Managing risk is an integral part of our
business activities and is performed to create
value for the Group.
The Group manages risk under an overall
strategy determined by the board of directors
and supported by the board’s Risk Committee
and Audit Committee. The Risk Committee
reviews and enhances the effectiveness of the
Group’s risk management and health, safety and
environment (HSE) plans, systems, processes and
procedures. It also regularly reviews group-wide
risk and HSE policies, guidelines and limits, as
well as significant risk exposures relating to
foreign exchange rates, commodity prices and
major investment projects and corresponding risk
mitigation plans. Oversight responsibility for risk
management within the Group’s listed entities
lies with their respective boards.
ENTERPRISE RISK MANAGEMENT
The Group is committed to ensuring that
we have an effective and practical enterprise
risk management (ERM) framework in place
to safeguard our people and assets, protect
shareholders’ interests, make informed decisions
for intrinsic value creation and ultimately uphold
and enhance our brand and reputation amongst
our stakeholders. In designing our ERM framework,
the Group has adapted and made reference to
various industry risk management standards, such
as ISO 31000 and the COSO framework, to ensure
that we are in line with best practice. To sustain a
successful ERM programme, we believe in having
the right processes and tools, as well as instilling
and embedding the right risk awareness culture.
Our ERM framework specifically sets out a
systematic and structured approach towards risk
management through the following activities:
Awareness trainings and workshops
Risk identification and assessment
Formulation of key risk management strategies
Design and implementation of risk mitigation
controls (preventive, detective and
responsive controls)
Monitoring and timely reporting of risk
management performance and risk
exposure levels
Continuous improvement of risk management
mitigation measures and capabilities
Our ERM framework is supported by the following
key pillars:
a.
|
Fraud risk management
|
b.
|
Operational risk management
|
c.
|
Financial, market and credit risk management
|
d.
|
Investment risk management
|
a. Fraud Risk Management
The risk of fraud is an inherent risk within any
organisation. To manage this, the Group has
established a fraud risk management policy which
was approved by the board’s Risk Committee.
The fraud risk management policy provides a framework
and comprehensive guidance on anti-fraud
measures to pro-actively manage the risk of fraud,
bribery and corruption. All subsidiaries are required
to have a fraud control plan in place and we actively
influence and encourage our joint ventures and
associates to adopt our fraud risk management
framework. The Group adopts a zero tolerance
policy on fraud, which we take to include corruption
and bribery, and this policy stance is regularly
communicated
to employees.
The following key activities and complementary
policies and procedures are part of our holistic
approach towards fraud risk management and also
address the risk of bribery and corruption:
Preventive anti-fraud measures
Employee code of conduct
Conflict of interest policy
Corporate gift policy
Fraud risk assessments
Employee and third party due diligence
Detective anti-fraud measures
Whistle-blowing policy
Forensic data analysis
Compliance and monitoring
Pre-employment screening
Responsive anti-fraud measures
Fraud reporting procedures
Fraud investigation procedures
Grievance handling procedures
Whistle-blowing policy
Since 2005, Sembcorp has maintained a
whistle-blowing policy and procedure which
provides employees with well-defined and
accessible channels within the Group through
which they may, in confidence, raise concerns
about possible improprieties in the conduct of
business activities, financial reporting or other
matters to the Audit Committee. This arrangement
facilitates independent investigation of such
matters for appropriate resolution. The policy is
communicated to all employees and is subject
to review on a regular basis.
Employees are encouraged to report suspected
wrongdoing, in confidence and without fear of
reprisal, in relation to the following:
Mail or wire fraud, bank fraud, or fraudulent acts
Violations of laws, rules or regulations applicable to the company and related to accounting, internal accounting controls and auditing matters
Intentional error or fraud in the preparation, review or audit of any financial statement of
the company
Significant deficiencies in or intentional non-compliance with the company’s internal accounting
controls
Any reportable conduct, defined to mean anyone of the following:
–
|
Unlawful, unethical, corrupt or improper conduct
|
–
|
Conduct that is in breach of any policy
of the company
|
–
|
Misuse of funds or assets of the company
|
–
|
Conduct that jeopardises the safety of
the company’s employees, the environment
in which they are working, or the public
|
–
|
Abuse of authority
|
–
|
Any other conduct which may cause
financial or non-financial loss to the company
or damage to the company’s reputation
|
–
|
Suppression or concealment of any
information relating to any of the above
types of actions
|
–
|
Acts to mislead, deceive, manipulate, coerce
or fraudulently influence any internal or
external accountant or auditor in connection
with the preparation, examination, audit or
review of any financial statement or record
of the company or the Group
|
–
|
Criminal acts, including theft, the sale or
use of drugs, money laundering, violence or
threatened violence and criminal damage
against property
|
–
|
Detrimental actions taken in reprisal against
a whistle-blower
|
A whistle-blower may submit his / her allegations
or concerns either by telephone, email or through
other written forms or existing communication
channels. The company will protect the
confidentiality and anonymity of the whistle-blower.
The whistle-blowing case will be received by the
head of Group Internal Audit and an investigation
will be conducted in compliance with the
requirements set out in the company’s whistle-blowing
policy. If an employee who uses whistle-blowing
channels is found to have wilfully done
so in bad faith, disciplinary action will be taken
against him / her. A copy of our whistle-blowing
policy is available on our company website,
www.sembcorp.com.
b. Operational Risk Management
Crisis management and business continuity
With operations extending across the globe, the
Group monitors for emerging threats that may
disrupt its operations, and formulates and updates its
strategies and mitigation measures accordingly. Focus
is placed on establishing a robust and effective crisis
management framework that is relevant to the
current business environment and risk landscape, and
on improving existing emergency response protocols
and business continuity plans across our business
entities to strengthen operational readiness.
Crisis
communication procedures are also embedded as
part of the Group’s crisis management framework.
The Group’s crisis management, emergency response
and business continuity procedures and plans are
regularly tested and fine-tuned to ensure that the
Group can respond effectively to crises and
emergencies. The Group also addresses crises and
emergencies through the implementation of
appropriate prevention, preparedness, response
and recovery programmes. In addition, the Group
adopts key standards and practices set out by
ISO 22301:2012 under Societal Security – Business
Continuity Management Systems – Requirements
and by SS540 Singapore Standard for Business
Continuity Management. This approach enables us
to build resilience and enhance our capability in
managing and responding to emergencies. It also
helps to minimise the impact of incidents on people
and the environment, prevent loss of assets and
mitigate disruption to business operations while
safeguarding the company’s reputation.
Health, Safety and Environment
The Group HSE department is guided by our
Group President & CEO and the board-level Risk
Committee, reflecting the high priority accorded
to HSE issues at Sembcorp. The department
has formalised a Group HSE management system
and promotes global HSE efforts to ensure
effective and timely management of HSE issues
across the Group. This management system
is aligned with ISO 14001 and OHSAS 18001
standards and provides guidance to business
units in actively managing HSE risks associated
with our activities and services in a systematic
manner. For more information on the company’s
HSE management, please refer
here.
Insurance
The Group actively reviews its insurable and
uninsurable risks, and identifies comprehensive
and cost-effective risk management tools to
manage such risks. As a risk transfer mechanism,
the Group has purchased a comprehensive set of
insurance policies to protect itself against financial
loss resulting from property damage, machinery
breakdown, business interruption and general
liability. The Group has also engaged a panel of
top-tier insurance consultants to leverage their
technical expertise and resources to negotiate for
competitive pricing and comprehensive coverage
with commercial insurance companies. To balance
the cost of risk transfer, the Group focuses on
insuring catastrophic events while maintaining its
emphasis on improving internal controls over
operations and maintenance. Sembcorp Captive
Insurance, a wholly-owned captive insurance
subsidiary, provides first layer coverage against
property damage and business interruption losses
for the Group’s operations in Singapore and on
the Wilton International site in the UK. Sembcorp
Captive Insurance serves not only as an internal risk
transfer mechanism, but also showcases the efforts
of the Group in promoting greater accountability
and responsibility in the operations and
maintenance of each business unit. Over the years,
Sembcorp Captive Insurance has successfully built
up a strong capital surplus, allowing it to extend its
insurance reach to other operations and broaden
its scope of coverage.
c. Financial, Market and Credit Risk Management
The Group actively manages its financial, market
and credit risk exposure with respect to foreign
exchange rates, commodity prices and interest
rates via established policies, including the Group’s
treasury policies, financial authority limits and
system of financial discipline. These policies set
out the parameters for management of the Group’s
exposure to counterparty, liquidity, foreign exchange
and other material transaction risks.
Financial and market risk
The Group defines and utilises approved financial
instruments to manage exposure to foreign
exchange, commodity prices and interest rate
fluctuations arising from operational, financing and
investment activities. The commodities include fuel
oil, coal and natural gas. Transactions such as
foreign exchange forwards, interest rate swaps,
commodities swaps, purchase of options and
contracts for differences are used to manage these
risks as appropriate. Under the Group’s overall
treasury policy, transactions for speculative purposes
are strictly not allowed. Transactions are allowed
only for hedging purposes based on the underlying
business and operating requirements. Exposure to
foreign currency risk is also hedged naturally where
possible. In addition, the Group has financial
authority limits, which seek to limit and mitigate
operational risk by setting out the threshold of
approvals required for entering into contractual
obligations and investments.
Default and credit risks
Default and credit risks arise when counterparties
fail to fulfill their contractual obligations. The
Group generally deals with counterparties with
satisfactory creditworthiness and this is achieved
by evaluating and monitoring default and credit
risks of trade customers, suppliers, contractors,
off-takers, joint venture partners and financial
institutions. Credit evaluations are performed on
counterparties from time to time based on an
appropriate methodology. On a case-by-case basis,
additional securities and shorter payment terms
will be required as risk mitigation measures when
dealing with counterparties of weaker credit
standing. The Group also reviews material
concentration risk with individual counterparties
or geographically.
d. Investment Risk Management
To ensure that the necessary prudence is exercised
in all investment decisions, the Group has in place
an investment approval process whereby a
disciplined approach is taken to review the key
risks and opportunities presented by potential
investments. As part of our investment approval
process, all new investments and transactions are
reviewed by a cross-functional project team that
provides risk assessments, mitigation measures
and recommendations to the respective authorised
persons for approval in accordance with applicable
financial authority limits.
In addition, to ensure that Sembcorp maintains
appropriate diversification across different
geographies, the Group has put in place a country
risk framework to monitor and report its investment
exposure globally. Countries are classified into high,
medium and low risk categories based on their
macroeconomic and sovereign risks, political and
corruption risks, regulatory and transfer risks, as
well as social and environmental risks. Furthermore,
our investment exposure under each country is
regularly reported to the board’s Risk Committee.
This framework also defines limits that have been
approved by the board and stipulates that any
deviation from these country limits requires board
approval according to a set procedure. In reviewing
any request for deviations from the country limits,
the board will consider the key risk drivers at hand,
in terms of investment size, duration and economic
life of the project, as well as the level of residual risk
after the implementation of mitigation plans.
With this country risk framework, the board
has currently set the limit of the Group’s investment
exposure in countries deemed to be of high and
medium risk to be no more than 65% of its total
investment exposure, and has also set appropriate
single country limits to prevent concentration risk.
As at December 31, 2014, the countries outside
of Singapore in which the Group (excluding the
Marine business) holds the largest shareholders’
invested capital are China (S$1.1 billion),
the UK (S$711 million) and India (S$534 million).
INTERNAL CONTROLS
The Group adopts a governance assurance
framework that is integrated with its ERM
framework, under which a logical and systematic
approach is used to identify, analyse, treat and
monitor key risks. The effectiveness of key controls
is rated, and the rationale for ratings documented,
to enable management to better identify and
manage key control gaps or weaknesses.
Sembcorp’s governance assurance
framework comprises four lines of defence
to manage key risks identified:
i. Business Governance / Policy Management
As a first line of defence, business units establish
a risk management and control environment in
their day-to-day operations and operate within
the parameters of policies established for
operational and financial governance. Group
governance and functional policies are developed
to communicate corporate governance culture
and to set principles and guidelines for business
operations. Business units, in turn, develop
operating procedures and manuals aligned
with the Group’s governance policies to operate
effectively and efficiently and to ensure legal,
regulatory and contractual compliance.
ii. Management Assurance
The second line of defence is a system of self-review
and assessment by the management of the Group’s
key businesses. This system of financial discipline is
a comprehensive compliance self-review process to
ensure that transactions are in compliance with
Singapore accounting standards, and that internal
controls are adequate and effective. Fines and
sanctions arising from non-compliance to laws and
regulations are also reported. In addition, an annual
self-assessment is conducted by key businesses,
under which significant risk areas are assessed,
mitigating controls are reviewed for effectiveness
and action plans are identified to further address
key areas of risk.
iii. Independent Assurance
Reviews by internal auditors of our system of
internal controls provide independent assurance on
the adequacy and effectiveness of these controls in
addressing the financial, operational and compliance
risks of the company. In the course of performing
the full-year audit, our external auditors also
consider internal controls relevant to the preparation
of financial statements that give a true and fair view
in order to design the appropriate audit procedures.
Internal Audit
The Group Internal Audit department assists the
board’s Audit Committee in promoting a sound
system of internal controls and good corporate
governance across the Group. Using a risk-based
methodology, our internal auditors perform periodic
audits to assess the effectiveness of the Group’s
internal controls in addressing financial, operational
and compliance risks, as well as our information
technology controls and risk management system.
For more information on the company’s independent
internal audit function, please refer to the
Corporate Governance Statement.
iv. Board Oversight
The board and its Audit Committee endorse
Sembcorp’s governance assurance framework and
provide oversight on the effectiveness of internal
controls and risk management processes.