The management of GPF is consisted of committee members responsible for policy directions and management framework. It is also supported by the Good Governance Subcommittee, the Risk Management Subcommittee, and the Audit Subcommittee. All of which are comprised of representatives from the Committee of the GPF and experts in the relevant areas. Such supporting mechanism has contributed to the efficiency of GPF and sufficient coverages on important risks and issues.
The Risk Management Subcommittee formulated a framework for risk management, where each risk owners need to perform Risk and Control Self-Assessments with the aim of timely identifying the root causes of the risks. The careful and thorough measure will ensure that GPF has a strong risk management system with guidelines to prevent future risks.
GPF laid down rules to ensure effectiveness of risk management and internal audit in every layers of the operation. GPF formulated a risk management master plan to oversee its management development and risk evaluation. The plan is consisted of 5 aspects:
The monitoring of each risk’s status is performed through Risk Dashboard reports, which specify the GPF’s risk appetite and tolerance of each risk indicators. The report then is presented monthly to the Board of Directors and the Committee of the GPF to acknowledge and give out immediate course of actions. Furthermore, GPF employs the international practices on the “Three Lines of Defenses” in order to ensure its objectives in risk management throughout every layer of the organization.
The operational management is specified to provide clear separation of works between the operators and the managers. It includes an appropriate system for the operational processes, financial report preparations, and other key reports for the information of the executives.
The second line will stipulate the internal control policy framework, so that it complies with the relevant standards, rules, and regulations.
The internal audit is an independent unit that reports directly to the audit committee. It audits and evaluates the sufficiency of the monitoring operations, risk management, and the controls of operational units and monitoring units.