大學校董會報告 Report of the Council 55 內部監管及成效 Internal Control and its Effectiveness 大學參考特雷德韋委員會贊助組織委員 會（COSO）內部監管綜合框架，並根據 大學結構及運作情況，制訂內部監管措 施。為確保內部監管的效率，該框架於以 下三項目標提供合理保證： • 運作目標 — 與大學運作效率有關事 宜，包括運作和財務表現目標、保護資 產免於虧損等。 • 匯報目標 — 關乎向持份者作出的內 部及外部財務和非財務匯報，涵蓋可 靠度、合時、透明度，以及監管者、認 可準則制訂者或大學政策所制訂的其 他條件等。 • 合規目標 — 關乎大學符合法規運作 事宜。 有效內部監管倚仗COSO框架下五個部 分及相關原則的運作，而該五個部分為監 管環境、風險評估、監管活動、訊息及溝 通、監控等。 自2016至17年度，大學為符合教資會定 下的風險管理匯報要求，不斷改善其風 險管理及內部監管系統。大學採用較佳 的全面風險辨識及評估措施，增加其辨 識及監控內部監管的能力，使大學貫徹 其策略目標時能把握更多機遇。 大學致力把風險管理及內部監管融合於 學術及研究等範疇的運作中，並以內部 審核確保內部監管系統的效率。在2018 至19年度，內部審計處檢視了大學若干主 要工作，包括斜坡維修、學生宿舍、研究 所、教資會成本攤分指引下的空間庫存 系統，以及依據大學風險管理框架所進 行的合規審查。 The University adopts an internal control based on the COSO (Committee of Sponsoring Organizations of the Treadway Commission) Internal Control Integrated Framework, with due consideration to the University’s structure and operation circumstances. For an effective system of internal control, the Framework provides reasonable assurance on various aspects regarding the achievement of three categories of objectives: • Operations Objectives—pertaining to effectiveness and efficiency of the University’s operations, including operational and financial performance goals, and safeguarding assets against loss. • Reporting Objectives—pertaining to internal and external financial and non-financial reporting to stakeholders, which would encompass reliability, timeliness, transparency, or other terms as established by regulators, recognized standard setters, or the University’s policies. • Compliance Objectives—pertaining to adherence to laws and regulations to which the University is subject. An effective system of internal control requires the existence and functioning of the five components and relevant principles under the Framework. The five components include the control environment, risk assessment, control activities, information and communication, and monitoring. Since 2016–17, to comply with the risk management reporting requirement under the UGC, the University has been continuously making improvements to its risk management and internal control systems. The refined holistic approach to risk identification and assessment enhances the University’s ability to identify and monitor its internal control, and respond to opportunities as the University pursues its strategic objectives. The University endeavours to further integrate risk management and internal control into its operation processes, including the academic and research areas, with the internal audit function to assure the effectiveness of the internal control system. In 2018–19, the Internal Audit Office reviewed a number of the University’s major operation areas, including slope maintenance, student accommodation, research institutes, space inventory system under UGC’s cost allocation guidelines, and also the various compliance reviews in response to the University’s risk management framework.