Updated : 18 Oct 2023
The Board has overall responsibility for ensuring the integrity of the Group’s accounting and financial reporting systems, and that effective systems of risk management and internal control are in place.

Financial reporting

The Board is committed to presenting a balanced, clear and comprehensible assessment of the Group’s performance, financial position and prospects to our shareholders and other stakeholders. This commitment encompasses all published information, including but not limited to the financial statements, regulatory announcements and other corporate communications. In addition, the Board is responsible for overseeing the preparation of the annual financial statements which give a true and fair view of the Group’s financial position, financial performance and cash flows for the year.
The Board is regularly provided by the management with sufficient explanation and information on the Group’s financial and operational performance as well as the development of major initiatives. In addition, the management provides the Board with management accounts and updates on a monthly basis, with a view to giving a balanced and understandable assessment of the Group’s performance, financial position and prospects to enable the Board as a whole and each Director to discharge their duties.
The Board recognises that high quality, transparent and timely financial reporting is important to secure stakeholders’ confidence in the Group, and reviews and approves the annual, interim, and quarterly results for publication within 3 months, 2 months and 45 days respectively after the end of the relevant periods so as to keep our stakeholders abreast of the performance and latest development of HKEX.

Risk management and internal control

The Board has the overall responsibility for evaluating and determining the nature and extent of the risks (including ESG-related risks) it is willing to take in achieving the Group’s strategic objectives, and maintaining sound and effective risk management and internal control systems (including those for ESG-related risks) and reviewing their adequacy and effectiveness to safeguard shareholders’ investment and the Group’s assets. To this end, management allocates resources for internal control and risk management systems based on the Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control – Integrated Framework 2013 and International Organisation for Standardisation (ISO) 31000 Risk Management - Principles and Guidelines to provide reasonable, though not absolute, assurance against material misstatement or loss and to manage rather than eliminate the risk of failure to achieve business objectives.
The Board reviews the adequacy and effectiveness of the Group’s risk management and internal control systems at least quarterly, through the Risk Committee and the Audit Committee.
The Group’s risk governance structure is based on a “Three Lines of Defence” model, with oversight and directions from the Board, Risk Committee and Group Management through the Executive Risk Committee. Details of the Group’s risk governance structure are set out in the Risk Committee Report.
The management and individual Divisions/Departments are responsible for the day-to-day management of operational risks and implementation of mitigation measures. All Division Heads are required to confirm annually that the risk management and internal control systems adopted by the Group are appropriate and effective.
The Risk Management Committee (statutory), a statutory committee established by the Board pursuant to Section 65 of the SFO (Chapter 571 of the Laws of Hong Kong), has the responsibility to oversee the policies on risk management matters relating to HKEX, SEHK and Hong Kong Futures Exchange Limited and their respective clearing houses.
Group Risk Management is responsible for the development, implementation and maintenance of the HKEX Group risk management framework, policy and standards and also ensures the alignment, integration and consistency of risk management across HKEX Group companies.
The Group Risk Management Framework mandates a consistent and effective approach applied across the Group to manage the risks associated with its business and operations. The framework is based on the International Organisation for Standardisation (ISO) 31000 Risk Management – Principles and Guidelines. Details of the framework are set out in the Risk Committee Report.
Internal audit

The Group Internal Audit (GIA) function actively supports the HKEX Group in achieving its business objectives, safeguarding its assets and reputation, and raising its control culture awareness through the provision of objective, independent and insightful assurance services to the Group’s boards and management teams. GIA has unrestricted access to all operations, records, systems, property, and personnel of the Group to perform its duties, subject to the applicable laws and regulations.

In order to preserve the independence and objectivity of the Group Internal Audit function, the Group Head of Internal Audit reports functionally to the Chairman of the HKEX Audit Committee and administratively to the HKEX Chief Executive Officer, and has direct and unrestricted access to senior management and the Board.

External audit

The function of external audit is to provide the Board and our shareholders an objective assurance on whether the Group’s financial statements give a true and fair view of the financial position and performance of HKEX in all material respects.

The Board, through the Audit Committee, considers the recommendations of the external auditor on the operational and financial risks identified during their annual audit of HKEX.


The external auditor also provides other non-audit services to HKEX for the purpose of other reporting requirements of HKEX throughout the financial reporting year.