The Risk Management Policy Statement of Malaysia Airports forms the philosophy behind the corporate dedication towards risk management. It is the intention that this statement shall ensure that all stakeholders, employees, partners and the public share an understanding of the objectives of our risk management commitment.
The rationale for the implementation of ERM framework is to:
- Safeguard people, asset, property and the environment
- Uphold our image and reputation
- Enhance effectiveness, efficiency and continuity of our business management
- Encourage proactive rather than reactive management
- Provide a basis for strategic planning
- Ensure compliance with mandatory requirements and standards
- Provide assurance to stakeholders that risk identification and management of risks play a key role in the delivery of our business objectives
- Ensure that there is adequate financial provision in the event of loss by having a structured risk financing process
- Malaysia Airports believes that risk management must be effective at all levels of the organisation.
- Managing risk is everyone’s responsibility. Staff must be aware and understand what are the acceptable risks within the organisation, and their roles in relation to the management of those risks.
- It shall be our policy to identify, assess and manage the key areas of risks to our organisation. In order to achieve this, we intend to integrate and embed risk management practices and risk awareness into the culture of Malaysia Airports through Enterprise Risk Management (ERM) framework.
- There shall be in place a structured Business Continuity Management for Mission Critical Activities to ensure resumption of business operations within an acceptable recovery period.
- Malaysia Airports’ risk management policy and supporting risk management procedures will form a systematic framework that will assist our ability to make sound decisions and ensure that our actions support the business objectives.
- Managing risks will be an integral part of our planning processes and the day-to-day running of the business.
- Management shall engage, empower and give ownership to all staff in the risk identification and management of risks which includes regular reviews of existing risks and the identification of new emerging risk.
- The board shall determine the company’s level of risk tolerance and actively identify, assess and monitor key business risks to safeguard shareholders’ investments and the company’s assets.
- The Board of Directors’ shall establish a sound risk management framework and internal control system. The Managing Director/Chief Executive Officer (CEO) and Chief Financial Officer (CFO) shall provide assurance to the board that the company’s risk management and internal control system is operating adequately and effectively.