controls and risk management, as well as adequacy of resources, qualifications and experience of staff of the accounting and financial reporting functions, and their training programme and budget.
Major internal control reviews conducted during the year is summarized below:
The board and management will continue to look into opportunities for further enhancing the effectiveness of the internal control system of the Group by ensuring that adequate and effective internal controls are in place under CITIC Pacific's internal control framework, and that they are in conformity with the internal control requirements under the Listing Rules and other applicable regulations and laws in different jurisdictions.
CITIC Pacific regards group internal audit as an important part of the board and audit committee's oversight function. The principal objective of group internal audit, which is set out in an internal audit charter, is to provide the board and the management with useful information and recommendations on the adequacy and effectiveness of the internal control system of the Group.
Authority and accountability
Under the internal audit charter endorsed by the audit committee, the group internal audit function is authorised by the board to have access to all records, people and physical properties relevant to the performance of the internal audit. The group internal auditor has unrestricted access to the chairman of the audit committee and reports directly to the audit committee for direction and accountability. This reporting relationship enables group internal audit to provide an objective assurance to the effectiveness of the internal control system of the Group.
The duties of group internal audit are described in the internal audit charter. It requires that (a) internal audits are conducted with proficiency, objectivity and due professional care in compliance with the standards, guidelines, and the code of ethics of the Institute of Internal Auditors; (b) audit testing and reviews are carried out at all levels of the Group to provide reasonable assurance as to whether the system of internal control is adequate; the assets of the Group are properly safeguarded; the operations are conducted effectively and efficiently in accordance with the Group's strategic objectives, policies and procedures as well as relevant laws and regulations; and the accounting records of the audited entities and operations are reliable and (c) special reviews are conducted by group internal audit when required by the management, the audit committee or the board.
Internal audit resources and major work done in 2013
The group internal audit function, led by the group internal auditor, comprised 28 audit staff members at 31 December 2013 who are based in Hong Kong, Perth, Shanghai and Guangzhou respectively to provide audit services to various business units and functions of the Group. In response to CITIC Pacific Mining's transition from construction to operations, the group internal audit function was strengthened by the addition of three operational auditors. This enabled the integrated operational audits on the mining operations as well as the downstream value-chain activities. During the year, the audit of a major subsidiary of CITIC Telecom International Holdings Limited, a listed associate, was completed on a co-sourcing basis with a leading professional accounting firm to increase the internal audit value.
During the year, the group internal auditor prepared and submitted the annual internal audit plan to the audit committee for approval, according to a risk-based audit priority weighting policy. Pursuant to the approved annual plan, detailed audit planning for each audit, followed by field visits and discussions with management, was conducted with the use of a risk-based audit methodology. Reports to the management were prepared after completion of the audit work, and were summarised for review at each audit committee meeting. Continual follow-up work was undertaken by group internal audit to establish the extent of completion of remedial actions taken by the management, with follow-up results, audit progress and available resources reviewed by the audit committee at each committee meeting.
In 2013, group internal audit issued internal audit reports and observation papers to the management covering various operational and functional units of the Group, including iron and steel operations, property, energy, head office functions, Dah Chong Hong Holdings Limited and CITIC Telecom International Holdings Limited. Group internal audit also conducted other reviews during the year.
Other tasks performed by the group internal audit function and the group internal auditor during the year included:
- Provided oversight of the whistle-blowing channel whereby staff concerns about conduct of the business are raised and where appropriate investigations into reported cases are conducted; in 2013, one case was received through the whistle-blowing channel, which was in relation to minor human resources issues.
- Attended all monthly meetings of the executive committee to ensure that the group internal auditor stays abreast of all major developments in the Group and the audit work progress, major audit findings and related follow-up results are reported on a monthly basis.
- Worked together with the management of a special steel business in mainland China and an external consultancy firm, with respect to the implementation of the internal control requirements under the Basic Standard for Enterprise Internal Control (the Basic Standard' or commonly called the "China-Sox") for ensuring full compliance with the regulations. The special steel company has issued its first China-Sox compliance report in the 1st quarter of 2013.
- Delivered a presentation on the new COSO internal control requirements in the Group's finance conference; presented the whistle-blowing process of CITIC Pacific in the Group's finance conference, human resources conference and head office's code of conduct refresher sessions respectively, with the objective of promoting good staff conduct.
- Carried out ongoing assessments of information technology controls pursuant to the annual audit plan; participated in the development of the Group's new treasury system by providing internal control suggestions for enhancement purposes.
- Assisted in the monitoring of the 2013 internal control and compliance self-assessment exercises for major business units and head office functions, regarding internal controls, risk management activities, compliance with internal policies and legal and regulatory requirements, as well as adequacy, qualification, experience and training programmes of the accounting and financial reporting functions of the Group.
- Liaised with internal control software houses and explored the feasibility of introducing an online standardised platform for facilitating the Group's internal control self-assessments, as well as enhanced audit management tools.
- Rendered support in the groundwork for the group-wide corporate governance initiatives, namely, new COSO implementation and Environmental, Social and Governance (ESG) reporting.
- Implemented continuous training and development programmes, including quarterly sharing sessions and periodic training workshops, for all internal audit staff to enhance their audit skill sets and knowledge.
- Benchmarked the internal audit charter against the latest version of the International Professional Practices Framework issued by the Institute of Internal Auditors to ensure the group internal audit function remains in line with internationally recognised internal audit practices; the revised internal audit charter was submitted to the audit committee for endorsement in May 2013.