Welcome to Universal Medical
Risk Management

Risk Governance

-Most senior person responsible for risk management and reporting process

The Board has established a Risk Control Committee, and has formulated, implemented and monitored risk management and internal control systems with the assistance of the Risk Control Committee. We integrate ESG risks into the current risk management system, and identify and manage ESG risks related to the Group’s business according to the risk management process.

The Risk Control Committee regularly reviews the risk-related matters of the Group, including ESG risks, and provides advice to the Board.

-Most senior person responsible for monitoring and auditing risk management performance and reporting process

Our internal control system fully observes the requirements of the COSO risk management framework and the guidelines of the Hong Kong Institute of Certified Public Accountants on risk management, draws on the internal control model of peer companies, and takes into account the actual situation and business characteristics of the Group to formulate an effective monitoring system. The governance structure is as follows:


1. The Risk Control Committee and its subordinate working groups are responsible for taking the lead in risk identification, and cooperating with relevant departments at the management level to follow up

2. Carry out risk analysis and select areas with higher risk

3. The department in the corresponding field describes the risk

4. Summarize risks in various fields and prepare risk reports

5. Submit the risk report to the Risk Control Committee of the Board for consideration,and submit it to the Board meeting upon consideration

-Non-executive directors receive risk management training

All the Directors have participated in continuous professional training, including the E-trainings titled “Internal Control and Risk Management – A Basic Framework”, and read guidance materials provided and published by the Stock Exchange, Hong Kong Institute of Certified Public Accountants and Accounting and Financial Reporting Council of Hong Kong.

-Independence of the risk management function from business lines

The Company has set up an audit department with guaranteed independence in terms of its organization, staffing and work. In performing its duties, the audit department may inspect all business and meet relevant personnel without restrictions.

Risk Identification, Assessment and Review

-Emerging risk identification and management

Significant ESG Risks

Potential Impact


Policy Risks:

Significant changes in industry policies and the introduction of important industry-related initiatives have adversely affected the Company's business development and performance improvement.

In recent years there have been a number of national industry policies on healthcare and finance, which have impacted the direction of healthcare and finance business development and operations.

Actively embracing policy changes, raising awareness of policy risks, strengthening learning and interpretation of new policies, and making timely adjustments to the direction of strategic deployment.

In response to industry policy risks, the company has formulated specific system rules in conjunction with policy changes to guide business development. For subordinate hospitals, the company will strengthen the control of actual implementation, conduct regular flight inspection and spot checks, and hire experts to conduct guidance inspections to strengthen policy analysis and case training. For financial business, the company will adjust the company's business policy in time to ensure compliance with the policy in conjunction with the policy.

At the level of implementation and operation, the company will strengthen the continuous training of risk control personnel's professional ability, and carry out case analysis training and policy dissemination and learning.

Cash flow risk:

Because of the characteristics of the industry in which it operates, the amount of cash in and out of the company is high, the gearing ratio is maintained at a high level, and the company has solvency, but there is a risk that the company will not be able to obtain sufficient funds in a timely manner, or that it will not be able to obtain sufficient funds in a timely manner and at a reasonable cost, in order to cope with the growth of its assets or to pay for the maturing debts.

Cash flow risk affects the safety, liquidity and profitability of the company's funds.

Enhance the amount of emergency fund reserve, further enrich the contingency measures, ensure the liquidity demand in response to emergencies, and alleviate the pressure on funds.

Improve the matching of fund supply and fund demand and internal fund concentration, enhance the efficiency of fund use and flow speed, and reduce the cost of fund occupation.

Further optimise the transmission mechanism of all factors of fund demand and fund supply that have a significant impact on liquidity, in order to plan ahead for fund demand and effectively deal with unexpected liquidity surpluses or deficits.

-Financial risk sensitivity analysis or stress testing

The main risks arising from the Group’s financial instruments are interest rate risk, currency risk, credit risk and liquidity risk. For interest rate risk, the Group analysed the sensitivity of reasonably possible changes in interest rates to profit before tax when all other variables are held constant; for exchange rate risk, the Group analysed and calculated the impact of reasonably possible changes in the exchange rate of Renminbi on profit before tax when all other items are held constant.

-Periodic review of risk exposure

With a comprehensive internal control system, the Group has greatly enhanced its capability of risk management and control. Since the Company established the Risk Prevention and Control and Compliance Committee, the Company’s comprehensive risk management system has been gradually built and improved, to manage the Company’s operational risks and integrity risks as a whole, and to promote the risk prevention and control work of each working group. At the beginning of the year, major risks for the year were identified according to the internal and external environment, and for each type of substantial risks, the Group has developed monitoring indicators. Related departments are responsible for identification and analysis on relevant risks to determine corresponding risk strategies based on risk tolerance.

-Risk management internal audit

The Internal Control Department regularly collects information on the management of each risk and reflects to the management the risks faced by each business unit and the capability of its risk control system so as to minimise losses and increase the Company's resilience to risks.

-External audit of risk management

In 2022, in accordance with the Basic Rules for Corporate Internal Control (《企業內部控制基本規範》) jointly promulgated by Ministry of Finance of the PRC, China Securities Regulatory Commission, National Audit Office of the PRC, China Banking Regulatory Commission and China Insurance Regulatory Commission on 28 June 2008, external auditors conducted evaluation on internal control and reviewed the rectification work for internal control issues during internal control assessment in 2021. With emphasis on key areas of concerns and processes, relevant departments analyzed various internal control points relating to the business processes and unearthing defects and weaknesses of the internal control system for improvements in a timely manner. It ensures operations and management in compliance with laws and regulations as well as truthfulness and completeness of financial reports and relevant information, enhancing the efficiency and effectiveness of operation and safeguarding strategic development of the Group.