2014 was a challenging year for the Group. Falling oil prices and declining day rates in the offshore industry, installed capacity surplus in the power generation sectors and continued headwinds in some property markets present uncertainties, which reinforce the importance of risk management for the Group.
Remaining competitive in this dynamic environment requires a continuous, disciplined pursuit of new opportunities and revenue streams to grow the Group's businesses. A robust risk management system and astute processes will equip us to respond effectively to shifting business demands and seize opportunities to create value for our stakeholders.
Our Board is responsible for governing risks and ensuring that management maintains a sound system of risk management and internal controls to safeguard shareholders' interests and the Company's assets. Assisted by a Board Risk Committee (BRC), the Board provides valuable advice to the management in formulating the risk management framework as well as various risk policies and guidelines. Our management surfaces key risk issues for discussion and confers with the BRC and the Board regularly. An annual Assessment of Adequacy and Effectiveness of Keppel Group's Risk Management System is discussed in the BRC and the Board.
Terms of reference of the BRC are disclosed on page 110 of this Report.
The Board has put in place three risk tolerance guiding principles for the Group. These guiding principles serve to determine the nature and extent of the significant risks, which our Board is willing to take in achieving its strategic objectives.These three risk tolerance guiding principles are:-
- Risk taken should be carefully evaluated, commensurate with rewards and in line with the Group's core strengths and strategic objectives.
- No risk arising from a single area of operation, investment or undertaking should be so huge as to endanger the entire Group.
- The Group adopts zero tolerance towards safety incidents, non-compliance with laws and regulations, as well as acts such as fraud, bribery and corruption.
Our risk governance framework is set out on pages 106-108 under Principle 11 (Risk Management and Internal Controls). This framework facilitates management and the BRC in determining the adequacy and effectiveness of the Group's risk management system. It is continuously improved upon to strengthen risk governance. During the year, Keppel Corporation implemented the Control Self-Assessment and a Group-wide IT risk assessment as part of our control assurance process.
Risk management is an integral part of strategic, operational and financial decision-making at all levels of the Group. Keppel's holistic approach to identifying and managing risks not only instills a strong risk ownership across the organisation but also reduces uncertainties associated with executing our strategies, allowing us to harness opportunities with agility.
Keppel's Enterprise Risk Management (ERM) framework, a component of Keppel's System of Management Controls, provides the Group with a holistic and systematic approach in risk management. It outlines the reporting structure, monitoring mechanisms, specific risk management processes and tools, as well as Group policies and limits, in addressing the key risks in the Group.
The Group's five-step risk management process consists of risk identification, risk assessment, formulation of risk mitigation measures, communication & implementation, and monitoring & review. The assessment process takes into account both the impact and likelihood of the risks occurring, and also covers financial, operational and reputational aspects. Tools such as risk rating matrix, key risk indicator and risk register are used as part of this process.
Our ERM framework is reviewed regularly, taking into account changes in the business and operating environments. References are made to the Singapore Code of Governance, ISO31000 standards for Risk Management, ISO 22301 for Business Continuity Management (BCM) as well as the Guidebook for Audit Committees (2014).
We keep abreast of the latest developments and good practices in risk management by participating in seminars and interacting with field practitioners. An ERM Committee, comprising management-nominated champions across the business units, drives and coordinates risk management initiatives Group-wide.
As a Group, we take a balanced approach to risk management. We recognise that not all risks can be eliminated, especially in instances where the cost of minimising these risks outweighs the potential benefits. To optimise returns for the Group, we will only undertake appropriate and well-considered risks.
Strategic risks pertain to the Group's business plans and strategies, as well as uncertainties associated with the countries and industries in which Keppel operates. These include market driven forces, changing laws and regulations; evolving competitive landscape; changing customer demands, shifting technology and product innovation.
Risk considerations form an integral part of the Group's strategic and budget reviews, policy formulation and revision, projects, investments as well as in the assessment of management performance. Strategic risks are reviewed periodically with our Board to ensure that the Group is resilient in dealing with adversity and agile in pursuing opportunities.
At the macro level, the BRC guides the Group in formulating and reviewing its risk policies and limits. The Group's risk-related policies and limits are subject to periodic reviews to ensure that these remain relevant to support business objectives, effectively and proactively address risks faced in business operations, consider the prevailing business climate and are aligned to the Group's risk tolerance.
Our investment decisions are guided by investment parameters set on a Group-wide basis. All major investments are subject to due diligence processes and are evaluated by the Investment and Major Project Action Committee (IMPAC) and/or the Board. This ensures that the potential investments are in line with the Group's strategic intent, investment or divestment objective, underlying risk factors and the required risk-adjusted rate of return. The IMPAC is supported by a working committee in ensuring that risk considerations are well thought-out.
This systematic evaluation process requires our investment team to identify and incorporate the risks and corresponding mitigating actions as part of their proposals. Investment risk assessment encompasses rigorous due diligence, feasibility studies and sensitivity analyses of key investment assumptions and variables. Some of the key risks considered pertain to whether the proposed investment is aligned to strategy, the financial viability of the business model, political and regulatory developments in the country of investment and the contractual risk implications to the Group.
Impact assessment and stress-testing analyses are performed to gauge the Group's exposure to changing market situations, as well as to enable informed decision-making and prompt mitigating actions. On a regular basis, we monitor changes in concentration exposures associated with investments in the countries where the Group operates. Close monitoring of the changes in the business, economic, political, regulatory and competitive landscape in our host countries gives the management better insights into impending developments.
The effectiveness and efficiency of our employees, integrity of internal controls, systems and processes, as well as external events are areas of risks associated to the Group's operations.
Integrating risk management processes with business operations and project execution across all business units facilitates early risk detection and proactive management of these risks. Formalised guidelines, procedures, internal training and tools are used to provide guidance in assessing, mitigating and monitoring risks. Knowledge-sharing platforms are also advocated to propagate good practices and lessons learnt from various projects and operations.
The Group's operations are mainly project-based, and executed over extended periods of time. We adopt a standardised, systematic risk assessment and monitoring process to help manage the spectrum of key risks throughout the lifespan of each project. The tender team, comprising experts from different disciplines, evaluates the significant risks of potential projects. Particular attention is given to technically challenging and high-value projects, including green-field developments and those that involve new technology or operations in a new country.
As a pre-emptive measure, project reviews and quality assurance programmes are instituted to monitor and address key risks involving cost, schedule and quality at the execution stage. Health, safety and environmental risks are key areas subjected to close monitoring and oversight by dedicated committees.
Project teams and management also use Key Risk Indicators (KRIs) as early warning signals of related execution risks. These systems have been established to ensure that projects are completed on time, within budget and safely, while achieving the quality standards and specifications defined in the contracts with customers.
As part of our risk-mitigating actions, we regularly review the scope, type and adequacy of our insurance coverage taking into account the availability of such cover and its cost, as well as the likelihood and magnitude of potential risks involved. This exercise is carried out with the advice and support of selected insurance brokers.
Financial risk management relates to the Group's ability to meet financial obligations and mitigate credit, liquidity, currency, interest rate and price risks. The Group's policies and financial authority limits are reviewed periodically to incorporate changes in the operating and control environment.
The Group continues to focus on improving financial discipline, deploying its capital to earn the best risk-adjusted returns and maintaining a strong balance sheet to seize opportunities. Examples of these processes include evaluating counterparties against pre-established guidelines. For more details on financial risk management, please refer to pages 86-87 of this Report.
We are committed to enhancing the Group's operational resilience through a robust BCM plan that will equip us to respond effectively to potential crises and external threats, while minimising any impact on our people, operations and assets. Our BCM methodology involves enterprise-wide planning, the prioritising of key resources and working with stakeholders to support business continuity.
Led by their BCM committees, business units in various locations conduct a range of simulations under a broad spectrum of disruption to enhance their operational preparedness. These plans are being tested and refined frequently to ensure that the responses developed are feasible and effective. The business continuity plan enables the Group to respond effectively to disruptions resulting from internal and external events, while continuing with critical business functions.
The Group's crisis management and communication plans are also continually reviewed and refined to equip us to respond to crises in an orderly and coordinated way, as well as to expedite recovery. The focus is on building resilience and capabilities to counter crises effectively and safeguard the interest of key stakeholders and the Group's reputation. Crisis communication procedures have also been embedded into the Group's BCM processes.
Effective risk management hinges equally on mindsets and attitudes, as well as systems and processes. Our management is committed to fostering a strong risk-centric culture in the Group, which encourages prudent risk-taking in decision-making and business processes.
ERM workshops are conducted regularly to enhance risk management competency of management staff. Continuous education and communications through various forums and in-house publications have also helped to reinforce discipline and awareness among employees. Group-wide surveys are also conducted to gauge the level of risk awareness in the Group. The Company also seeks to raise staff accountability for risk management through the performance evaluation process.
We are constantly scanning for emergent threats that may affect our businesses. Through close collaboration with stakeholders, we will continue to review our risk management system to ensure that it remains adequate and effective. This will allow the Group to capitalise on growth opportunities while managing the risks of a challenging business environment.