Sustainability Report 2016
5
Code of Conduct and
Whistleblowing Policy
Our Code of Conduct is the
cornerstone of our governance and
operation. It spells out the guiding
principles for our staff behaviour that
must meet high standards of integrity
and honesty. We have additional
codes for staff in particular risk-related
areas to cover conflicts of interest,
bribery, accounting standards and
internal management. Staff are
required to confirm that they have
understood the Code of Conduct
appropriate to their role and position
in the Company on joining and
annually thereafter, ensuring the Group
operates to the highest standards of
business behaviour and ethics in our
engagement with customers, business
partners, shareholders, employees
and the business community. Due
to a constantly changing business
environment, we assess our Code of
Conduct from time to time to ensure
that it reflects the current global best
practices and meets the expectations
of all stakeholders.
VTech operates a Whistleblowing
Policy in order to encourage and assist
whistleblowers to disclose information
relevant to misconduct, malpractices
or irregularities through a confidential
reporting channel. Any cases are
referred to the Chief Compliance Officer
(CCO), who will review the complaints
and determine the appropriate mode
of investigation and any subsequent
corrective action. All reported cases are
handled by the Company with care and
the concerns are investigated in a fair
and proper manner. All reports under
the Whistleblowing Policy are reviewed
by the Group’s Audit Committee twice
a year in order to ensure proportionate
action and identify the need for any
further policy development.
Business Integrity Policy
and Anti-Corruption
Group policy prohibits VTech Group
and its officers, employees and agents
from giving or offering to give money
or anything of value to government
officials, political parties, party officials
or candidates for political office in order
to influence official acts or decisions of
that person or entity, obtain or retain
business, or secure any improper
advantage. The Company does not
make any donations to political parties
in any country, but does not restrict
employees from individual associations
provided that there is no conflict of
interest to their role as an employee
within VTech. Employees must not
purport to represent the Company in
any political forum and should not use
the Company brand, time or assets to
advance the interests of any political
party or group.
As a result, VTech’s management has
an obligation and a responsibility to
ensure that employees are familiar
with our anti-corruption policy, which
is part of our Code of Conduct, and
the control procedures in their job
areas. Employees receive regular
anti-corruption and internal control
training to reinforce their awareness and
understanding of our Code of Conduct.
Risk Management
Effective risk management is crucial for
maintaining our stable daily operation
and indicates our ability to respond and
adapt to the changing environment.
In order to minimise the possible
disturbances to our operation during
the event of disruptions, it is important
to be prepared for emergency and to
build resilience. VTech has implemented
an organisational structure with formal
and clearly defined lines of responsibility
and delegation of authority for risk
management.
To ensure the effectiveness of risk
management, the boards of committee
have been divided into two distinct but
complementary roles for implementing
the risk management policies and
objectives of the Group, and monitoring
the risk management process. The
RMSC, chaired by Dr. Allan WONG Chi
Yun with Dr. PANG King Fai, Mr. Andy
LEUNG Hon Kwong, Mr. WONG Kai
Man, Ms. Shereen TONG Ka Hung and
Mr. CHANG Yu Wai, as members – a
combination of executive Directors,
independent non-executive Directors
and senior management, is responsible
for putting in place policies, procedures
and frameworks for the identification
and management of risks. Risks are
formally identified and recorded in the
risk register for key operations. The risk
register is updated regularly and risk
exposure and mitigation performance
are reviewed biannually.
The RMSC held two meetings
during the financial year to review the
Group’s business and sustainability
risk management and internal control
systems and their effectiveness. The
Audit Committee reviewed the overall
effectiveness of the Group’s system
of internal control over financial,
operational and compliance issues,
risk management process, information
systems security and effectiveness
of financial reporting and compliance
with the Listing Rules, and is satisfied
that such systems are effective and
adequate.
In FY2016, The Data Security
Governance Board was established
with defined terms of reference
reporting to the Risk Management
and Sustainability Committee. The
Data Security Governance Board
is chaired by Group Chairman and
comprises the Group President, CMS
Chief Executive Officer, TEL President,
Group Chief Financial Officer, Company
Secretary and Group Chief Compliance
Officer, and Group Chief Information
Officer. It is responsible for decision-
making, implementation, enforcement,
oversight, compliance and periodic
review of the Data Security Policy.
At management level, department
representatives of each key business
function maintain a risk register
documenting the key risks and the
relevant risk response measures. They
review their risk registers on a biannual
basis to consider if any updates to the
risk registers are required based on
the events of disruption or incidents
occurred. To facilitate the review of
the risk register by the RMSC as
mentioned above, the Internal Audit
Department performs a holistic review
of the updated risk registers maintained
by each key business function and
consolidates all the risk registers into
the Group’s risk register on a biannual
basis.