british american tobacco malaysia - Corporate Risk Management

An effective risk management framework is essential in managing the diverse risks faced by the Group. British American Tobacco Malaysia’s Board of Directors has, through the Audit Committee, established a Risk Management Team to proactively manage the risks of the Group.

The business risks of the Group are affected by a number of factors, not all of which are within the Group’s control. The externally driven challenges, together with general business risk exposures such as corporate reputation, security, environment, health and safety issues, product quality and information technology are constantly reviewed as part of the Group’s Enterprise Risk Management programme.

The Group adopts a proactive Enterprise Risk Management programme with the following objectives:

  • Ensuring the continuity of its supply to consumers at all times
  • Protecting its assets and reputation
  • Preserving the safety and health of its employees
  • Ensuring that the Group’s operations do not impact negatively on its neighbours and the environment
  • Protecting the interests of all other stakeholders
  • Ensuring compliance with the Malaysian Code of Corporate Governance, British American Tobacco p.l.c. guidelines and all applicable laws
  • Promoting an effective risk awareness culture where risk management is an integral aspect of the Group’s management systems

The Risk Management Team, headed by the Finance Director and comprising senior managers from all functions of the Group is entrusted to drive the Enterprise Risk Management programme.  The team’s responsibilities are to:

  • Steer the Group's enterprise risk management programme
  • Promote a pro-active risk awareness culture in the Group
  • Conduct an annual review of the business risks
  • Coordinate the development of risk mitigation action plans
  • Develop and update business continuity plans for key business risks
  • Plan and coordinate the testing of business continuity plans
  • Organise training and education for employees on risk management
  • Monitor the results of key performance indicators
  • Ensure good corporate governance

Risk Management is firmly embedded in the Group’s management system and is every employee’s responsibility.

The Group’s Enterprise Risk Management process comprises five phases, namely:

In the risk identification process, all potential events that could adversely impact the achievement of business objectives, including failure to capitalise on opportunities are identified. Risks can be identified by the relevant Leadership team, Risk Management Team or any senior management involved in managing the risk. As part of the risk identification stage, consideration would be given to the following:

  • Business Strategy / Objective;
  • Risk
  • Cause of Risk
  • Consequence and Impact
  • Time Frame of Risk

The identified business risks are then evaluated based on the matrix below to determine its impact on the relevant business strategy / objective and whether the risk is likely to occur:

  • LIKELIHOOD of the risk crystallising
  • IMPACT of the consequence
  • Degree of internal control and risk management measures in place.

The assessment is done using two scales, both from 1 to 3, the combination of which provides the total risk rating from 1 to 9. This step will assist in determining the significance of the risk to the organisation and is mapped to the risk heat map.

The outcome of the risk identification and evaluation process is a risk register which documents all identified business risks, their risk levels as well as action plans to manage these business risks. Risk owners are identified during this process who has the overall responsibility for identifying, assessing and evaluating the risk, agreeing the current and future action plans to manage the risk; and monitoring the progress of the agreed further activities. The Risk Owner is a senior manager and part of the relevant functional leadership team.

This categorisation of business risks enables the Group to allocate its resources more effectively to deal with the different levels of business risks. A combination of risk management measures are then selected to manage these business risks:

Ongoing risk monitoring is conducted to review the effectiveness of risk mitigation measures put in place for all identified business risks and corrective actions taken where necessary. 

The Group’s Enterprise Risk Management programme is subjected to periodic reviews to ensure that the policy and objectives of the programme remain applicable and effective under changing market and regulatory environment.  These are complemented by internal control practices such as the statement of compliance with the Malaysian Code of Corporate Governance and the key control checklist of the Company’s holding company, British American Tobacco p.l.c.

Crisis Management

In addition to the Risk Management, the Group also operates a Crisis Management process to provide leadership and timely decision making in the event of a crisis.  This is led by the Crisis Management Team and assisted by the Crisis Response Team, which is entrusted to respond immediately to the crisis as well as the Communications Team, which coordinates the communication strategy with key stakeholders.

The roles of each of the team is as follows:

There are 13 business continuity plans in place for the Group to manage the various potential crisis which could impact the Group as follows:

- Manufacturing contingency sourcing plan
- Factory site recovery plan
- Wrapping material supply plan
- Leaf supply plan
- Product recall
- Product boycott
- Emergency evacuation plan
- Bomb Threat
- IT Disaster Recovery Plan
- Administrative office recovery plan
- Industrial relations
- Distribution centre disaster recovery plan
- Mass outbreak of infection disease

These plans are reviewed and updated for content by the owners of the plan on an annual basis. In addition, a desktop review / simulation is conducted by the plan owners with the support of the crisis response team members periodically based on the testing schedule.

Page last updated: 17/09/2014 12:20:42 GMT
Skip General Navigation Set 2

General Navigation Set 2

British American Tobacco (Malaysia) Berhad (4372-M)