Page 125 - KWAP_AR2022
P. 125

FoR betteR GoveRnAnce  Annual Report 2022  123









          OPERATIONAL RISK MANAGEMENT                       Proactive measures that were taken to address the reported
                                                            OREs are among others as follows:
          Operational risk is the potential loss resulting from
          inadequate or failed internal process, people, systems   •   The team facilitated discussions with other parties to
          or from external events.  It includes but  not limited  to   mitigate the risk and avoid recurrence of incident;
          fraud, physical damage, business disruption, transaction
          failures, legal and regulatory breaches as well as   •   The team and the first line of defence performed root
          employee health and safety hazards. It also includes   cause analysis and validation on the key process on
          reputational risk associated with KWAP’s business    the risk events to enhance risk controls and to ensure
          operations or conduct.                               clearly defined roles and responsibilities of parties
                                                               involved;
          In order to accommodate to the complex operations in
          today’s  business,  KWAP  utilises  Operational  Risk  Event   •   The team presented the OREs reported at EXCO, RCC
          (ORE) reporting to effectively respond and manage    and BRCC meetings to ensure all issues were properly
          operational losses arising from the actual events. If   addressed; and
          implemented effectively, the positive outcomes of ORE will   •   The  team  tracked  and  monitored  outstanding  OREs
          not only produce better responses to risk events but also   with respective parties to ensure mitigation actions are
          better management of risks.                          in place to minimise recurrence of the incident.
          In 2022, there were no risk events with damaging impact   FRAUD RISK MANAGEMENT PROGRAMME
          on KWAP’s operation as most of OREs were successfully
          rectified  in a timely manner. The reported OREs were   Fraud Risk Management Programme was developed to
          mainly under the following categories of risk events:  demonstrate the expectations of the Board and Senior
                                                            Management; and their commitment to high integrity and
                                                            ethical values regarding managing fraud and corruption
            i   External Fraud;                             risk effectively.

                                                            The Fraud Risk Management Programme for KWAP
                                                            comprises of policy and guidelines, training and
           ii   Business disruption and system failures; and
                                                            awareness and departmental fraud risk assessment.
                                                            Pursuant to the establishment of Integrity and Governance
                                                            Office (IGO) in 2019, Corruption Risk Management (CRM)
           iii  Execution, delivery and process management.   is embedded into the risk management framework. As
                                                            a  result,  RMCD  and  IGO  have  collaboratively  pursued
                                                            the thematic risk assessment for all departments and
                                                            subsidiaries in KWAP.
   120   121   122   123   124   125   126   127   128   129   130