HKUST Annual Report 2016-17

81 Appendices SUMMARY OF INTERNAL CONTROL AND MEASURES The University has developed a system of internal control comprising both IT application based and manual controls as well as management reporting. In order to receive assurance that the system of internal control is effective and operating satisfactorily, the following arrangements are in place: (a) A Control Self-Assessment Program requires individual units to self-review periodically the controls for which they are responsible and communicate the results to Management for follow-up action. This Program aims to raise awareness of internal control throughout the University and helps to assess the adequacy of the University’s control processes. (b) A consulting firm is appointed as the University’s internal auditors to perform risk based independent reviews on the adequacy and effectiveness of the University’s system of internal control and recommend areas for improvement. (c) In addition to the statutory annual audit of the University’s financial statements, the external auditors also carry out an independent assurance engagement on the University’s compliance with the guidelines, terms and conditions imposed by the Government’s University Grants Committee. (d) The Audit Committee of the University agrees a program of work for the internal auditors; receives reports and considers control issues raised by the internal auditors and the external auditors. The program of audit work provides assurance that Management has put in place and upholds an effective internal control system. (e) A Whistle Blowing Policy provides a safe and protected means by which employees and students of the University are enabled to raise concerns with the appropriate University authorities against any malpractice within the institution. RISK MANAGEMENT Council has approved a new Principal Risk Management Process (“The Process”) to manage major or principal institutional risk, comprising a Statement of Risk Appetite, Risk Policy and Risk Process. The Process complies with the recommendation on management of major institutional risk included in the Newby Report on Governance in UGC-funded Higher Education Institutions in Hong Kong, published on 30 March 2016. Management utilized the Process and presented its 2016-17 Assessment of Principal Risk to Council in October 2017. The following summary is derived from this report. Overall Conclusion The University faces a number of principal risks and these are classified under three headings according to Policy: Financial Risks, Reputational Risks and Risks to Operations. In general, the Principal Risks identified have appropriate mitigation and the University has reliable sources of assurance that the mitigation is effective. In some cases, Management believes it can strengthen risk mitigation and has identified new actions to be taken. Resource will be focused on implementing these new actions in the coming year. The University recognizes that new Principal Risks may emerge at any time. Implementation of The Process shall ensure the timely assessment and mitigation of new Principal Risks as they emerge. Financial Risks The University is dependent on funding from the Government and is therefore exposed to a substantial one off reduction in funding or sustained reduction of a significant part of its funding. The University also derives significant income from non-Government sources, such as its self-financed teaching courses where it is dependent on the competiveness of its offering both locally and internationally. The key mitigations for funding risks are maintaining a high academic reputation in both teaching and research the amount of cash reserve available and pledges for future donations. The University is also exposed to financial risks, mainly market risks on its investments. Investment risk is mitigated by a diversified investment strategy with acceptable risk and return objectives approved by Council and the employment of external advisors and investment managers. The Financial Statements contain further information about financial risks and their mitigation. APPENDIX 4 INTERNAL CONTROL AND RISK MANAGEMENT

RkJQdWJsaXNoZXIy NjM4OTI=