Only 1% of Hong Kong Listed Companies provided detailed descriptions of their internal control review process

Grant Thornton Hong Kong calls for companies to plan ahead in light of the change in disclosure requirement regarding risk management and internal control

Grant Thornton Hong Kong Corporate Governance Review 2015 (the “Report”) finds although 34% of the Hang Seng Composite Index (HSCI) companies claimed full compliance with the Hong Kong Corporate Governance Code (the “Code”), only 1% of the HSCI companies provided detailed descriptions of their internal control review process. The Report also shows that nearly half (49%) of the HSCI companies and 80% of HSI companies devoted a section in their annual reports or on their websites to discuss ESG issues.

Hong Kong Exchanges and Clearing Limited (HKEx) announced the Consultation Paper on Review of the Environmental, Social and Governance Reporting Guide (or “Consultation”) in July this year, which emphasised the integration of risk management and internal control; highlighted the role and responsibilities of the board and management of listed companies; raised the disclosure level of annual review; and stressed the importance of an internal audit function. Such revisions will become effective for accounting periods beginning on or after 1 January 2016.

37% of companies reviewed the effectiveness of risk management

Grant Thornton Hong Kong compared the 2014 annual reports of 453 Hang Seng Composite Index (HSCI) companies, where over 80% of HSCI companies gave a statement that they have reviewed the effectiveness of their risk management, while 37% of HSCI companies claimed full compliance with the Code. However, merely 1% of HSCI companies provided any disclosure regarding the details of findings of their internal control review and only a small proportion (13%) of HSCI companies gave real insight as to how they review the effectiveness of their internal control systems. Nearly one-third (26%) of HSCI companies disclosed the approach or framework adopted for their risk management or internal control systems.

In light of the Consultation, Eugene Ha, advisory partner of Grant Thornton Hong Kong commented, “Though the suggestions bring along some degree of uncertainty that the listed companies would need to explore, for example, the composition of risk management committee and the sufficiency level of disclosure, we believe such amendments can help them enhance transparency, so as to raise their risk management and internal control standards - not only for the sake of following the rules, but also elevating the investors’ confidence in the company.”

Listed companies to look into potential network and cyber and IT security issues and risks

Information technology has inevitably brought huge impact to all businesses, yet even though information technology and network systems are playing increasingly important roles nowadays, the Report shows a mere 10% of HSCI companies have made any mention of cyber security and IT security related contents in their annual reports.

Henna Liu, advisory manager of Grant Thornton Hong Kong said, “Breakdown and damage of system and data could bring severe impact on the daily operations of a company and jeopardize its finance and reputation. In light of the increasing reliance on IT systems, we encourage the board and senior management of listed companies to proactively look into potential cyber and IT security issues and risks.”

The Consultation also suggested enhancing the disclosure on ESG - related issues and required listed companies to disclose whether the companies have followed the “comply or explain” rule as stipulated under the “Environmental, Social and Governance Reporting Guide” in their annual reports or relevant reports. Meanwhile, the Consultation also attempted to provide clarity on the role of the board by requiring the board to give comprehensive responses on their ESG strategies and disclosures, so as to ensure an effective ESG risk management and internal control system has been adopted by the company. It is clear that ESG will constitute an important part in corporate governance.

According to the Report, nearly half (47%) of the HSCI companies reported ESG issues on Key Performance Indicators (KPIs). Companies used these KPIs to evaluate their performance as to how effectively the companies are managing the ESG issues. Around 49% of the HSCI companies devoted a section in their annual report or on their website to discuss ESG issues in detail.

Eugene Ha concludes, “Hong Kong Stock Exchange has been continuing to enhance the corporate governance of listed companies in order to protect interests of investors. In the past, there were comparably fewer listed companies making discussions on their risk management and internal control systems. However, many listed companies nowadays would mention those in their annual reports, which demonstrated the elevation of disclosure level in those areas. We are pleased to see such improvement and strongly encourage the board and senior management to continue strengthening their risk management and internal control standards.”

Please visit our Corporate Governor page for more information.