Corporate Governance and Corporate Social Responsibility

MPFA’s internal control and risk management structure meets with the Three Lines of Defence Model:

First line of defence: operational management and internal controls


Internal controls are built into MPFA’s systems and processes for guidance and management of its day-to-day operations. Individual work units are responsible for ensuring compliance with internal operational policies and procedures.

Second line of defence: risk management and oversight


MPFA and its work units maintain corporate level and divisional/departmental level risk registers to keep track of the treatments of identified risks.

Third line of defence: internal audit assurance

The Risk Management Unit (the Unit) of MPFA adopts a risk-based internal audit approach and assesses the effectiveness of internal controls in accordance with the guidelines and standards set by the Hong Kong Institute of Certified Public Accountants. It also adopts the 2013 framework of the Committee of Sponsoring Organizations of the Treadway Commission to assess its internal control systems.

Reporting directly to the Managing Director and the Audit Committee, the Unit provides an independent assessment of the effectiveness of the governance, risk management and internal controls of MPFA, including the manner in which the first and second lines of defence achieve their objectives.