Singapore Airlines 2004 Annual Report Download - page 30

Download and view the complete annual report

Please find page 30 of the 2004 Singapore Airlines annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 132

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132

1. Further Development And Integration Of Risk Management
In the year under review, the Company continued to further integrate and embed her risk management activities under the
Risk Management Framework formalized in the preceding year.
2. Multiple Levels Of Risk
SIA recognizes that within each of the Framework’s four classes of risks – Strategic, Operational, Financial and Regulatory –
there exist multiple levels of risk. These levels of risk can be broadly separated within the organizational structure as follows:
Process Risks – these are risks at the lowest level that are generated internally in the everyday activities of individuals or small
groups of staff, arising from errors, non-compliances or abuse of internal control procedures. Some of these Process Risks may
lead to more serious impacts on the organization, such as failures in entire business functions.
Functional Risks – these are risks in the middle levels that result in a failure of business objectives or failure of corporate
functions. They may arise from major internal Process Risks or from external factors. The IT System is an example of a function
whose failure could lead to lost sales and revenues. It could result from a breach of internal information security controls (Process
Risk) or from external malicious code attacks. A sub-set of functional risks is that consisting of failures of critical functions,
resulting in the complete disruption of the organization’s business. These may be referred to as Business Continuity Risks and
are given special attention by senior management.
Planning Risks – these are risks at the highest level that affect long-term corporate objectives and goals for the Group.
3. Embedding Risk Management Across All Levels
Structured Risk Management Activities
Recognizing that the different levels of risk and corresponding ownership require the risk management effort to be customized
accordingly, a structured programme was implemented as follows:
Control-Self-Assessment (“CSA”) for Process Risks
The CSA programme looks into the daily activities and processes in fine detail, including the actions of individuals or small
groups of staff. The corresponding internal controls in place to prevent abuse and improve efficiency are mapped and risks of
non-compliance, whether intentional or erroneous, are monitored.
Risk and Business Continuity Management for Functional Risks
In the year under review, Business Continuity Management (”BCM”) was formalized within the Risk Management Framework,
to give more structure to the management of risks that have the potential to cause a disruption of the entire business as a
whole. The BCM programme forms an integral part of the Framework to manage the full spectrum of enterprise risks and links
corporate functional risks and long-term threats.
Review of Long-Term Planning Risks
This looks into the threats and events that may affect long-term goals and objectives. The Board and senior management reviews
the corporate business plans adopted and considers the corresponding risks surfaced under the risk management process.
28 SIA Annual Report 03/04
Statement on Risk Management