Sustainability Report 2017
5
Code of Conduct and
Whistleblowing Policy
Our Code of Conduct is the cornerstone
of our governance and operation. It
spells out the guiding principles for our
staff behaviour that must meet high
standards of integrity and honesty.
We have additional codes for staff in
particular risk-related areas to cover
conflicts of interest, bribery, accounting
standards and internal management.
Staff are required to confirm that they
have understood the Code of Conduct
appropriate to their role and position in
the Company on joining and provide
annual confirmation of compliance in
writing. Staff are required to strictly follow
the Code of Conduct ensuring the Group
operates to the highest standards of
business behaviour and ethics in our
engagement with customers, business
partners, shareholders, employees
and the business community. Due
to a constantly changing business
environment, we assess our Code of
Conduct from time to time to ensure
that it reflects the current global best
practices and meets the expectations of
all stakeholders.
VTech operates a Whistleblowing
Policy in order to encourage and assist
whistleblowers to disclose information
relevant to misconduct, malpractices
or irregularities through a confidential
reporting channel. Any cases are
referred to the Chief Compliance Officer
(CCO), who will review the complaints
and determine the appropriate mode
of investigation and any subsequent
corrective action. All reported cases
are handled by the company with care
and the concerns are investigated in
a fair and proper manner. The Chief
Compliance Officer reviews the nature
and status of complaints received on a
quarterly basis, and reports the results of
his review of the complaints to the Audit
Committee on a biannual basis.
Business Integrity Policy
and Anti-Corruption
Group policy prohibits VTech Group
and its officers, employees and agents
from giving or offering to give money
or anything of value to government
officials, political parties, party officials
or candidates for political office in order
to influence official acts or decisions of
that person or entity, obtain or retain
business, or secure any improper
advantage. The Company does not
make any donations to political parties
in any country, but does not restrict
employees from individual associations
provided that there is no conflict of
interest to their role as a member of the
association with role as an employee
within VTech. Employees must not
purport to represent the Company in
any political forum and should not use
the Company brand, time or assets to
advance the interests of any political
party or group.
As a result, VTech’s management has
an obligation and a responsibility to
ensure that employees are familiar with
our anti-corruption policy, which is part
of our Code of Conduct, and the control
procedures in their job areas. Employees
receive regular anti-corruption and
internal control training to reinforce their
awareness and understanding of our
Code of Conduct.
Risk Management
Effective risk management is crucial for
maintaining our stable daily operation
and indicates our ability to respond and
adapt to the changing environment.
In order to minimise the possible
disturbances to our operation during
the event of disruptions, it is important
to be prepared for emergency and to
build resilience. VTech has implemented
an organisational structure with formal
and clearly defined lines of responsibility
and delegation of authority for risk
management.
To ensure the effectiveness of risk
management, the boards of committee
have been divided into two distinct but
complementary roles for implementing
the risk management policies and
objectives of the Group, and monitoring
the risk management process. The
RMSC, chaired by Dr. Allan WONG Chi
Yun and Dr. PANG King Fai, Mr. Andy
LEUNG Hon Kwong, Mr. WONG Kai
Man, Ms. Shereen TONG Ka Hung
and Mr. CHANG Yu Wai, as members
– a combination of executive Directors,
independent non-executive Directors
and senior management, is responsible
for putting in place policies, procedures
and frameworks for the identification and
management of risks. Risks are formally
identified and recorded in the risk register
for key operations. The risk register is
updated regularly and risk exposure and
mitigation performance are reviewed
biannually.
The RMSC held two meetings
during the financial year to review the
Group’s business and sustainability
risk management and internal control
systems and their effectiveness. The
Audit Committee reviewed the overall
effectiveness of the Group’s system
of internal control over financial,
operational and compliance issues,
risk management process, information
systems security and effectiveness
of financial reporting and compliance
with the Listing Rules, and is satisfied
that such systems are effective and
adequate.
At management level, department
representatives of each key business
function maintain a risk register
documenting the key risks and the
relevant risk response measures. They
review their risk registers on a biannual
basis to consider if any updates to the
risk registers are required based on
the events of disruption or incidents
occurred. To facilitate the review of the
risk register by the RMSC as mentioned
above, the Internal Audit Department
performs a holistic review of the updated
risk registers maintained by each key
business function and consolidates all
the risk registers into the Group’s risk
register on a biannual basis.