As a Group, we take a balanced approach to risk management, recognising that not all risks can be eliminated. To optimise returns for the Group, we will only undertake appropriate and well-considered risks.

Talks and workshops are organised to keep Keppel’s directors and senior management abreast of economic trends, risks and opportunities for the Group.

Staying competitive in a complex and dynamic environment requires a continuous, disciplined pursuit of new opportunities and revenue streams. Supported by a robust risk management system, the Group’s unique combination of strengths will equip us to respond effectively to shifting business demands and seize opportunities to create value for our stakeholders.

Robust Enterprise Risk Management Framework

Our Board is responsible for governing risks and ensuring that management maintains a sound system of risk management and internal controls. Assisted by the Board Risk Committee (BRC), the Board provides valuable advice to management in formulating the risk management framework, policies and guidelines. Our management surfaces key risk issues for discussion with the BRC and the Board regularly.

The terms of reference for the BRC are disclosed on page 107 of this Report.

The Board has put in place three risk tolerance guiding principles for the Group. These principles serve to determine the nature and extent of the significant risks, which our Board is willing to take in achieving its strategic objectives.

These principles are:
  1. Risk taken should be carefully evaluated, commensurate with rewards and in line with the Group’s core strengths and strategic objectives.
  2. No risk arising from a single area of operation, investment or undertaking should be so huge as to endanger the entire Group.
  3. The Group does not condone safety breaches or lapses, non-compliance with laws and regulations, as well as acts such as fraud, bribery and corruption.

Our risk governance framework is set out on pages 101 to 104 under Principle 11 (Risk Management and Internal Controls). This framework facilitates management and the BRC in determining the adequacy and effectiveness of the Group’s risk management system.

Risk management is an integral part of decision-making across the Group. Keppel’s holistic approach to identifying and managing risks not only instills ownership but reduces uncertainties associated with executing our strategies.

Keppel’s Enterprise Risk Management (ERM) framework, a component of Keppel’s System of Management Controls, provides the Group with a holistic and systematic approach in risk management. It outlines the reporting structure, monitoring mechanisms, processes and tools, as well as policies and limits, in addressing the Group’s key risks.

Our ERM framework is constantly refined, ensuring relevance in a dynamic operating environment. References are made to the Singapore Code of Corporate Governance, ISO 31000, ISO 22313 and the 2014 Guidebook for Audit Committees.

We keep abreast of the latest developments and best practices by participating in industry seminars and interacting with risk management practitioners. An ERM Committee, comprising risk champions across the business units, drives and coordinates Group-wide initiatives.

As a Group, we take a balanced approach to risk management, recognising that not all risks can be eliminated. To optimise returns for the Group, we will only undertake appropriate and well-considered risks.

The Group’s five-step risk management process consists of identification, assessment, formulation of mitigation measures, communication and implementation, and monitoring and review. The process takes into account both the impact and likelihood of the risks identified.

Strategic Risk
Market, Competition and Technology

The strategic risks for Keppel Group includes market, competition and technology risks. These include market driven forces, evolving competitive landscape, changing customer demands and disruptive innovation. These risks receive constant high-level attention through the year. Strategy meetings are held to review business strategies, formulate strategic responses and take pre-emptive mitigations.

The BRC guides the Group in formulating and reviewing risk policies and limits. These are subject to periodic reviews to ensure relevance in supporting business objectives and alignment to the Group’s risk tolerance level. Policies aim to address risks effectively and proactively, taking into consideration the prevailing business climate.

Investment and Divestment

The Group has an established process for evaluating investment and divestment proposals. The Investment and Major Project Action Committee (IMPAC), together with the Board, guides the Group to take thoughtful risks to earn the best risk-adjusted returns, while exercising the spirit of enterprise. Financial discipline is exercised with capital allocated to the right projects. This systematic evaluation process requires our investment teams to identify the risks and corresponding mitigating actions in their proposals.

Investment risk assessment involves rigorous due diligence, feasibility studies and sensitivity analyses of key assumptions and variables. Some factors considered in the assessment include alignment to Group strategy, financial viability, country-specific political and regulatory developments, contractual risk implications and lessons learned. The investment portfolio is constantly monitored to ensure that performance is on track to meet the strategic intent and investment returns.

Human Resource

To drive the Group’s growth, emphasis is placed on attracting the best talent, nurturing employees, maintaining good industrial relations and fostering a conducive work environment. The Group continues to focus on improving succession planning, bench strength and maintaining choice employer status.

Keppel recognises that it is vital for staff to imbibe a risk-centric mindset and have the ability to assess and manage risks at work. Keppel Leadership Institute, established as a global centre to groom leaders and equip them with the capabilities to drive and support Keppel’s growth, helps to inculcate this mindset through the embedment of risk management in key leadership courses.

Operational Risk
Project Management

Risk management processes are integrated with project management from the initiation stage through to completion. The Group adopts a systematic assessment and monitoring process to help manage the key risks for each project. Particular attention is given to technically challenging and high-value projects, including greenfield developments, and those that involve new technology or operations in a new country. Projects are managed in accordance to the respective country’s environmental laws and labour practices.

At the execution stage, project reviews and quality assurance programmes are carried out to address issues involving cost, schedule and quality. Key Risk Indicators are used as early warning signals. Knowledge sharing workshops are conducted to share best practices across the Group, building lessons learnt into case studies for future reference. All this helps to ensure that projects are completed on time and within budget, while meeting safety and quality standards.

Health, Safety & Environment

The Group places great emphasis in maintaining a high level of health, safety and environmental (HSE) standards. A CEO Roundtable group reviews safety efforts and considers ideas to improve safety. There are ongoing efforts to raise HSE awareness and culture at the ground level, and align HSE systems and standards via a global HSE information and management framework. Particular attention is placed on training in identified high risk activities such as lifting and movement of vehicles.

Business & Operational Processes

Continuing efforts are placed on streamlining business process with a common shared services platform that allows the Group to achieve cost-savings, improvement in efficiency and productivity, and enhancement in governance and control at the same time.

ISO standards and certifications were adopted to achieve standardisation of processes and best practices. Procedures relating to defect management, operations, project control and supply chain management were established to improve quality of deliverables. A regular review of policies and authority limits is carried out to ensure that they remain relevant in meeting changing business requirements.

Laws & Regulations

The Group monitors closely developments in laws and regulations in the countries that we operate in to ensure that our businesses and operations comply with all relevant laws and regulations. We regularly engage with government authorities and agencies to keep abreast of changes in regulations. Particular emphasis is placed on regulatory compliance in all our operations.

Business Continuity

We are committed to enhancing the Group’s operational resilience through a robust Business Continuity Management (BCM) Plan. Keppel’s BCM Plan enables us to respond effectively to disruptions while continuing with critical business functions.

Crisis management and communication procedures have been embedded into the Group’s BCM processes to bolster operational readiness. These procedures are constantly refined to allow us to respond in an orderly and coordinated way, as well as to expedite recovery. Our focus is on building capabilities to respond to crisis effectively while safeguarding our people, assets and the interest of stakeholders.

Information Technology

The Group has in place an Information Technology (IT) security framework to address evolving IT security threats, such as hacking, malware, mobile threats and data-loss.

The Group’s IT security, governance and control have been strengthened through the alignment of IT policies, processes and systems, and the consolidation of servers and storages. Extensive training was carried out on user security education, and assessment exercises were conducted to heighten awareness of threats. Measures and considerations have also been taken to safeguard against loss of information, data security, and prolonged service unavailability of critical IT systems.

Financial Risk
Misstatement of Financial Statements, Fraud and Corruption

Policies such as the Whistle-Blower Protection Policy and the Employee Code of Conduct established a clear tone from the top with regard to business and ethics conduct. The Group adopts a strong anti-corruption stance. The internal control systems and processes are monitored closely.

Keppel’s System of Management Control Framework outlines the Group’s internal control and risk management processes and procedures. For more details on the framework, please refer to page 103 of this Report.

Financial and Capital

Financial risk management relates to the Group’s ability to meet financial obligations and mitigate credit, liquidity, currency and interest rate risks. Policies and financial authority limits are reviewed regularly to incorporate changes in the operating and control environment.

The Group focuses on financial discipline, deploying its capital to earn the best risk-adjusted returns and maintaining a strong balance sheet to seize opportunities. This includes the evaluation of counterparties against pre-established guidelines. For more details on financial risk management, please refer to pages 82 to 83 of this Report.

Impact assessment and stress tests are performed to gauge the Group’s exposure to changing market situations. This allows for informed decision-making and prompt mitigating actions. We regularly monitor the concentration exposure in the countries where we operate.

Risk-Centric Culture

Effective risk management hinges not only on systems and processes, but also on mindsets and attitudes. The Group fosters a risk-centric culture through four key areas.

1. Leadership

Keppel’s top management is committed to fostering a strong risk-centric culture in the Group, showing strong support for risk management initiatives. Key messages encouraging prudent risk-taking in decision-making and business processes are interwoven into major meetings, speeches and publications.

2. Risk Management Process

Management of risks is an integral aspect of strategic and budget review, as well as for investment and project planning. Risk considerations are taken at all levels of the businesses, with tools and risk management methodology applied as part of the process.

3. Training & Communication

ERM workshops are conducted regularly to enhance risk management competency across the Group. Training and communication are also carried out through various forums and in-house publications. This has helped to reinforce discipline and garner greater awareness across the Group.

4. Performance Evaluation

Keppel seeks to raise the accountability of its employees for risk management through the performance evaluation process. A Group-wide survey is conducted to assess the level of risk awareness amongst employees.

Proactive Risk Management

We remain vigilant against emerging threats that may affect our different businesses. Through close collaboration with stakeholders, we will continue to review our risk management system to ensure that it remains adequate and effective.