AOT aims to manage risks by considering it a crucial factor that needs to be integrally carried out across the organization in accordance with international best practices to allow the company to achieve the specified objectives, create added value, strengthen business operations and serve the utmost benefit of stakeholders.
AOT has established the risk management policy that executives and employees at all levels must adhere to. The policy is drawn up in compliance with AOT's corporate plan (fiscal years 2017-2021), the action plan and project management, laws, rules, regulations and policies related to AOT's operations. AOT has also produced a risk management manual to provide comprehensive guidelines to staff.
AOT's risk management structure consists of the Risk Management Committee and the Risk Management Working Group at the organizational and airport levels. They are responsible for overseeing and managing risks effectively by establishing risk management plans at the organizational and airport levels, tracking performance systematically and continuously in line with international standards and best practices under the integrated risk management framework of The Committee of Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management (COSO-ERM), and the Risk Management and Internal Control Manual issued by the State Enterprise Policy Office (SEPO).
AOT's Risk Management Structure
The risk management structure of AOT consists of the Risk Management Committee responsible for determining policies, guidelines and framework for risk management and acceptable risk levels. The Risk Management Department, along with risk agents in each line of work from every airport, is mandated to support the risk management activities, collecting risk information and risk management guidelines from the Risk Management and Internal Control Working Group for use in analyzing and preparing risk reports and updating the progress of the risk management plan.
The risk reports are to be reviewed by the risk management working group which will determine whether additional risk management plans are required before submitting them to the Risk Management Committee on a regular basis.
Moreover, the Risk Management Department will coordinate or transfer the risk information and internal control to the Office of Audit to show transparency and reliability of the process.
AOT's Risk Management Framework
AOT requires that risk management follows three main steps as follows:
ทอท.กำหนดหัวข้อในการวิเคราะห์สภาพแวดล้อมออกเป็น 8 กลุ่ม ดังนี้
- Risk analysis
AOT defines guidelines for risk analysis in association with the Strategic Objectives in three levels.
- AOT's risk management process
The risk management process consists of five steps.
The risk management review process
AOT conducts a Risk & Control Self-Assessment (RCSA) at the organizational level by every department every year with the operational results being monitored every quarter to ensure that the important procedures of AOT has been appropriately audited and controlled.
AOT also requires an annual risk review by the Risk Management Committee which will give advice on the prevention and mitigation of risks. All employees are able to make comments for improving the efficiency of the risk management process through the Risk Management, Internal Control and Business Continuity Management Network (R.I.B. Network), and the annual employee engagement assessment. Every suggestion will be considered to continuously improve AOT's risk management.
AOT's risk management system standard
Risk management system of AOT has been certified the international standards of the ISO 22301: 2012 Business Continuity Management of Airport Service and TISI 22301-2013 which are adopted at all airports and the head office.
For more details
ISO 22301:2012 Business Continuity Management of Airport Service และ มอก. 22301 – 2556 EN
AOT's risk factors
Risk factors of AOT can be divided into four types as follows
The issues under the risk factors are reviewed and disclosed in the annual report annually.
AOT's emerging risks
Promoting Risk Avoidance Culture
AOT continuously supports the risk avoidance culture within the organization by creating motivation at the executive level through the identification of risk assessment indicators and the Control Self-Assessment (CSA) at the managerial level. AOT advocates the inclusion of risk avoidance performance in the staff assessment process as well as providing regular internal communication and training which is disclosed in the Sustainable Development Report annually.
The Risk Management, Internal Control and Business Continuity Management (R.I.B. Network)
The R.I.B. Network is a project dedicated to promoting a culture of risk avoidance at AOT. It is organized regularly to create awareness among personnel at all levels of the risk management process which is in accordance with the risk management policy, increasing work skills through the cultivation of awareness behavior in risk management such as identifying risk factors, controlling risks, follow-up and progress reporting, and promoting transparency in the operation.
In addition, the project aims to dissolve the behavior of personnel which will lead to an open mind and a positive attitude towards risk management, providing opportunities for employees from various fields to build relationships through the exchange of information to drive future business continuity management tasks.