50
CapitaLand Limited
Annual Report 2015
Enterprise Risk Management
Risk management is an integral part of CapitaLand’s
business at both the strategic and operational levels.
A proactive approach towards risk management supports
the attainment of the Group’s business objective and
corporate strategy of ONE CapitaLand, thereby creating
and preserving value.
The Group recognises that risk management is just as much
about opportunities as it is about threats. To capitalise
on opportunities, the Group has to take measured risks.
Therefore, risk management is not about pursuing risk
minimisation as a goal, but rather optimising the risk-reward
relationship within known and agreed risk appetite levels.
The Group therefore takes risks in a prudent manner for
justifiable business reasons.
The Board of Directors is responsible for the governance
of risk across the Group. The responsibilities include
determining the Group’s risk appetite, overseeing the
Group’s Enterprise Risk Management (ERM) Framework,
regularly reviewing the Group’s risk profile, material risks and
mitigation strategies, and ensuring the effectiveness of risk
management policies and procedures. For these purposes,
it is assisted by the Risk Committee (RC), established in
2002, to provide dedicated oversight of risk management
at the Board level.
The RC currently comprises four independent Board
members and meets on a regular basis. The meetings are
attended by the President & Group CEO as well as other
key management staff. The RC is assisted by the Risk
Assessment Group (RAG), a dedicated and independent
in-house unit comprising highly specialised and professional
members with vast and diverse experiences in financial,
operational and enterprise risk management.
The Board has approved the Group’s risk appetite, which
determines the nature and extent of material risks that the
Group is willing to take to achieve its strategic and business
objectives. The Group’s Risk Appetite Statement (RAS) is
expressed via formal, high-level and overarching statements
and incorporates accompanying risk limits which determine
specific risk boundaries established at an operational level.
Having considered key stakeholders’ interests, the RAS
sets out explicit, forward-looking views of the Group’s
desired risk profile and is aligned to the Group’s strategy
and business plans.
A team comprising the President & Group CEO and other
key management personnel is responsible for directing and
monitoring the development, implementation and practice
of ERM across the Group. Operationally, a network of risk
champions from the different Strategic Business Units
(SBUs) and corporate functions, as well as various specialist
support functions, are tasked to develop, implement and
monitor risk management policies, methodologies and
procedures in their respective areas.
Enterprise Risk Management Framework
UÊ VVi«Ì
UÊ Û`
UÊ Ì}>ÌiÊ
e.g. Business
Continuity Management
UÊ /À>ÃviÀ
e.g. Contractual Risk
Management & Insurance
UÊ iÞÊ,ÃÊ `V>ÌÀÃ
UÊ+Õ>ÀÌiÀÞÊ,ÃÊ
Reporting
UÊ*ÀÌvÊ ÌÀ}Ê
of Financial Risk
e.g. Country
Ê ViÌÀ>Ì]Ê 8]ÊiÌV
ERM Framework
Risk Strategy
Board Oversight & Senior Management Involvement
Internal Control System
Risk-Aware Culture
UÊ,ÃÊ ««iÌÌi
UÊ,ÃÊEÊ ÌÀÊ
Self-Assessment
UÊ ÛiÃÌiÌÊ,ÃÊ Û>Õ>Ì
UÊ+Õ>ÌÌ>ÌÛiÊ >ÞÃÃ
UÊ -Vi>ÀÊ >ÞÃÃ
UÊ7
ÃÌiLÜ}ÉÊ
Business Malpractice
Risk Identification
& Assessment
Risk
Response
Risk Monitoring
& Reporting
Independent Review and Audit
