Risk Management
Risk management continues to play an important part in the Company’s business activities and is an essential component of its planning process. The Board has overall responsibility to ensure that the Company has the capability and necessary framework to manage risks in new and existing businesses and that business plans and strategies accord with the risks appetite that the Company undertakes to achieve its corporate objectives. To assist the Board in its risk management oversight, the Audit & Risk Committee (ARC) has been authorised by the Board to provide oversight and review on matters relating to the risk management policies and systems of the Company.

The ARC’s risk management function is assisted by a Risk Management Committee (RMC), whose members comprise Senior Management and the Heads of Divisions, Business Units and Corporate Functions. The RMC is responsible for ensuring the effectiveness of the risk management framework of the Company, the objective of which is to provide an enterprise-wide view of the risks involved in property investment, development and management activities and a systematic risk assessment methodology for the identification, assessment, management and reporting of such risks on a consistent and reliable basis. The RMC is mandated to focus on key strategic risks whilst also ensuring that the business units are responsible for the day-to-day tracking, monitoring and control of risks within their operations.

Since April 2013, a Senior Manager, Enterprise Risk Management has been appointed to provide the RMC with the quarterly status of the key strategic risk exposures and the Senior Management with a timely assessment of key risk exposures and any new emerging risks that may require assessment. The RMC reports quarterly to the ARC on the overall strategic and operational risks positions, including mitigating measures, treatment plans and the occurrence or potential occurrence of significant risk events.

The RMC had, since 2002, established a formal risk management framework. Within this framework, strategic business risks are identified, assessed, evaluated, monitored, managed, and reported on a regular basis. The risk governance structure of the Company is regularly reviewed against international standards and best practices in risk management. The Company recognises that the risk management process is an on-going process and aims under its risk governance structure to continue to look for ways to improve in the following areas:

  • increase monitoring and control capabilities in its review of significant strategic business risks;
  • review the effectiveness of the systems of internal controls to limit, mitigate, manage and monitor identified risks;
  • ensure that the operating systems deliver adequate and timely information required for effective risk management;
  • build on and integrate into its existing governance and management systems the appropriate tools for effective management of strategic business risks which are reflective of changes in markets, products and emerging best practices, and
  • embed risk management process into our culture and all our business operations

The Company’s risk management framework has categorised its risks into the following main risk types:

The risk management framework is integrated into the management processes at operational levels, with the respective management at divisional and departmental levels being responsible for identifying, assessing, mitigating and managing the operational risks within each of their functional areas. The implementation and use of a system of internal controls, and operating, reporting and monitoring processes and procedures (including processes involving due diligence and collation of market intelligence and feedback), supported by information technology systems and constant development of human resource skills through recruitment and training, are important elements of the risk management framework, to mitigate risks relating to product and service quality assurance management, costs control management, design and product innovation, market intelligence, marketing/sales and leasing management, financial control management and regulatory compliances in the Company’s operations. In 2013, the Company had also been progressively implementing a Control Self-Assessment (CSA) programme to infuse a greater sense of ownership and accountability in managing risks in the operating divisions. This programme will augment independent audits by the Internal Audit team and will add assurance to our Senior Management and the Board that operational risks are being effectively and adequately managed and controlled.

The maintenance of adequate insurance coverage for the Company’s assets, and the protection of and continued investment in the security and integrity of its information technology systems and database which are highly integrated with its business processes, are also part of the Company’s control processes for the protection of its assets. The Company also maintains close working relationship with its business partners and relevant authorities to keep abreast of political developments and changes in the regulatory framework and business environment.

Risk evaluation forms an integral aspect of the Company’s investment strategy. Balancing risk and return across asset types and geographic regions are primary considerations to achieve continued corporate profitability and portfolio growth. This risk assessment includes macro and project specific risks analysis encompassing rigorous due diligence, feasibility studies and sensitivity analysis on key investment assumptions and variables. Each investment proposal is objectively evaluated to fit the corporate strategy and investment objective. Potential business synergies including collaboration risks assessments are identified early to ensure business partnership objectives and visions are well-aligned and collaboration partners are like-minded and compatible.

The Group is exposed to financial risks arising from its operations and the use of financial instruments. The key financial risks include credit risks, liquidity risks and market risks, including interest rate risks and foreign currency risks.

The Group has a system of controls in place to create an acceptable balance between the cost of risks occurring and the cost of managing the risks. The management continually monitors the Group’s risk management process to ensure that an appropriate balance between risk and control is achieved. Risk management policies and systems are reviewed regularly to reflect changes in market conditions and the Group’s activities.

It is, and has been throughout the current and previous financial year, the Group’s policy that no derivatives shall be undertaken for speculative purposes except for the use as hedging instruments where appropriate and cost efficient.

Credit Risk – The Group has a credit policy in place and the exposure to credit risk is monitored on an on-going basis. Credit evaluations are performed on all customers requiring credit over a certain amount. The Group does not require collateral in respect of these financial assets.

Transactions involving financial instruments are entered into only with counterparties that are of acceptable credit quality. Cash and fixed deposits are placed with banks and financial institutions which are regulated.

Liquidity Risk – The Group monitors its liquidity risk and maintains a level of cash and cash equivalents, and credit facilities deemed adequate by management to finance the Group’s operations and to mitigate the effects of fluctuations in cash flows.

Interest Rate Risk – The Group’s exposure to market risk changes in interest rates relates primarily to its interest-bearing financial assets and debt obligations. The Group adopts a policy of managing its interest rate exposure by maintaining a debt portfolio with both fixed and floating rates of interest. Where appropriate, the Group uses interest rate derivatives to hedge its interest rate exposure for specific underlying debt obligations.

Foreign Currency Risk – The Group is exposed to foreign currency risks on sales, purchases and borrowings that are denominated in a currency other than the respective functional currency of the Group’s entities.

The Group manages its foreign exchange exposure by a policy of matching receipts and payments, and asset purchases and borrowings in each individual currency. Forward foreign exchange contracts are used purely as a hedging tool, where an active market for the relevant currencies exists, to minimise the Group’s exposure to movements in exchange rates on firm commitments and specific transactions.

Wherever necessary, the Group finances its property, plant and equipment purchases by using the relevant local currency cash resources and arranging for bank facilities denominated in the same currency. This enables the Group to limit translation exposure to its balance sheet arising from consolidation of the Group’s overseas net assets.

The Company recognises human resource as an important contributing factor towards the stable growth of the Company, and accordingly efforts are taken to enhance the processes for recruitment, compensation, training and development of employees. Identification of core competencies is critical in the employee selection and development processes, and the implementation of performance assessment and management programmes, coupled with career development and training programmes, are part of the Company’s human resource strategy to improve work performance, maximise competencies, increase staff commitment and retention, and develop further an effective succession planning programme within the organisation.

The management also supports work-life harmony programmes and family-friendly policies as part of its efforts to help employees achieve a balanced life between work and family and at the same time create a quality workplace.

Operating in an environment with potential threats of terrorism, epidemic outbreaks and information systems failure, the management has put in place a company-wide Business Continuity Plan (BCP) to mitigate the risks of interruption and catastrophic loss to its operations and information database arising from such potential threats.

The RMC is responsible for overseeing the maintenance of the BCP. Procedures and processes of the BCP include identification of alternate recovery centres, operational procedures to enable communication, continuity of critical business functions and recovery of database in the event of a crisis incident. Periodic incident management drills are conducted to familiarise employees with the emergency response and crisis management plans of the Company. The plans to carry out periodic tests on BCP, results of the tests, as well as recommendations and corrective actions are reviewed by the RMC annually and reported to the ARC. Further enhancement during the year included the alignment of corporate BCP to various operating departments’ environmental emergency procedures. Action plans have been put in place to ensure newly established business units are equipped with the respective BCPs to meet their needs.

The Company has maintained an uncompromising stand on information availability, control and governance, as well as data security. Over the years, we have adopted a multi-pronged approach to effectively manage our information risks. Up-to-date information security policies are implemented and enforced company-wide. High availability and resilience are built into all critical information systems. Our enterprise IT systems and infrastructures are constantly monitored to proactively identify and mitigate risks. IT disaster recovery exercises are carried out regularly to ensure uptime business recovery objectives are met. Since 2013, an IT Risk Framework has also been established to formalise risk governance, approach and assessment of IT related risks and will be implemented progressively across the Company. At the staff level, information security materials are put in place to educate employees of the prevailing risks when handling corporate data. Finally, to ensure effective IT risk management, external security consultants are engaged annually to review and enhance our IT risk posture.

As a developer with extensive operations, strategic and concerted efforts have been put in to mitigate the impact of our operations on the environment and to reduce the workplace safety and health risks. The Company’s EHS Policy (established in 2003) sets the strategic direction for all departments, employees and stakeholders to take practical effort to ensure effective EHS management in its operations.

To manage its EHS risks, the Company has since 2003 integrated an EHS Management System within its operations, certified to the ISO 14001 Environmental Management System and OHSAS 18001 Occupational Health and Safety Management System, and audited on an annual basis.

Through this system, the Company identifies its key EHS hazards, determining the risk level based on a quantitative risk assessment technique consisting of the likelihood of the occurrence and severity of the impact. Control measures are promptly applied to mitigate all significant EHS risks. This involves setting objectives and targets, establishing programmes and/or putting in place work procedures and work instructions.

The guiding principle in EHS risk management is to follow the hierarchy of control, starting with elimination, and then moving to substitution, isolation, use of engineering control, use of administrative control and last of all, use of personal protective equipment.

The Company’s EHS targets and performance are measured and monitored by the Management Representatives and audited annually by internal and external auditors. Irregularities and possible deviations are identified for prompt rectification and continual improvement.

The risk management activity of M&C, the Group’s hotel arm, is directed by its Executive Management Committee, led by its Chief Executive Officer, and is facilitated by the Head of Risk and Internal Audit. The Chief Executive Officer and members of the Executive Management Committee undertake regular reviews of (i) the risk registers, compiled and updated to map the nature of the risks relative to their likelihood of occurrence and severity and associated trends, and (ii) the progress of the risk treatment plans devised to eliminate, minimise or transfer risks. The board of M&C has overall responsibility for the risk management process of the M&C group and for ensuring that its risks are managed appropriately and, either directly or through the audit committee of M&C reviews the effectiveness of the M&C group’s risk management processes and other internal controls. Information on M&C’s principal risks can be found in its annual report for FY 2013.

On the EHS front, M&C’s UK region has published and launched policies and procedures accredited to the British Standards Institute for its Occupational Health and Safety Management System, compliant with OHSAS 18001. Management of M&C’s European region is currently in the process of rolling out across the remaining UK hotels the system which is designed to ensure robust and comprehensive risk assessment and recognition across the business. These efforts have been supported by new software and management systems, specific to health and safety, resulting in tighter control of statutory/mandatory inspections and audit trails.

Whilst M&C continually assesses its environment impact and actively seeks ways to reduce it through improvements in its hotels’ operating infrastructure and by modifying work practices, the hotel management also works with its suppliers to minimise the environment impact of their activities. Environmental performance is also being integrated into the operational objectives of the hotel staff. The M&C group monitors the carbon footprint for all of its owned and managed properties, and the board of M&C has set a target for the group’s energy consumption.


Copyright © 2014 City Developments Limited. All rights reserved.