Keppel's risk management approach arises from the philosophy of seeking sustainable growth opportunities and creating economic value, while ensuring only appropriate and well‑considered risks are assumed. Risk management is an integral part of the way in which we develop and execute our business strategies.
Notwithstanding the challenges, we continued a disciplined pursuit of new opportunities, innovation and revenue streams to safeguard shareholder’s interest and the Group’s assets. Our robust risk‑centric culture and risk management system have enabled us to continue to respond effectively to the dynamic business environment, shifting business demands and to seize new value‑added opportunities for our stakeholders.
Effective risk management hinges not only on systems and processes, but equally on mindsets and attitudes. The Group fosters a risk‑centric culture through several aspects.
Leadership & Governance
Our management is fully committed to fostering a strong risk‑centric culture, role‑modelling and demonstrating strong support for risk management in all initiatives. Key messages encouraging prudent risk taking in decision making and business processes are interwoven into major meetings, speeches and publications.
Framework & Values
Supported by an established risk management framework, our core values of integrity, accountability, people‑centredness and safety, along with our refreshed mission to deliver solutions for sustainable urbanisation responsibly, guides management and staff to consider risks in all their daily activities.
Process & Methods
In applying the risk management framework and guided by best practices, an integral aspect of both strategic and operational decision making includes consideration and management of risks at all levels of the businesses. As part of the process, appropriate tools, techniques and risk management methodologies are applied along with the requisite domain knowledge capabilities.
Training & Communication
Training and communication are held regularly to enhance risk management competency across the Group. Through various forums and in‑house publications, including different modes of training, risk management is reinforced as a discipline and developed through awareness and practice.
Transparency & Competency
We promote transparency in information sharing and escalation of risk‑related matters. Risk identification and assessment are embedded in our control processes. A Group‑wide survey is conducted periodically to assess the level of risk awareness amongst employees.
Ownership & Accountability
To maintain our standards in risk management, we advocate ownership and accountability of our employees for risk management through the performance evaluation process.
Enterprise Risk Management Framework
Keppel’s Board is responsible for risk governance and ensures that management maintains a sound system of risk management and internal controls. Through the Board Risk Committee (BRC), the Board provides valuable advice to management in formulating the risk management framework, policies and guidelines. Our management surfaces significant risk issues for discussion with the BRC and the Board to keep them fully informed in a timely manner.
The terms of reference for the BRC are disclosed here.
The Board has defined three risk tolerance guiding principles for the Group. These principles serve to determine the nature and extent of the significant risks which our Board is willing to take in achieving our strategic objectives.
These principles are:
- Risk taken should be carefully evaluated, commensurate with rewards and in line with the Group’s core strengths and strategic objectives.
- No risk arising from a single area of operation, investment or undertaking should be so huge as to endanger the entire Group.
- The Group does not condone safety breaches or lapses, non‑compliance with laws and regulations, as well as acts such as fraud, bribery and corruption.
Keppel’s risk governance framework, set out under Principle 11 (Risk Management and Internal Controls), facilitates management and the BRC in determining the adequacy and effectiveness of the Group’s risk management system.
Risk management is an integral part of decision making across the Group. We are cognisant of the dynamic environment in which the Group operates and continue to constantly refine the framework and systems where necessary, to ensure strong risk governance across the Group. Keppel’s Enterprise Risk Management (ERM) framework, a component of Keppel’s System of Management Controls, provides the Group with a holistic and systematic approach to risk management. It outlines the reporting structure, monitoring mechanisms, processes and tools, as well as policies and limits, in addressing the Group’s key risks.
Our ERM framework is constantly refined to ensure relevance in a dynamic operating environment and where required, tailored to the requirements of each business unit depending on specific industries and objectives. The framework takes reference from the Singapore Code of Corporate Governance, ISO 31000, ISO 22313 and the Guidebook for Audit Committees.
Our Risk and Compliance Committee, comprising relevant subject matter risk champions across the business units, drives and coordinates Group‑wide risk management activities and initiatives. This is bolstered by regular bilateral and business unit level meetings to ensure that relevant risks are identified, assessed and mitigated in a timely manner. We keep abreast of the latest developments and best practices through participation in industry seminars and interacting with risk management practitioners.
We adopt a balanced approach to risk management. Given not all risks can be eliminated, we are committed to undertaking appropriate and well‑considered risks to optimise returns for the Group.
Market and Competition
A large part of the Group’s strategic risks comprise market driven forces, evolving competitive landscapes, changing customer demands and disruptive innovation. The Group remains vulnerable to a number of external factors including uncertainties in the global economy, implications from geo‑political developments and threats of disruptive technology. These risks receive constant high‑level attention throughout the year. Strategy meetings are held across the Group to review business strategies, formulate responses and take pre‑emptive action against these risks.
The BRC guides the Group in formulating and reviewing risk policies and limits. These policies and limits are subject to periodic reviews to ensure they continue to support business objectives and are aligned to our risk tolerance level. Taking into consideration the prevailing business climate and the Group’s risk appetite, the policies aim to address risks effectively and proactively.
Investments and Divestments
We have an established process for evaluating investment and divestment decisions. Investments are monitored to ensure they are on track to meet the Group’s strategic intent, investment objectives and returns. These investment decisions are guided by investment parameters set on a Group‑wide basis.
Together with the Board, the Investment and Major Project Action Committee (IMPAC) guides the Group to take considered risks in a controlled manner, exercising the spirit of enterprise, as well as prudence to earn the best risk‑adjusted returns on invested capital across all our businesses.
Investment risk assessment involves rigorous due diligence, feasibility studies and sensitivity analyses of key assumptions and variables. Some factors considered in the assessment include alignment to Group strategy, financial viability, country‑specific political and regulatory developments, contractual risk implications as well as lessons learnt. The investment portfolio is constantly monitored to ensure that performance is on track to meet the Group’s strategic intent and investment returns.
We continue to maintain a strong emphasis on attracting and building a deep pool of talent. This includes nurturing employees, maintaining good industrial relations and fostering a conducive work environment for our employees. The Group is focused on strengthening succession planning and bench strength, as well as building organisational capabilities to drive business growth whilst maintaining our status as an employer of choice.
We recognise the importance of having a risk‑centric mindset and the ability to identify, assess, develop and implement mitigation actions, as well as monitor risks. Keppel Leadership Institute, established as a global centre to groom leaders and equip them with the capabilities to drive and support Keppel’s growth, helps to inculcate this mindset by embedding risk management in its key leadership courses.
From initiation through to completion, risk management processes are an integral part of project management activities to facilitate early risk detection and proactive management. The Group adopts a systematic assessment and monitoring process to help manage the key risks for each project. Particular attention is given to technically challenging and high‑value projects, including greenfield developments, as well as those that involve new technology or operations in a new country. Projects are managed in accordance to the respective country’s environmental laws and labour practices.
At the project execution stage, we carry out project reviews and quality assurance programmes to address issues involving cost, schedule and quality. Project Key Risk Indicators are used as early warning signals. In addition, we conduct knowledge sharing workshops to share best practices and lessons learnt across the Group. All these help to ensure that projects are completed on time and within budget, while meeting safety and quality standards, as well as contract obligations.
Health, Safety & Environment
Maintaining a high level of Health, Safety and Environmental (HSE) standard is of paramount importance to the Group.
We constantly strive to raise awareness, maintain vigilance and foster a strong HSE‑centric culture across the Group and particularly at the ground level. Key initiatives include driving a zero fatality strategy with a roadmap focused on aligning Hazard Identification Risk Assessment standards across our global operations, enhancing competency of employees performing safety‑critical tasks, strengthening operational controls, deploying standard Root Cause Analysis across the Group, as well as developing more proactive and leading matrices to monitor HSE performance. Environmental management practices in key operating sites are also closely monitored. As a Group, we continue to embrace and leverage technology to improve HSE processes and systems. Testament to the Group’s concerted efforts in safety, Keppel clinched 36 awards at the WSH Awards for exemplary safety performances and implementation of strong WSH management systems, as well as efforts in creating solutions that improve workplace safety.
Business & Operational Processes
We continue to streamline business processes. We have implemented initiatives to establish a common shared services platform which allows us to continue to achieve cost savings, improve efficiency and productivity, as well as enhance governance, compliance and control.
We have adopted ISO standards and certifications to achieve standardisation of processes and best practices. In addition, procedures relating to defect management, operations, project control and supply chain management were established to improve the quality of deliverables. We conduct regular reviews of policies and authority limits to ensure that they remain relevant in meeting changing business requirements.
We are committed to enhancing operational resilience through a robust Business Continuity Management (BCM) Plan that will equip us to respond effectively to business disruptions, ensuring that critical business functions continue to operate with minimal impact to our people, operations and assets. As a Group, we are cognisant of the increasing risk of natural disasters, terrorism and cyber threats, and have increased our efforts in reviewing and testing our operational preparedness and effectiveness of our BCM plans. Follow‑up actions are taken to strengthen operational resilience with all key learning points documented.
Crisis management and communication procedures have also been embedded into the Group’s BCM processes. These procedures are constantly refined to allow us to respond in an orderly and coordinated way, as well as to expedite recovery.
Urbanisation and connectivity has given rise to rapidly increasing concerns around cyber security. The Group maintains a close watch and keeps abreast of techniques and threats as they evolve in order to develop the appropriate mitigation measures. This will remain a key focus area for the Group. Our focus is on building capabilities to respond to crises effectively while safeguarding our people, assets and the interests of our stakeholders.
The Group has in place an Information Technology (IT) security framework to address evolving IT security threats such as hacking, malware, mobile threats and loss of data.
Our IT security, governance and control have been strengthened through the alignment of IT policies, processes and systems, and the consolidation of servers and storages. We have also appointed IT security officers and implemented guided self‑assessments to identify IT security gaps.
We have dedicated IT expertise to keep abreast of the latest developments, innovation and threats in technology and assess their impact and risks at various levels. Extensive training, including assessment exercises, have been conducted on user security education to heighten awareness of IT threats. Measures and considerations have also been taken to safeguard against loss of information, data security and prolonged service disruption of critical IT systems.
Laws, Regulations & Compliance
Given the geographical diversity of our businesses, we closely monitor developments in the laws and regulations of countries where the Group operates to ensure that our businesses and operations comply with all relevant laws and regulations. We regularly engage with local government authorities and agencies to keep abreast of changes to laws and regulations.
We recognise that non‑compliance with laws and regulations not only has significant financial impact but potentially detrimental reputational impact on the Group. We are fully committed to strengthening our regulatory compliance framework. Our emphasis is clear and consistently reiterated. We have zero tolerance for fraud, bribery, corruption and violation of laws and regulations.
During the year, we continued to make significant progress on our regulatory compliance initiatives, ensuring that compliance principles are embedded in our activities and implementing best practices from industry leaders as we develop and strengthen our compliance framework. More details on the steps taken by the Group in operationalising regulatory compliance are set out here.
Fraud, Misstatement of Financial Statements & Disclosures
We maintain a strong emphasis on ensuring financial statements are accurate and presented fairly in accordance with applicable financial reporting standards and framework.
Regular external and internal audits are conducted to provide assurance on accuracy of financial statements and adequacy of the internal control framework supporting the statements. Where required, we leverage the expertise of the engaged auditors in the interpretation of financial reporting standards and changes. We hold regular training and education programmes to enhance competency of finance managers across the Group. Keppel's System of Management Controls framework outlines the Group's internal control and risk management processes and procedures. More details on the framework can be found here.
Financial risk management relates to our ability to meet financial obligations and mitigate credit, liquidity, currency and interest rate risks. Policies and financial authority limits are reviewed regularly to incorporate changes in the operating and control environment.
At Keppel, we are focused on financial discipline, deploying our capital to earn the best risk‑adjusted returns and maintaining a strong balance sheet to seize new opportunities. This includes the evaluation of counterparties and related risks against pre‑established guidelines. Please refer here for more details on the Group’s financial risk management.
Impact assessment and stress tests are performed to gauge the Group's exposure to changing market situations, allowing for informed decision making and implementation of prompt mitigating actions. We regularly monitor the concentration of exposure in the countries where the Group operates to ensure that our portfolio of assets, investments and businesses are adequately safeguarded against the systemic risks of operating in a specific geography.
Proactive Risk Management
We remain vigilant against emerging threats that may affect our different businesses. Through close collaboration with stakeholders and keeping vigilant, we will continue to assess our risks and review our risk management system to ensure that our ability to manage and respond to threats remains adequate and effective.