First line of defence: operational management and internal controls
Second line of defence: risk management and oversight
MPFA and its work units maintain corporate level and divisional/departmental level risk registers to keep track of the treatments of identified risks.
Third line of defence: internal audit assurance
The Risk Management Unit (the Unit) of MPFA adopts a risk-based internal audit approach and assesses the effectiveness of internal controls in accordance with the guidelines and standards set by the Hong Kong Institute of Certified Public Accountants. It also adopts the 2013 framework of the Committee of Sponsoring Organizations of the Treadway Commission to assess its internal control systems.
Reporting directly to the Managing Director and the Audit Committee, the Unit provides an independent assessment of the effectiveness of the governance, risk management and internal controls of MPFA, including the manner in which the first and second lines of defence achieve their objectives.