Risk Management
The Company practices Enterprise Risk Management (ERM) in accordance with the ISO 31000 and Business Continuity Management (BCM) in accordance with ISO 22301. Risk management is ingrained across the organization, with all employees responsible for applying risk management methods to operations, maximizing efficiency, returns, and minimizing societal, environmental, and potential impacts on the Company.
Risk Identification
Risk Assessment
Risk Control
Risk Monitoring
Risk Reporting
Sustainability Risk Management
The Company enhanced its risk assessment in 2023 to encompass the sustainability matters of environment, society, and governance (ESG).
Identification of ESG risk categories was done according to guidelines of the Task Force on Climate-related Financial Disclosures (TCFD), best practice and ESG indices:
Environment
- Climate Change
- Water Security
- Water
- Resource Consumption
- Deforestation & Loss of Biodiversity
Society
- Diversity, Inclusion and Inequalities
- Employee Relations
- Health & Safety
- Human Rights
Governance
- Executive Remuneration
- Board Diversity & Structure
- Donations & Political Lobbying
- Bribery & Corruption
Risk Culture
Risk management culture is deeply embedded across all levels, from the Board to department heads, enforcing it regularly through policies, frameworks, and structures. The Board, Risk Management Committee, and Heads undergo regular risk management training. Employees are instilled with risk management through the Company's culture and promoted from their first day through training, drills, activities, newsletters, and publications.
The Company developed RedRadar, a risk reporting system enabling risk managers to collect, analyse risks, and evaluate the effectiveness of risk management practices. Risk officers report risks and improvements, which are reviewed quarterly, focusing on key business-driving departments.
Business Continuity Plan
The Company developed its Business Continuity management by adapting the ISO 22301 standard for business continuity and for alignment with its Emergency Response Plan and Recovery Plan, which enabled readiness for crises, mitigating resource impacts, and facilitating timely operational normalisation to minimise threats and circumstances that could impede business.
Each department must evaluate potential disaster impacts and create business continuity plans. Plans should outline recovery goals, responsibilities, procedures, and minimum required resources like budget, systems, equipment, personnel, and substitutes. Plans must address threats like protests, terrorism, fires, natural disasters, diseases, airport closures, power outages, and tech failures. Personnel must follow these plans during crisis recovery.
Our efforts focus on ensuring the resilience of our operations in the face of such climate-related disasters. As part of the collective efforts of the Capital A Group, in 2023, we enhanced our business continuity plan to address specific challenges:
Heatwave Preparedness
FloodResilience
Wildfire Contingency Plan
Crisis Management
Importantly, the Company carries out crisis management to prevent unwanted incidents, crises and emergency situations that could lead to loss or negative impacts to its business, including aircraft accidents, missing aircraft, hijackings, bomb threats, natural disasters and public health emergencies. Effective crisis management entails the following:
1. Emergency Preparedness
In preparing for emergencies, the Company published an Emergency Response Manual (ERM) and Station Emergency Response Plan aligned with ICAO requirements and relevant airport plans. It has incorporated emergency response plan training into the curriculum for all employees and conducts annual emergency plan drills.
2. Emergency Response
The ERP outlines specific roles for employees during emergencies. Top management forms an Emergency Operation Centre to make critical decisions. On-site employees establish response centres like Survivor Reception Centre, Family and Friend Reception Centre, and Crew Rest Area within 30 minutes. Station managers coordinate between units from the Station Coordination Centre. For remote locations, a Go Team from headquarters is dispatched, comprising investigators, engineers, and a Special Assistance Team (SAT) for emotional recovery and counselling of victims and families.
3. Recovery Process
Once the emergency situation has resolved, managers are to assemble a Post Recovery Team to evaluate the situation and draft a BCP to normalise circumstances as quickly as possible.