- Aerospace
-
Smart City
Smart Mobility (Rail)
Smart Mobility (Road)
Urban Environment Solutions
-
- Marine
- Defence
- Public Security
- Digital Tech
-
Global
- Home
- Sustainability
- Governance
Key Risks
Key Business Risks
Product Liability & Safety
Customers expect products and services to fulfil their intended functions satisfactorily, and not pose a risk to health and safety. The Group recognises that the risks posed by unsafe or unreliable products or services not only affect us financially; they also adversely affect our reputation. We have incorporated product safety methodologies such as systems safety in our design and development process, and they look at safety during production, safety in use, and safety during maintenance, repair and overhaul. The Group actively promotes awareness and a culture of product and services safety within the organisation and among our key suppliers. In addition, we have a comprehensive insurance programme for product and service liability.
Business Disruptions
Disruptive events can have dire consequences if not appropriately managed. Such events include cyberattacks, extreme weather events, pandemics, industrial accidents and labour strikes. We recognise that quick recovery and resumption of business operations after a disruption are critical to minimise the impact and maintain the public confidence of our key stakeholders including our customers, shareholders and employees.
An inability to fulfil critical business obligations may result in significant financial losses or even cause contagion or systemic impact with broader disruptions to the entire business.
To ensure continuity of critical business operations in event of any disruption, a robust Business Continuity Management programme is in place which covered all significant operations and facilities as well as operations and facilities of key vendors or service providers. As a risk transfer mechanism, we also have insurance coverage which recovers certain quantifiable losses. Periodic tests on our business continuity plans are carried out and the key findings are reported to management.
Contract Compliance
Our main business activity relates to the management and execution of projects for defence and commercial customers. Risks relating to project management are therefore inherent in our business. These may include issues relating to project costs and schedules, as well as contractual and quality matters. The Group has a project review and quality assurance system in place to mitigate such risks. All contracts of material value require review by legal counsel. Significant legal issues and risks, including onerous terms and/or significant deviations from pre-approved standard contract terms (where applicable) are flagged for review and approval by appropriate levels of management.
Regulatory Compliance
We are subject to applicable laws and regulations of various jurisdictions. We comply with these laws and regulations to maintain our licences to operate.
The Group has in place a regulatory compliance framework that proactively identifies applicable laws and regulatory obligations, and embeds compliance into the day-to-day business processes. Significant violations are reported at the Risk and Sustainability Committee meetings, where lessons learnt are distilled and shared.
Examples of laws and regulations which the Group deems to be of material importance include those on anti-corruption, workplace safety and health, and the environment. In addition, we are subject to strict industry-related laws and regulations such as those of the aerospace and defence industries.
The Group implements quality and safety management systems to ensure strict compliance with applicable laws and regulations, including specific aviation laws and regulations. Our operations place great emphasis on trade embargoes, sanctions and export controls and have instituted formal systems and designated personnel to closely monitor changes in these laws and regulations and ensure strict compliance.
Bribery & Corruption
We have zero tolerance for fraud and corrupt practices and have a framework for combating fraud and corruption. Our senior management sets the tone and promotes an anti-fraud culture throughout the Group through a set of core values and the Code of Business Conduct and Ethics (Code). Annual training on the Code is compulsory for all employees. Contracts with intermediaries include anti-corruption undertakings and representations as well as acknowledgment of our Anti-Corruption Policy.
Cyber Risks
We are a major defence and government contractor providing cyber security-related products and services. We hold significant information assets such as proprietary technology, processes and patents. Our reputation and competitiveness rest on our ability to prevent any breach of cybersecurity defences. Such breaches could result in theft, wilful destruction and damage of information assets, and to critical information infrastructure, all leading to possible disruptions to our business and potential litigations.
The Group implements and enforces strict controls to reduce our cyber risk exposure. In addition to our IT governance framework, we have multiple layers of cybersecurity defence infrastructure to detect, prevent and alert us to possible cyberattacks. We also have active cybersecurity real-time monitoring via our Security Operations Centre, to ensure total visibility of threat levels across the organisation at any point in time.
We conduct regular cybersecurity awareness exercises to improve the situational awareness of our employees and reduce the likelihood that they become the weak link in our defences against cyberattacks. Besides regular reviews of our controls, policies, governance framework and infrastructure to ensure that they continue to be relevant to the evolving cybersecurity threat landscape, we work with internal and external auditors to regularly conduct end-to-end audits to ensure compliance as well as identify weaknesses in systems and processes.
Business Continuity Plans are in place to ensure that complete recovery of information systems and assets is possible in the event of damage or loss. We conduct periodic exercises to ensure that our plans are and continue to be relevant and serve their intended purposes.
Foreign Exchange
The Group’s foreign exchange exposures arise mainly from cash, receivables and payables that are denominated in foreign currencies. These exposures arise from the business activities of the Group and are primarily in USD and EUR currencies. These exposures are managed centrally by the Group’s Treasury department according to guidelines set in our Foreign Exchange Management Policy. As a result of the hedges taken to manage these foreign exchange exposures, the level of volatility of the Group’s earnings has been reduced. Reports of hedged and unhedged exposures for the main foreign currencies are prepared for regular reviews with the Audit Committee.
Credit
This is the risk of non-payment by the Group’s customers and other counterparties with whom the Group deals. Our Credit Control Policy governs how credit risk in the Group is managed. It comprises a framework of credit evaluations, limit and term setting, exposures monitoring against the limits and credit limit exceedances management and approval. Past-due receivables are closely monitored and followed up on.
Total Workplace Safety & Health
We are committed to ‘Safety Before Profit’. We recognise that good health and safety improve work effectiveness, employee morale and our reputation. To provide a safe working environment, we integrate safety measures into key business activities with detailed workplace safety and health policies. We also seek continuous improvements through proactive hazard and risk identification and constant monitoring of safety targets. We have initiated various programmes and activities to raise awareness and inculcate a safety culture in all employees. These include regular safety briefings and training sessions, health talks and recreational activities. We also encourage and recognise individuals and teams which develop innovative solutions to health and safety challenges.
Talent Management and Succession Planning
We are only as strong as our people. With a capable, motivated and agile workforce, we are able to strengthen our talent pipeline to pursue sustainable growth.
To stay as an employer of choice and ensure a pipeline of high performing teams, we have shaped our people and culture strategy to enhance our capability and capacity for growth, build a passionate and engaged workforce, and position us at the forefront of people practices. We realise this proposition through our practices in talent attraction and management, career development, diversity and inclusion, reward system, work-life integration and harmonious union relations.
As a Group with a global footprint, we are committed to fair employment practices worldwide and in providing a work environment that is free from discrimination or harassment of any type, where the recruitment, employment and development of people are based on qualifications, skills and competencies to do the job.
Mergers & Acquisitions
One of the avenues through which we seek to grow the Group’s businesses is the acquisition of businesses, assets, intellectual property and entry into joint ventures. Merger and Acquisition (M&A) risks include not adequately identifying or underestimating the risks and opportunities associated with the acquired business during due diligence, underestimating the scale, scope and work required for integration, inability to meet the projected financial performance, failure to realise synergies, loss of key personnel and the inability to meld different cultures.
A robust M&A framework has been put in place to manage the full spectrum of an M&A transaction, from screening to due diligence, approvals, integration and post-acquisition reviews. M&A activities are championed by the Business Areas and supported by M&A, Finance, Tax, Legal, HR, Procurement, Information Security and Information Technology teams and augmented by external professional advisers for specialised services. Risks are identified by each of the work streams for review by the approving authorities. A cross-functional integration management team develops action plans to mitigate the risks identified and tracks execution. Post-acquisition progress is reported at agreed intervals to a Steering Committee comprising Group P&CEO, Group CFO, Group Chief Strategy & Sustainability Officer, Group COOs and the relevant Business Area Heads to track performance against targets and to review lessons learnt. Risks and integration matters are reviewed and reported at the Risk and Sustainability Committee.
Product & Technology Obsolescence
Technology and innovation are the lifeblood of our organisation, just as they are also the backbone of sustainable cities. This is why we are constantly investing to enhance our role as an effective enabler of a sustainable world - using technology to address the world’s most pressing problems, thereby helping our customers deal with the impact of population growth, urbanisation, climate change and many more.
In addition, we continue to collaborate extensively, which enables us to focus on our core capabilities while benefiting from the expertise of like-minded institutions and organisations that are keen to co-create and develop solutions to solve real-world challenges.
Internally, we continue to invest in our engineering capabilities and resources. We provide different platforms that drive various innovation needs – the Engineering Design Centres for product enhancement, and Strategic Technology Centres for group-wide capabilities in areas like cybersecurity and data analytics.
Product Liability & Safety
Customers expect products and services to fulfil their intended functions satisfactorily, and not pose a risk to health and safety. The Group recognises that the risks posed by unsafe or unreliable products or services not only affect us financially; they also adversely affect our reputation. We have incorporated product safety methodologies such as systems safety in our design and development process, and they look at safety during production, safety in use, and safety during maintenance, repair and overhaul. The Group actively promotes awareness and a culture of product and services safety within the organisation and among our key suppliers. In addition, we have a comprehensive insurance programme for product and service liability.
Business Disruptions
Disruptive events can have dire consequences if not appropriately managed. Such events include cyberattacks, extreme weather events, pandemics, industrial accidents and labour strikes. We recognise that quick recovery and resumption of business operations after a disruption are critical to minimise the impact and maintain the public confidence of our key stakeholders including our customers, shareholders and employees.
An inability to fulfil critical business obligations may result in significant financial losses or even cause contagion or systemic impact with broader disruptions to the entire business.
To ensure continuity of critical business operations in event of any disruption, a robust Business Continuity Management programme is in place which covered all significant operations and facilities as well as operations and facilities of key vendors or service providers. As a risk transfer mechanism, we also have insurance coverage which recovers certain quantifiable losses. Periodic tests on our business continuity plans are carried out and the key findings are reported to management.
Contract Compliance
Our main business activity relates to the management and execution of projects for defence and commercial customers. Risks relating to project management are therefore inherent in our business. These may include issues relating to project costs and schedules, as well as contractual and quality matters. The Group has a project review and quality assurance system in place to mitigate such risks. All contracts of material value require review by legal counsel. Significant legal issues and risks, including onerous terms and/or significant deviations from pre-approved standard contract terms (where applicable) are flagged for review and approval by appropriate levels of management.
Regulatory Compliance
We are subject to applicable laws and regulations of various jurisdictions. We comply with these laws and regulations to maintain our licences to operate.
The Group has in place a regulatory compliance framework that proactively identifies applicable laws and regulatory obligations, and embeds compliance into the day-to-day business processes. Significant violations are reported at the Risk and Sustainability Committee meetings, where lessons learnt are distilled and shared.
Examples of laws and regulations which the Group deems to be of material importance include those on anti-corruption, workplace safety and health, and the environment. In addition, we are subject to strict industry-related laws and regulations such as those of the aerospace and defence industries.
The Group implements quality and safety management systems to ensure strict compliance with applicable laws and regulations, including specific aviation laws and regulations. Our operations place great emphasis on trade embargoes, sanctions and export controls and have instituted formal systems and designated personnel to closely monitor changes in these laws and regulations and ensure strict compliance.
Bribery & Corruption
We have zero tolerance for fraud and corrupt practices and have a framework for combating fraud and corruption. Our senior management sets the tone and promotes an anti-fraud culture throughout the Group through a set of core values and the Code of Business Conduct and Ethics (Code). Annual training on the Code is compulsory for all employees. Contracts with intermediaries include anti-corruption undertakings and representations as well as acknowledgment of our Anti-Corruption Policy.
Cyber Risks
We are a major defence and government contractor providing cyber security-related products and services. We hold significant information assets such as proprietary technology, processes and patents. Our reputation and competitiveness rest on our ability to prevent any breach of cybersecurity defences. Such breaches could result in theft, wilful destruction and damage of information assets, and to critical information infrastructure, all leading to possible disruptions to our business and potential litigations.
The Group implements and enforces strict controls to reduce our cyber risk exposure. In addition to our IT governance framework, we have multiple layers of cybersecurity defence infrastructure to detect, prevent and alert us to possible cyberattacks. We also have active cybersecurity real-time monitoring via our Security Operations Centre, to ensure total visibility of threat levels across the organisation at any point in time.
We conduct regular cybersecurity awareness exercises to improve the situational awareness of our employees and reduce the likelihood that they become the weak link in our defences against cyberattacks. Besides regular reviews of our controls, policies, governance framework and infrastructure to ensure that they continue to be relevant to the evolving cybersecurity threat landscape, we work with internal and external auditors to regularly conduct end-to-end audits to ensure compliance as well as identify weaknesses in systems and processes.
Business Continuity Plans are in place to ensure that complete recovery of information systems and assets is possible in the event of damage or loss. We conduct periodic exercises to ensure that our plans are and continue to be relevant and serve their intended purposes.
Foreign Exchange
The Group’s foreign exchange exposures arise mainly from cash, receivables and payables that are denominated in foreign currencies. These exposures arise from the business activities of the Group and are primarily in USD and EUR currencies. These exposures are managed centrally by the Group’s Treasury department according to guidelines set in our Foreign Exchange Management Policy. As a result of the hedges taken to manage these foreign exchange exposures, the level of volatility of the Group’s earnings has been reduced. Reports of hedged and unhedged exposures for the main foreign currencies are prepared for regular reviews with the Audit Committee.
Credit
This is the risk of non-payment by the Group’s customers and other counterparties with whom the Group deals. Our Credit Control Policy governs how credit risk in the Group is managed. It comprises a framework of credit evaluations, limit and term setting, exposures monitoring against the limits and credit limit exceedances management and approval. Past-due receivables are closely monitored and followed up on.
Total Workplace Safety & Health
We are committed to ‘Safety Before Profit’. We recognise that good health and safety improve work effectiveness, employee morale and our reputation. To provide a safe working environment, we integrate safety measures into key business activities with detailed workplace safety and health policies. We also seek continuous improvements through proactive hazard and risk identification and constant monitoring of safety targets. We have initiated various programmes and activities to raise awareness and inculcate a safety culture in all employees. These include regular safety briefings and training sessions, health talks and recreational activities. We also encourage and recognise individuals and teams which develop innovative solutions to health and safety challenges.
Talent Management and Succession Planning
We are only as strong as our people. With a capable, motivated and agile workforce, we are able to strengthen our talent pipeline to pursue sustainable growth.
To stay as an employer of choice and ensure a pipeline of high performing teams, we have shaped our people and culture strategy to enhance our capability and capacity for growth, build a passionate and engaged workforce, and position us at the forefront of people practices. We realise this proposition through our practices in talent attraction and management, career development, diversity and inclusion, reward system, work-life integration and harmonious union relations.
As a Group with a global footprint, we are committed to fair employment practices worldwide and in providing a work environment that is free from discrimination or harassment of any type, where the recruitment, employment and development of people are based on qualifications, skills and competencies to do the job.
Mergers & Acquisitions
One of the avenues through which we seek to grow the Group’s businesses is the acquisition of businesses, assets, intellectual property and entry into joint ventures. Merger and Acquisition (M&A) risks include not adequately identifying or underestimating the risks and opportunities associated with the acquired business during due diligence, underestimating the scale, scope and work required for integration, inability to meet the projected financial performance, failure to realise synergies, loss of key personnel and the inability to meld different cultures.
A robust M&A framework has been put in place to manage the full spectrum of an M&A transaction, from screening to due diligence, approvals, integration and post-acquisition reviews. M&A activities are championed by the Business Areas and supported by M&A, Finance, Tax, Legal, HR, Procurement, Information Security and Information Technology teams and augmented by external professional advisers for specialised services. Risks are identified by each of the work streams for review by the approving authorities. A cross-functional integration management team develops action plans to mitigate the risks identified and tracks execution. Post-acquisition progress is reported at agreed intervals to a Steering Committee comprising Group P&CEO, Group CFO, Group Chief Strategy & Sustainability Officer, Group COOs and the relevant Business Area Heads to track performance against targets and to review lessons learnt. Risks and integration matters are reviewed and reported at the Risk and Sustainability Committee.
Product & Technology Obsolescence
Technology and innovation are the lifeblood of our organisation, just as they are also the backbone of sustainable cities. This is why we are constantly investing to enhance our role as an effective enabler of a sustainable world - using technology to address the world’s most pressing problems, thereby helping our customers deal with the impact of population growth, urbanisation, climate change and many more.
In addition, we continue to collaborate extensively, which enables us to focus on our core capabilities while benefiting from the expertise of like-minded institutions and organisations that are keen to co-create and develop solutions to solve real-world challenges.
Internally, we continue to invest in our engineering capabilities and resources. We provide different platforms that drive various innovation needs – the Engineering Design Centres for product enhancement, and Strategic Technology Centres for group-wide capabilities in areas like cybersecurity and data analytics.