Notwithstanding the headwinds, we continued a disciplined pursuit of new opportunities and revenue streams to safeguard shareholders’ interests and the Group’s assets. Supported by a robust risk management system, we are able to respond effectively to shifting business demands and seize opportunities that create value for our stakeholders.
Robust Enterprise Risk Management Framework
Keppel’s Board is responsible for governing risks and ensuring that management maintains a sound system of risk management and internal controls. Assisted by the Board Risk Committee (BRC), the Board provides valuable advice to management in formulating the risk management framework, policies and guidelines. Our management surfaces key risk issues for discussion with the BRC and the Board regularly.
The terms of reference for the BRC are disclosed on page 79 of this Report.
The Board has put in place three risk tolerance guiding principles for the Group. These principles serve to determine the nature and extent of the significant risks, which our Board is willing to take in achieving its strategic objectives.
These principles are:
- Risk taken should be carefully evaluated, commensurate with rewards and in line with the Group’s core strengths and strategic objectives.
- No risk arising from a single area of operation, investment or undertaking should be so huge as to endanger the entire Group.
- The Group does not condone safety breaches or lapses, non‑compliance with laws and regulations, as well as acts such as fraud, bribery and corruption.
Keppel’s risk governance framework, set out on pages 75 to 77 under Principle 11 (Risk Management and Internal Controls), facilitates management and the BRC in determining the adequacy and effectiveness of the Group’s risk management system. Risk management is an integral part of decision‑making across the Group. We recognise the dynamic environment in which the Group operates, and we continue to refine the framework where necessary, to ensure strong governance across the Group.
Keppel’s Enterprise Risk Management (ERM) framework, a component of Keppel’s System of Management Controls, provides the Group with a holistic and systematic approach to risk management. It outlines the reporting structure, monitoring mechanisms, processes and tools, as well as policies and limits, in addressing the Group’s key risks.
Our ERM framework is constantly refined, ensuring relevance in a dynamic operating environment. References are made to the Singapore Code of Corporate Governance, ISO 31000, ISO 22313 and the Guidebook for Audit Committees.
A Risk and Compliance Committee, comprising relevant subject matter champions across the business units, drives and coordinates Group‑wide initiatives. We keep abreast of the latest developments and best practices by participating in industry seminars and interacting with risk management practitioners.
As a Group, we adopt a balanced approach to risk management. As not all risks can be eliminated, we will only undertake appropriate and well‑considered risks to optimise returns for the Group.
Market and Competition
The Group’s strategic risks comprise market and competition risks. These include market driven forces, evolving competitive landscape, changing customer demands and disruptive innovation. The Group remains vulnerable to a number of external factors including uncertainties in the global economy, implications from geo‑political developments on globalisation and threats of disruptive technology. These risks receive constant high‑level attention throughout the year. We hold strategy meetings to review business strategies, formulate responses and take pre‑emptive action against these risks.
The BRC guides the Group in formulating and reviewing risk policies and limits. These are subject to periodic reviews to ensure they continue to support business objectives and are aligned to our risk tolerance level. Taking into consideration the prevailing business climate and the Group’s risk appetite, the policies aim to address risks effectively and proactively.
Investments and Divestments
We have an established process for evaluating investment and divestment decisions. Investments are monitored to ensure they are on track in meeting the Group’s strategic intent, investment objectives and returns. These investment decisions are guided by investment parameters set on a Group‑wide basis. Together with the Board, the Investment and Major Project Action Committee (IMPAC) guides the Group to take thoughtful risks in a controlled manner, exercising the spirit of enterprise as well as financial discipline to earn the best risk‑adjusted returns on invested capital.
Investment risk assessment involves rigorous due diligence, feasibility studies and sensitivity analyses of key assumptions and variables. Some factors considered in the assessment include alignment to Group strategy, financial viability, country‑specific political and regulatory developments, contractual risk implications as well as lessons learned. The investment portfolio is constantly monitored to ensure that performance is on track to meet the Group’s strategic intent and investment returns.
We maintain a significant emphasis on attracting and building a talent pool. This includes nurturing employees, maintaining good industrial relations and fostering a conducive work environment for our employees. The Group continues to focus on strengthening succession planning and bench strength, as well as building organisational capabilities to drive business growth whilst maintaining our choice employer status.
We recognise the importance of having a risk‑centric mindset and the ability to identify, assess, develop and implement mitigation actions, as well as monitor risks. Keppel Leadership Institute, established as a global centre to groom leaders and equip them with the capabilities to drive and support Keppel’s growth, helps to inculcate this mindset by embedding risk management in its key leadership courses.
From the stage of initiation through to completion, risk management processes are integrated within project management to facilitate early risk detection and proactive management. The Group adopts a systematic assessment and monitoring process to help manage the key risks for each project. Particular attention is given to technically challenging and high‑value projects, including greenfield developments, as well as those that involve new technology or operations in a new country. Projects are managed in accordance to the respective country’s environmental laws and labour practices.
At the project execution stage, we carry out project reviews and quality assurance programmes to address issues involving cost, schedule and quality. Project Key Risk Indicators are used as early warning signals. In addition, we conduct knowledge sharing workshops to share best practices and lessons learnt across the Group. All these help to ensure that projects are completed on time and within budget, while meeting safety and quality standards, as well as contract obligations.
Health, Safety & Environment
Maintaining a high level of health, safety and environmental (HSE) standards is of paramount importance to the Group. As such, we are constantly raising awareness and building a HSE culture at the ground level. Key initiatives include driving a zero fatality strategy with a roadmap focused on aligning Hazard Identification Risk Assessment standards across our global operations, enhancing competency of employees performing safety‑critical tasks, strengthening operational controls, as well as developing more proactive and leading matrices to monitor HSE performance. Environmental management practices in key operating sites are also closely monitored. As a Group, we continue to embrace and leverage technology to improve HSE processes and systems.
Business & Operational Processes
Through ongoing efforts to streamline business processes, we have established a common shared services platform which allows us to achieve cost savings, improve efficiency and productivity, as well as enhance governance, compliance and control.
We adopted ISO standards and certifications to achieve standardisation of processes and best practices. In addition, procedures relating to defect management, operations, project control and supply chain management were established to improve quality of deliverables. We conduct regular reviews of policies and authority limits to ensure that they remain relevant in meeting changing business requirements.
We are committed to enhancing operational resilience through a robust Business Continuity Management (BCM) Plan that will equip us to respond effectively to disruptions, while continuing with critical business functions and minimising the impact on our people, operations and assets. As a Group, we are cognisant of the increasing threat of terrorism risk and have increased efforts in reviewing and testing our operational preparedness and effectiveness of these plans. Follow up actions are taken to strengthen operational resilience and key learning points are documented.
Crisis management and communication procedures have also been embedded into the Group’s BCM processes. These procedures are constantly refined to allow us to respond in an orderly and coordinated way, as well as to expedite recovery. Our focus is on building capabilities to respond to crises effectively while safeguarding our people, assets and the interests of our stakeholders.
The Group has in place an Information Technology (IT) security framework to address evolving IT security threats such as hacking, malware, mobile threats and loss of data.
Our IT security, governance and control have been strengthened through the alignment of IT policies, processes and systems, and the consolidation of servers and storages. We have also appointed IT security officers and implemented guided self‑assessment to identify IT security gaps.
Extensive training, including assessment exercises, have been conducted on user security education to heighten awareness of IT threats. Measures and considerations have also been taken to safeguard against loss of information, data security, and prolonged service disruption of critical IT systems.
Laws, Regulations & Compliance
Given the geographical diversity of our businesses, we closely monitor developments in laws and regulations in countries where the Group operates, to ensure that our businesses and operations comply with all relevant laws and regulations. We regularly engage with local government authorities and agencies to keep abreast of changes in regulations.
Recognising that non‑compliance with laws and regulations has potential significant reputational and financial impact, particular emphasis is placed on regulatory compliance in all our operations. More details on areas taken by the Group in operationalising regulatory compliance are set out on page 95 of this Report.
Fraud, Misstatement of Financial Statements & Disclosures
We continue to maintain a strong emphasis on ensuring financial statements are accurate and presented fairly in accordance with applicable financial reporting standards and framework. Where appropriate, we leverage the expertise of the engaged auditors in the interpretation of financial reporting standards and changes. Regular external and internal audits are conducted to provide assurance on accuracy of financial statements and adequacy of the control framework supporting the statements. We hold regular training and education programmes to enhance competency of finance managers across the Group. Furthermore, Control Awareness workgroups are organised to share and strengthen knowledge, to improve the control environment and establish consistent practices.
Keppel’s System of Management Controls framework outlines the Group’s internal control and risk management processes and procedures. For more details on the framework, please refer to page 76 of this Report.
Financial risk management relates to our ability to meet financial obligations and mitigate credit, liquidity, currency and interest rate risks. Policies and financial authority limits are reviewed regularly to incorporate changes in the operating and control environment.
At Keppel, we are focused on financial discipline, deploying our capital to earn the best risk‑adjusted returns and maintaining a strong balance sheet to seize opportunities. This includes the evaluation of counterparties against pre‑established guidelines.
For more details on the Group’s financial risk management, please refer to pages 56 and 57 of this Report.
Impact assessment and stress tests are performed to gauge the Group’s exposure to changing market situations, allowing for informed decision‑making and implementation of prompt mitigating actions. We also regularly monitor the concentration of exposure in the countries where the Group operates.
Effective risk management hinges not only on systems and processes, but also on mindsets and attitudes. The Group fosters a risk‑centric culture through four key areas.
Our management is committed to fostering a strong risk‑centric culture, showing strong support for risk management initiatives. Key messages encouraging prudent risk‑taking in decision‑making and business processes are interwoven into major meetings, speeches and publications.
2. Risk Management Process
An integral aspect of strategic and budget reviews includes investment and project planning risk management at all levels of the businesses. As part of the process, appropriate tools and risk management methodology are applied.
3. Training & Communication
Workshops are conducted regularly to enhance risk management competency across the Group. Through various forums and in‑house publications, training and communication programmes are also carried out to reinforce discipline and garner greater awareness.
4. Performance Evaluation
We seek to raise the accountability of our employees for risk management through the performance evaluation process. A Group‑wide survey is conducted periodically to assess the level of risk awareness amongst employees.
Proactive Risk Management
We remain vigilant against emerging threats that may affect our different businesses. Through close collaboration with stakeholders, we will continue to review our risk management system to ensure that it remains adequate and effective.