Risk Management

Risk Management Organization

An organization’s risk management plays a critical role in monitoring and managing the risks and opportunities that stem from the internal and external forces that can impact a company’s profitability, success, or even survival.

Construct a proactive risk management mechanism so that relevant units can respond to risk events in a timely manner through risk management procedures, reduce or avoid the impact of risk events, and ensure sustainable operations.

The responsibilities of each role are as follows:

In order to strengthen corporate governance and risk control capabilities, and continue to optimize risk management policies and procedures, the company has formulated the “Sinyi Realty Risk Management Policy" and approved by the Board of Directors to determine the group's material risk items from top-down.

The Material Risk will coordinate and control by Risk Owner, set up key risk indicators (KRI) to provide early warning functions, so that the Company can respond to and resolve the possible impacts of risks early. The risk execution unit conducts self-risk identification, analyzes the level of risk impact, and proposes a risk treatment improvement plan.

In response to possible risks that may arise in the course of business both internally and externally in a systematic way and in line with annual plans. We have developed the “Risk Management Operation Manual" to ensure the effective implementation of risk management operations. For material incidents, in order to immediately reduce disasters and resume normal operations, we also set up the “Sinyi Group Crisis Management Operation Process.”

pdfRisk Management Policy
Risk Management Evaluation Matrix

We conduct risk and opportunity matrix analysis to identify the possibility and the influence degree, and each give them a score of 1 to 3. The probability multiplied by the influence degree will become the risk level, and then take corresponding actions.

pdfExplanation of Risk Evaluation Matrix
Other Related Information

In the changing environment, new types of risks are constantly emerging, including climate crises, sudden disease crises, and the like, which have a huge impact on the environment, society, and economy. At the same time, companies must continue to review and adjust response strategies to remain competitive.

For climate change risk management and response, please refer to "Climate Change Risks and Opportunities"
For Sinyi’s response to the COVID-19 pandemic, please refer to “COVID-19 Response
For the assessment of other opportunities and risks, please refer to Opportunities and Risks


The internal audit unit (Auditor Office) of the Group is subordinate to the Board of Directors, and an Audit Supervisor is set up to comprehensively manage the company's internal auditing. The supervisor of auditing shall attend the Audit Committee and the Board of Directors, and submit the internal audit report at each meeting, and may entrust professional assistance due to business needs.

Sinyi have amended "The Corporate Governance Principles" in 2021, which clearly stipulates that the appointment and removal of the audit supervisor shall be approved by the audit committee and a resolution of the Board of Directors. The evaluation and remuneration shall be approved by the remuneration committee before a resolution of the Board of Directors. In addition, the appointment, removal, evaluation and remuneration of other auditor staffs, should be reported by the head of internal audit, and approved by the chairman of the Board of Directors, to enhance corporate governance and audit independence.

The Auditor Office draws up the group’s annual audit plan in accordance with the “Regulations Governing Establishment of Internal Control Systems by Public Companies”, regularly checks the compliance of various systems, assists the Board of Directors and managers to check and review the validity of internal control systems, and measures the effectiveness and efficiency of operations. The office provides timely improvement suggestions as the basis for reviewing and revising the internal control system, to ensure the continuous and effective implementation of the internal control system. The lack of an internal control system and abnormal items found in the audit are listed as important items in the performance evaluation of various departments and are tracked and managed.

pdfResponsibilities and Auditing Procedure Chart

Information security risks such as data theft and cyber-attack have become one of the most important issues for global experts and policymakers. The COVID-19 pandemic has accelerated the urgency of digital transformation of enterprises, and digital resilience has become a key issue for the continuity of operations.

As the real estate brokerage industry, we use a huge database and information system to serve our customers in daily operations. In the process of real estate transactions, we also handle many customer data. Therefore, information security is not only the foundation of company’s daily operation, but also important competitive niche. With the rapid development of network and communication technology, the importance of information security is increasing. We continued to improve information security management and either established or revised information security management practices by following the ISO security management structure and our security requirements.

Risk of information disruption or damage

Today's business is greatly depending on information systems, and the O2O service model is built on a secure and reliable information infrastructure. If information system services are interrupted, external customer services, internal operational decisions and business activities will face the risk of unable to be timely obtaining the information needed.

Risk of confidential information outflow

The insufficient information security will result in the outflow of confidential information, such as customer data. In addition to compensation in accordance with relevant laws and regulations, but also has a huge impact on the company's image and goodwill, and creates a crisis of trust, which poses risks to the company's confidentiality and accessibility.

In recent years, the use of mobile devices has increased, but it also brings new threats to security. In order to strengthen the security protection of mobile devices and avoid the risk of business losses due to improper usage, we have set the rules for mobile device information security, including: company dispensed device management, employee self-carrying device management, self-developed program control, social media usage cognition, and mobile devices usage cognition, etc.

pdfInformation Security Policy and Management Programs