Risk management
The board of directors has the overall responsibility for the company's risk governance. The audit committee assists the board of directors in supervising the risk management system, including reviewing the enterprise risk management structure and processes to facilitate the identification and management of risks, and reporting to the board of directors major issues, findings and suggestions related to risk management.
The risk management policy approved by the board of directors affirms the company's commitment to a sound and effective risk management system and culture. By integrating and managing all potential risks, it assists the management team in making informed and thoughtful business decisions to ensure that the company faces The risks have been known and controlled within the scope of risk appetite and risk tolerance.
1 In order to improve the company's corporate governance, implement risk management in business operations, and conduct risk management against uncertain factors that may threaten the company's operations, these management policies and procedures (hereinafter referred to as these policies and procedures) are formulated.。
2 The company formulates this policy and procedure in accordance with the relevant provisions of the "Principles for Establishing Internal Control Systems for Publicly Offering Companies" promulgated by the Financial Supervisory Commission and the "Practical Code of Risk Management for Listed Overseas Companies" of the stock exchange, and establishes an effective risk management mechanism to assess and supervise its risk-taking capacity, current status of risk exposure, decision-making risk response strategies and compliance with risk management procedures.
3 The company's risk management goal is to consider and manage various risks that may affect the achievement of corporate goals through a complete risk management structure, and to achieve the following goals by integrating risk management into operating activities and daily management processes:
3.1 Achieve corporate goals.
3.2 Improve management efficiency.
3.3. Provide reliable information.
3.4 Effectively allocate resources.
4 The company's risk management includes four major aspects: corporate governance, environmental protection (including climate and natural resources), social inclusion, and innovative value related to the company's operations. It mainly includes: strategic risk, operational risk, financial risk, information risk, and legal risk. Compliance risks, integrity risks, and other emerging risks (such as climate change, biodiversity, forest, water, or infectious disease-related risks), etc., and comply with the provisions of relevant laws and regulations to identify, analyze, evaluate, respond to, and Monitor, report and disclose significant risk impacts.
5 The Company adheres to the concept of sustainable operation and establishes, implements and maintains a proactive risk management mechanism, continuously monitors internal and external issues and environmental changes, implements operational impact analysis, and improves the ability to effectively and flexibly respond to relevant challenges. It conducts regular self-examination and Continuously improve the company's resilience to achieve its commitment to uninterrupted operations and protect the best rights and interests of customers and stakeholders.
6 Risk management organizational structure:
6.1 The company's highest risk management responsible unit is the Board of Directors, which approves risk management policies and relevant norms, supervises the overall implementation of risk management, and ensures effective risk management and control.
6.2 In order to assist the board of directors in performing its risk management responsibilities, the audit committee has established a risk management group. The risk management group conducts a comprehensive assessment of the company's operational risks and emerging risks, with the chief financial officer serving as the convener.
6.3 Risk management team: The top manager of each unit serves as a risk management member to ensure that the operating unit implements the risk management system and is responsible for the implementation of risk management procedures.
6.4 Audit unit: It is an independent unit of the company affiliated with the board of directors. Its risk management responsibilities are mainly internal control and internal audit-related risk management.
6.5 Audit unit: It is an independent unit of the company affiliated with the board of directors. Its risk management responsibilities are mainly internal control and internal audit-related risk management.
6.6 The verification procedures for the accuracy and completeness of the risk scope, control functions and information sources covered by the company's risk management information system are handled in accordance with relevant regulations such as internal control systems and management regulations or operating procedures.
7 This policy and procedure identifies the following risk items according to three risk categories: preventable risk, strategic risk and external risk::
7.1 Strategic operational risk: refers to the risk that affects the company's operations due to uncertain factors, such as industrial development and competition, technological development and changes, changes in operating models, etc.
7.2 Financial risk: refers to market risks arising from fluctuations in interest rates, exchange rates, etc., credit default risks of transaction partners, and liquidity risks of inability to obtain sufficient funds, etc.
7.3 Product liability/customer relationship management risks: refers to the risks arising from the quality of goods sold, doubts about catering hygiene or customer complaints, such as product inspection, catering staff health and food safety and hygiene, customer complaint handling, etc.
7.4 Occupational safety risks: refers to the risks that employees may bear in the working environment and personal health, such as fire safety, epidemic infectious diseases, etc.
7.5 Information security risk: refers to the risk that information assets are compromised and the confidentiality, integrity and availability of information cannot be ensured, including risks of personal data leakage, customer transaction information being stolen, computer viruses or malicious program intrusions, etc.
7.6 Human resources risk: refers to the risk of difficulty in retaining or recruiting personnel due to differences in working environment, salary and benefits, etc., such as human rights policies, talent cultivation and equal employment, etc.
7.7 Compliance risk: refers to the risk of financial or goodwill losses caused by failure to comply with relevant regulations of the competent authority, or other factors such as poor contract specifications, ultra vires behavior, omissions in terms, non-legal effect of the transaction party, etc., such as violations of regulations, invalid contracts, etc.
7.8 Environmental disaster risk: refers to the risk of environmental issues such as climate change and natural disasters affecting the company's operations and finance, such as energy management, greenhouse gas emissions, water resources management, waste management, etc.
7.9 Other risks: In addition to the risks mentioned above, there are other risks that may cause the company to suffer significant losses.
8 Risk management is the responsibility of each department. All units of the company should identify, monitor, report and disclose information on specific risk sources, and confirm and classify them for further measurement and management. Each department of the company should, based on the business it is engaged in, fully consider and effectively manage all relevant risks and sources, and implement risk management in accordance with these standards.
9 The risk management team should report the status of risk management operations to the Audit Committee and the Board of Directors at least once a year; the relevant operations and execution status of this policy and procedure, risk management organization, and annual risk management shall be reported in the company's annual report, official website, or corporate sustainability report. Make public disclosures and keep them updated.
10 These policies and procedures shall be implemented upon approval by the Board of Directors, even if revised.
These policies and procedures are effective as of November 12, 2024.
Back to list
The risk management policy approved by the board of directors affirms the company's commitment to a sound and effective risk management system and culture. By integrating and managing all potential risks, it assists the management team in making informed and thoughtful business decisions to ensure that the company faces The risks have been known and controlled within the scope of risk appetite and risk tolerance.
Jinli Group Holdings Limited
Risk Management Policies and Procedures
1 In order to improve the company's corporate governance, implement risk management in business operations, and conduct risk management against uncertain factors that may threaten the company's operations, these management policies and procedures (hereinafter referred to as these policies and procedures) are formulated.。
2 The company formulates this policy and procedure in accordance with the relevant provisions of the "Principles for Establishing Internal Control Systems for Publicly Offering Companies" promulgated by the Financial Supervisory Commission and the "Practical Code of Risk Management for Listed Overseas Companies" of the stock exchange, and establishes an effective risk management mechanism to assess and supervise its risk-taking capacity, current status of risk exposure, decision-making risk response strategies and compliance with risk management procedures.
3 The company's risk management goal is to consider and manage various risks that may affect the achievement of corporate goals through a complete risk management structure, and to achieve the following goals by integrating risk management into operating activities and daily management processes:
3.1 Achieve corporate goals.
3.2 Improve management efficiency.
3.3. Provide reliable information.
3.4 Effectively allocate resources.
4 The company's risk management includes four major aspects: corporate governance, environmental protection (including climate and natural resources), social inclusion, and innovative value related to the company's operations. It mainly includes: strategic risk, operational risk, financial risk, information risk, and legal risk. Compliance risks, integrity risks, and other emerging risks (such as climate change, biodiversity, forest, water, or infectious disease-related risks), etc., and comply with the provisions of relevant laws and regulations to identify, analyze, evaluate, respond to, and Monitor, report and disclose significant risk impacts.
5 The Company adheres to the concept of sustainable operation and establishes, implements and maintains a proactive risk management mechanism, continuously monitors internal and external issues and environmental changes, implements operational impact analysis, and improves the ability to effectively and flexibly respond to relevant challenges. It conducts regular self-examination and Continuously improve the company's resilience to achieve its commitment to uninterrupted operations and protect the best rights and interests of customers and stakeholders.
6 Risk management organizational structure:
6.1 The company's highest risk management responsible unit is the Board of Directors, which approves risk management policies and relevant norms, supervises the overall implementation of risk management, and ensures effective risk management and control.
6.2 In order to assist the board of directors in performing its risk management responsibilities, the audit committee has established a risk management group. The risk management group conducts a comprehensive assessment of the company's operational risks and emerging risks, with the chief financial officer serving as the convener.
6.3 Risk management team: The top manager of each unit serves as a risk management member to ensure that the operating unit implements the risk management system and is responsible for the implementation of risk management procedures.
6.4 Audit unit: It is an independent unit of the company affiliated with the board of directors. Its risk management responsibilities are mainly internal control and internal audit-related risk management.
6.5 Audit unit: It is an independent unit of the company affiliated with the board of directors. Its risk management responsibilities are mainly internal control and internal audit-related risk management.
6.6 The verification procedures for the accuracy and completeness of the risk scope, control functions and information sources covered by the company's risk management information system are handled in accordance with relevant regulations such as internal control systems and management regulations or operating procedures.
7 This policy and procedure identifies the following risk items according to three risk categories: preventable risk, strategic risk and external risk::
7.1 Strategic operational risk: refers to the risk that affects the company's operations due to uncertain factors, such as industrial development and competition, technological development and changes, changes in operating models, etc.
7.2 Financial risk: refers to market risks arising from fluctuations in interest rates, exchange rates, etc., credit default risks of transaction partners, and liquidity risks of inability to obtain sufficient funds, etc.
7.3 Product liability/customer relationship management risks: refers to the risks arising from the quality of goods sold, doubts about catering hygiene or customer complaints, such as product inspection, catering staff health and food safety and hygiene, customer complaint handling, etc.
7.4 Occupational safety risks: refers to the risks that employees may bear in the working environment and personal health, such as fire safety, epidemic infectious diseases, etc.
7.5 Information security risk: refers to the risk that information assets are compromised and the confidentiality, integrity and availability of information cannot be ensured, including risks of personal data leakage, customer transaction information being stolen, computer viruses or malicious program intrusions, etc.
7.6 Human resources risk: refers to the risk of difficulty in retaining or recruiting personnel due to differences in working environment, salary and benefits, etc., such as human rights policies, talent cultivation and equal employment, etc.
7.7 Compliance risk: refers to the risk of financial or goodwill losses caused by failure to comply with relevant regulations of the competent authority, or other factors such as poor contract specifications, ultra vires behavior, omissions in terms, non-legal effect of the transaction party, etc., such as violations of regulations, invalid contracts, etc.
7.8 Environmental disaster risk: refers to the risk of environmental issues such as climate change and natural disasters affecting the company's operations and finance, such as energy management, greenhouse gas emissions, water resources management, waste management, etc.
7.9 Other risks: In addition to the risks mentioned above, there are other risks that may cause the company to suffer significant losses.
8 Risk management is the responsibility of each department. All units of the company should identify, monitor, report and disclose information on specific risk sources, and confirm and classify them for further measurement and management. Each department of the company should, based on the business it is engaged in, fully consider and effectively manage all relevant risks and sources, and implement risk management in accordance with these standards.
9 The risk management team should report the status of risk management operations to the Audit Committee and the Board of Directors at least once a year; the relevant operations and execution status of this policy and procedure, risk management organization, and annual risk management shall be reported in the company's annual report, official website, or corporate sustainability report. Make public disclosures and keep them updated.
10 These policies and procedures shall be implemented upon approval by the Board of Directors, even if revised.
These policies and procedures are effective as of November 12, 2024.