The Education University of Hong Kong | Annual Report 2019-2020

54 The Education University of Hong Kong Annual Report 2019-2020 Governance Report 以下詳述本財政年度內獲識別的六個主要風險類別、 相關的減低風險計劃及風險管理行動： The six principal risks, mitigation plans and relevant risk treatment activities identified as of this financial year are illustrated as follows: Risk Themes 風險類別 Risk Statements 風險陳述 Mitigation Plans 減低風險計劃 Risk Treatment 風險管理 Reputation 聲譽 • Damage to reputation will affect EdUHK’s ability in achieving its overall (near and longer-term) objectives • 聲譽受損會影響本校整體實 現短期或長期目標的能力 • Sustain a good corporate governance culture and environment • Maintain the University’s ranking in international league tables • Maintain positive publicity through thought leadership in the education sector and contribution to the society • 維持良好的大學管治文化及環境 • 保持本校國際排名 • 在教育界擔當先導角色，帶領創新 思維，貢獻社會，保持正面形象 • Continuous review on the governance structure by the Governance Review Taskforce • Maintained effective communication among the senior management team, Communications Office and other offices in response to internal and external incidents under public concern • Undertook impactful knowledge transfer and IT projects, collaborations with overseas counterparts, and provision of free multimedia teaching materials • 管治檢討工作小組持續檢視管治架構 • 維持管理團隊、傳訊處及其他部門的有 效溝通，回應公眾關注的校內外事件 • 開展具影響力的知識轉移或資訊科技項 目，與海外院校合作，以及免費提供多 媒體教材 Stakeholder engagement 持份者的參與 • Rising activism in different social sectors and reduced level of trust and empathy from stakeholders may pose risks to EdUHK’s sources of funding, recruitment of staff and students and reputation • 社運活動不斷增加，持份者 的信任及同理心減少，可 能影響本校資金的籌集、職 員招聘、學生招收及本校的 聲譽 • Continuous 2-way communication with various stakeholders through different channels • Regular open-minded and direct dialogue with different stakeholders • 透過不同的管道與各持份者保持 雙向溝通 • 定期與不同持份者作坦誠而直接 的對話 • Maintained regular formal and informal communications with various stakeholders including students and staff representatives • Continued to follow internal protocols in handling emergency cases and management of student- related crisis • 與各持份者，包括學生及教職員代表， 保持定期的正式及非正式溝通 • 持續根據內部機制，處理緊急事件和學 生相關危機 Information systems and cyber security 資訊系統及網 絡保安 • Insufficient support by information systems and safeguards from cyber security threats may affect EdUHK’s efficiency and effectiveness in daily operations, management and decision making. In addition, risks related to personal data breaches may increase • 資訊系統支援不足以及網絡 安全威脅，或影響本校日 常運作的效率及效能、管理 及決策，增加個人資料外洩 風險 • Active planning, organisation and control of consistent, reliable and accessible information to meet the University’s needs • Implement, renew and update security measures to adequately safeguard information systems and IT infrastructure • Keep University community on guard against IT threats • 積極規劃、籌組和控制一致、可 靠、可獲取的資訊，以滿足大學 需求 • 實施、重整及更新安全措施，以充 分保護網絡基建及相關資訊系統 • 確保本校人士懂得防範威脅 • Continued to upgrade information systems and accelerated automation of business workflow • Conducted regular reviews of IT security policies and procedures • Conducted regular security audits and surprise checking on critical IT infrastructure and information systems • Conducted training workshops and promotional activities to raise awareness • 持續升級資訊系統並加速工作流程自 動化 • 恆常檢視資訊保安政策及程序 • 定期審視及突擊檢查重要的網絡基建及 相關資訊系統 • 舉辦培訓講座及宣傳活動，以提高安全 意識