Risk Management


AOT is committed to managing risks as an issue that must be integrated in a concrete manner throughout the organization in compliance with international best practices. As a result, the organization can achieve its specified objectives, strengthen business stability, and create maximum benefits to the stakeholders.


AOT has established the Risk Management Policy, Corporate Governance Integration Policy, Risk Management and Supervision of AOT's operations, AOT's Business Continuity Management Policy, and Internal Control Policy for relevant executives and employees at all levels to follow by considering the consistency of AOT's Corporate Plan (Fiscal Years 2017-2022 Revised Version), Action Plan and Project Management, including laws, rules, regulations and policies related to AOT's operations. Furthermore, AOT prepared the Risk Management Manual to be used as a comprehensive internal practice guideline as well.

See more details

Management System

AOT recognizes the necessity and importance of risk management. Therefore, the risk management system has been developed for all levels of work covering the entire organization or the Enterprise Risk Management, as follows:

AOT's Risk Management Structure

AOT's Risk Management Structure

AOT's risk management structure consists of the Risk Management Committee, which is appointed by the AOT Board of Directors is responsible for setting the policy, guidelines and risk management framework and appetite risk. The AOT Risk Management Working Group comprising the President as the head of the working group and the executives of each line, group, office and airport as working team, is responsible for applying the policy guidelines and risk management framework to be implemented through risk management mechanisms in each line, group, office, and airport. It consists of the Risk Management and Internal Control Working Group of the lines, groups, offices and airports and the Internal Control and Risk Management Working Group of AOT's departments which are responsible for identifying and assessing risk as well as setting guidelines for risk management and regularly reporting risk management results to Risk Management Working Group and Risk Management Committee. The Risk Management Department and the Risk Agent of each airport are responsible for directing and giving advice to create integration in AOT's risk management. In addition, AOT's risk management and internal control systems have been regularly assessed by the Office of Audit for sufficiency and effectiveness in order to ensure that AOT's risk management and internal control systems are in accordance with good practice of international standards, conciseness, appropriateness, efficiency and effectiveness.

AOT's Risk Management Framework

AOT stipulates integrated risk management in accordance with the guidelines of COSO - ERM 2017 and in line with the Ministry of Finance’s Best Practice for Risk Management Standards for the Public Sector B.E. 2562 (2019), including the practice guidelines of the Office of the Securities and Exchange Commission (SEC), which consists of 5 components:

  1. Governance and Culture
  2. Strategy and Objective Setting
  3. Performance
  4. Review and Revision
  5. Information Communication and Reporting
COSO 2017 ERM Framework

COSO 2017 ERM Framework

AOT's Risk Management Process

AOT has set a risk management process systematically in order to collect and analyze scenarios of changes, or uncertainties both internal and external that may occur and affect AOT's operations. The aforementioned process is implemented annually, twice a year, before starting period of the fiscal year and reviewed in the mid-fiscal year. AOT's risk management process consists of important processes as follows:

1. Environmental Risk Analysis:

It leads to the formulation of strategies or risk management plans to reduce the likelihood or impact of risks that may occur in the future by setting the Risk Management and Internal Control Working Group at the levels of line, group, office, and airport level in order to analyze data on changes in 8 key areas as follows:




Business Models




Digital Transformation




Cyber Security and Privacy


Population Change and Passenger Behavior



2. Preparation of Risk Management Plan

AOT stipulates to prepare the risk management plan at the levels of line / groups/ airport to reasonably ensure of achieving the set goal. The details of the important steps are as follows:

Preparation of Risk Management Plan

3. The Risk Management Process

The Risk Management and the Control Working Group of each group and airport are responsible for monitoring and reporting the risk performance to the Risk Management Working Group of AOT and the Risk Management Committee on a regular basis to review the effectiveness of risk management. In addition, AOT has also provided channels to assess the level of risk awareness and get opinions to develop a risk management system through questionnaires in both document and online form. Every suggestion received will be considered in order to continually improve AOT's risk management.

Risk Management Guidelines and Business Continuity Management Standards of AOT

AOT's risk management system is consistent with the guidelines of the Committee of Sponsoring Organizations of the Treadway Commission - Enterprise Risk Management Integrating with Strategy and Performance: COSO - ERM 2017 and the Business Continuity Management Framework in accordance with International Organization for Standardization: ISO 22301: 2019 (Security and Resilience - Business Continuity Management Systems - Requirements). AOT aims to use the risk management process as a part of AOT's corporate plan preparation and important project management in order to manage risks and disasters that may occur and affect AOT's business operations in a timely and continuous manner. In addition, it also supports AOT to be able to achieve the set objectives and targets.


See more details

AOT's Risk

According to the 2021 risk assessment process, AOT risks can be divided into the following 12 categories:

Strategic Risk

refers to the risks associated with the formulation of strategic plans, action plan and improper implementation of such plans. In addition, it also includes changes from external and internal factors which affect the formulation of strategies or operation to achieve the main objectives, goals, and operational guidelines of AOT.

Operational Risk

means the risk associated with the operations of each process or activities within AOT, including risks related to information management in information technology and various knowledge information in order to achieve the specified goals. It will affect the efficiency of AOT's work processes and affect the achievement of AOT's main objectives.

Financial Risk

refers to the risks associated with financial management which may be arising from internal factors such as liquidity management and investment, or from external factors, such as changes in interest rates and exchange rates, which affect the existence or the efficiency of AOT's work processes. This also includes resulting in damage to AOT.

Compliance Risk

means the risk associated with compliance to rules, orders, regulations of regulatory agencies such as the Stock Exchange of Thailand, Civil Aviation Authority of Thailand, etc., including various legal risks relating to AOT's business operations. It will affect the reputation and the image of AOT.

Human Capital Risk

is the gap between the corporate goals and the operational skills of employees that may affect the organization's ability to achieve goals, which may be caused by intentional or unintentional act of the employees, for example, the work efficiency may not be in accordance with the specified requirements, etc.

Safety Risk

is the risk that may occur from humans or processes by mistake until causing injury to persons or damage to property.

Security Risk

is an act of unlawful interference or intentional violation of the practice which can lead to personal harm, property damage or long-term interruption of service and reputation damage.

Hazard and Environmental Risk

is the risk arising from various hazards or natural disasters that may affect operations such as floods, pandemics, including terrorist threats, etc.

Fraud Risk

refers to the risk arising from intentional actions to exploit unlawful benefits for oneself or others, such as family members (relatives), etc.

Information Technology Risk (IT Risk)

means the risk arising from the potential event and cause damage to AOT's information assets, such as data damage caused by virus, damage of the host computer system, unauthorized access to significant data, etc.

Reputation Risk

refers to the risk arising from a potential event that has an opportunity to occur and cause a negative image of AOT, resulting in being criticized in the society and may lead to the loss of its reputation.


Emerging Risk

is the risk that emerges a loss arising from risks that have not yet occurred at present but may arise in the future, due to changing environment. This type of risk is a slow-occurring risk that is difficult to identify, have frequency of low occurrence, but will cause a serious impact once happening. This re-emergence of the risk is often identified by projections based on available evidence-based studies; this new risk is often the result of changes in the political, legal, social, technological, physical environment or natural changes. Sometimes, the effects of this type of risk may not be identifiable at the present. For example, problems that occur from Nanotechnology or climate change, etc.

Emerging Risks in 2021

1. Changes in Consumer Behavior: New Normal Travel after COVID-19

Business Impact

Passengers’ concern on the spread of Covid-19 greatly affected the recovery of the aviation industry in terms of revenue and economic growth. Additionally, passengers have been expecting towards the preventive measures of Covid-19 and services that accommodate New Normal lifestyle that could reflect the level of airport users’ satisfaction.

Management Approaches

  • Provide screening measures for arrival and departing passengers at the airport.
  • Mandatory mask-wearing at all time and implementation of social distancing measurements.
  • Implementation of “Touchless Airport” and encourage the use of digital payment.
  • Cleaning operational areas in the airports.
  • Service providers at the airport are fully vaccinated.
  • Encourage advance reservation of accommodation and restaurants to avoid congestion.

2. Adaptability

Business Impact

The current outbreak of Covid-19 affects the aviation industry. Organizations that may not adapt themselves to the changing situations and remain their competitive adventages may be at risk of losing revenue, market opportunities as well as unable to accommodate customers’ demands and unlikely to meet stakeholders’ expectations.

Management Approaches

  • Encourage the innovation culture within the organization and be open to new innovative ideas from both internal and external sources.
  • Increase non-aeronautical revenues to reduce the aeronautical revenue risk that decreased.
  • Create business diversification into logistic services such as establishing the agricultural pre-shipment inspection center and providing fast-track for perishable goods.
  • Generate commercial revenue through “SAWASDEE by AOT” application.

Promoting a Risk Culture

AOT has implemented a process to create an atmosphere and culture that supports risk management. The meeting of AOT's Risk Management Working Group and Risk Management Committee is scheduled every month as a platform to review risk situations that will help everyone to understand the relationship and impact of risk before making any decisions. This also includes stimulating the awareness of risks in the organization. The examples for risk management culture promotion activities are AOT e-Learning Platform, a joint meeting with Airports and Aviation Standards Group as well as risk awareness surveys.

AOT e-Learning Platform

is an online platform for learning risk management where AOT employees can access at all times to enhance further knowledge on risks or review some content of risk management. AOT e-Learning Platform is considered as another aspect of AOT's adaptation to the COVID-19 pandemic situation resulting to AOT’s inability to provide Face-to-Face training as in the past. In 2020, until now, AOT e-Learning Platform has a high rate of usage due to a convenient access to various knowledge about risk management.

Joint Meeting with Airports and Aviation Standards Group

Due to the dynamic type of business risk, which is constantly changing. AOT, therefore, conducts the review of risk assessment criteria annually. AOT organized the risk management meeting to discuss amongst the Airports and Aviation Standards Group, Risk Management Department, and the Risk Agents of all 6 airports. In addition to the business risk review of AOT, this meeting is also used as a preparation platform for the audit from the Civil Aviation Authority of Thailand (CAAT) upon a request for Public Aerodrome Operating Certification for all AOT 6 airports (Re-Certification).

Risk Awareness Survey

AOT conducts an annual risk awareness survey of AOT employees, aiming to assess the perceived efficiency of risk management information through internal and external media channels. In addition, the survey results will be used for developing communication channels which create awareness of risk management in an effective manner.

       The results of the survey in 2021 revealed that AOT's level of understanding and ability to implement risk management was at a very high level, which is 3.45 and 3.57, respectively, from a full score of 5. It was higher than those of the previous year's survey by 3.28 and 3.31, respectively. Most opinions of AOT employees still believed that risk management can help reduce losses that will occur to the organization. It is also an important tool in managing the organization to achieve its objectives and goals as well as reducing operational loss of various projects and activities consecutively. However In order to develop risk management, AOT has set up an annual risk management awareness survey. In 2022, it is scheduled to be conducted from March – April 2022

Last Updated: June, 27 2022