(Extracted from Annual Report 2019)
The Swire group has had an Internal Audit Department ("IA") in place for 24 years. IA plays a critical role in monitoring the governance of the Group. The department is staffed by 25 audit professionals and conducts audits of the Group and of other companies in the Swire group. The 25 professionals include a team based in Mainland China which reports to IA in Hong Kong.
IA reports directly to the Audit Committee without the need to consult with management, and via the Audit Committee to the Board. IA has unrestricted access to all areas of the Group's business units, assets, records and personnel in the course of conducting its work.
The annual IA work plan and resources are reviewed and agreed with the Audit Committee.
Business unit audits are designed to provide assurance that the risk management and internal control systems of the Company are implemented properly and operating effectively, and that the risks associated with the achievement of business objectives are being properly identified, monitored and managed.
The frequency of each audit is determined by IA using its own risk assessment methodology, which is based on the COSO (Committee of Sponsoring Organizations of the Treadway Commission) internal control framework, considering such factors as recognised risks, organisational change, overall materiality of each unit, previous IA results, external auditors' comments, output from the work of the Swire Pacific Group Risk Management Committee and management's views. Each business unit is typically audited at least once every three years. Acquired businesses would normally be audited within 12 months. 15 assignments were conducted for Swire Properties in 2019.
IA specifically assists the Audit Committee in carrying out the analysis and independent appraisal of the adequacy and effectiveness of the Group's risk management and internal control systems through its review of the process by which management has completed the annual Control Self Assessment, and the results of this assessment.
IA conducts ad-hoc projects and investigative work as may be required by management or the Audit Committee.
Copies of IA reports are sent to the Chairman of the Board, the Chief Executive, the Finance Director and the external auditors. The results of each review are also presented to the Audit Committee.
Management is called upon to present action plans in response to IA's recommendations, including those aimed at resolving material internal control defects. These are agreed by IA, included in its reports and followed up with a view to ensuring that they are satisfactorily undertaken.