Zheng Quan Zhi Xing·2025-05-23 10:54Core Viewpoint - The document outlines the comprehensive risk management regulations of Dongjiang Environmental Protection Co., Ltd., aiming to establish a robust risk management system to enhance risk prevention capabilities and promote high-quality development [1][2]. Summary by Sections General Principles - The regulations aim to standardize and strengthen the comprehensive risk management system of the company, ensuring risk control aligns with business development goals [1]. - Risks are categorized into three levels: general risk, significant risk, and major risk [1][2]. - Comprehensive risk management is defined as a process and method to achieve overall risk management objectives through various management activities [2]. Risk Management Objectives - The company aims to control risks within acceptable limits, ensure reliable communication of information, comply with laws and regulations, and establish crisis management plans for major risks [2][3]. Principles of Risk Management - The principles include comprehensive coverage, focus on key areas, dynamic prevention, and cost-effectiveness [3][4]. Organizational Structure - The company establishes a three-line defense system for risk management, involving various departments and a dedicated risk management department [5][6]. - The board of directors is responsible for overseeing the effectiveness of risk management and approving related policies [6][7]. Responsibilities and Culture - The chairman is the primary responsible person for risk management, and all departments are required to integrate risk management into their daily operations [7][8]. - The company emphasizes cultivating a risk management culture and training employees on risk management practices [4][8]. Risk Management Mechanism - The company should establish a comprehensive risk prevention mechanism that integrates risk management with internal control and compliance management [12][13]. - A risk assessment mechanism should be in place for major investment projects, ensuring thorough evaluation and reporting [15][16]. Risk Identification and Assessment - Departments are required to continuously collect and analyze risk information, leading to the establishment of a risk management ledger [24][25]. - Risk assessment involves identifying, analyzing, and evaluating risks based on their likelihood and potential impact [26][27]. Monitoring and Reporting - A risk monitoring system should be established to track key risk indicators and report any anomalies promptly [30][31]. - Departments must develop emergency response plans based on risk monitoring results [32]. Risk Management Strategies - The company should formulate risk management strategies that align with its development goals, including risk acceptance, avoidance, transfer, and control [33][34]. Implementation and Improvement - Risk response plans must be developed and implemented for various risks, ensuring compliance with internal controls [36][37]. - Regular audits and evaluations of the risk management system are necessary to identify deficiencies and improve processes [40][41]. Information Technology and Accountability - The company plans to establish a risk management information platform to enhance monitoring efficiency [43]. - Risk management performance will be included in the company's performance evaluation system, with accountability measures for failures in risk management [44][45].