Risk Management

Importance

AOT is committed to managing risks as an issue that must be integrated in a concrete manner throughout the organization in compliance with international best practices. As a result, the organization can achieve its specified objectives, strengthen business stability, and create maximum benefits to the stakeholders.

Policy

AOT has established the Risk Management Policy, Corporate Governance Integration Policy, Risk Management and Supervision of AOT's operations, AOT's Business Continuity Management Policy, and Internal Control Policy for relevant executives and employees at all levels to follow by considering the consistency of AOT's Corporate Plan (Fiscal Years 2017-2022 Revised Version), Action Plan and Project Management, including laws, rules, regulations and policies related to AOT's operations. Furthermore, AOT prepared the Risk Management Manual to be used as a comprehensive internal practice guideline as well.

See more details

Risk Management Policy

Business Continuity Management Policy

Internal Control Policy

Charter of the Risk Management Committee

Policy on Integration of Corporate Governance, Risk Management and Operational Supervision

Management System

AOT recognizes the necessity and importance of risk management. Therefore, the risk management system has been developed for all levels of work covering the entire organization or the Enterprise Risk Management, as follows:

AOT's Risk Management Structure

AOT's Risk Management Structure

AOT's risk management structure consists of the Risk Management Committee, which is appointed by the AOT Board of Directors is responsible for setting the policy, guidelines and risk management framework and appetite risk. The AOT Risk Management Working Group comprising the President as the head of the working group and the executives of each line, group, office and airport as working team, is responsible for applying the policy guidelines and risk management framework to be implemented through risk management mechanisms in each line, group, office, and airport. It consists of the Risk Management and Internal Control Working Group of the lines, groups, offices and airports and the Internal Control and Risk Management Working Group of AOT's departments which are responsible for identifying and assessing risk as well as setting guidelines for risk management and regularly reporting risk management results to Risk Management Working Group and Risk Management Committee. The Risk Management Department and the Risk Agent of each airport are responsible for directing and giving advice to create integration in AOT's risk management. In addition, AOT's risk management and internal control systems have been regularly assessed by the Office of Audit for sufficiency and effectiveness in order to ensure that AOT's risk management and internal control systems are in accordance with good practice of international standards, conciseness, appropriateness, efficiency and effectiveness.

AOT's Risk Management Framework

AOT stipulates integrated risk management in accordance with the guidelines of COSO - ERM 2017 and in line with the Ministry of Finance’s Best Practice for Risk Management Standards for the Public Sector B.E. 2562 (2019), including the practice guidelines of the Office of the Securities and Exchange Commission (SEC), which consists of 5 components:

  1. Governance and Culture
  2. Strategy and Objective Setting
  3. Performance
  4. Review and Revision
  5. Information Communication and Reporting
COSO 2017 ERM Framework

COSO 2017 ERM Framework

AOT's Risk Management Process

AOT has set a risk management process systematically in order to collect and analyze scenarios of changes, or uncertainties both internal and external that may occur and affect AOT's operations. The aforementioned process is implemented annually, twice a year, before starting period of the fiscal year and reviewed in the mid-fiscal year. AOT's risk management process consists of important processes as follows:

AOT's risk management consists of important processes as follows:

1. Environmental Risk Analysis:

It leads to the formulation of strategies or risk management plans to reduce the likelihood or impact of risks that may occur in the future by setting the Risk Management and Internal Control Working Group at the levels of line, group, office, and airport level in order to analyze data on changes in 8 key areas as follows:

01

Politics

05

Business Models

02

Government

06

Digital Transformation

03

Economy

07

Cyber Security and Privacy

04

Population Change and Passenger Behavior

08

Environment

2. Preparation of Risk Management Plan

AOT stipulates to prepare the risk management plan at the levels of line / groups/ airport to reasonably ensure of achieving the set goal. The details of the important steps are as follows:

Preparation of Risk Management Plan

3. The Risk Management Process

The Risk Management and the Control Working Group of each group and airport are responsible for monitoring and reporting the risk performance to the Risk Management Working Group of AOT and the Risk Management Committee on a regular basis to review the effectiveness of risk management. In addition, AOT has also provided channels to assess the level of risk awareness and get opinions to develop a risk management system through questionnaires in both document and online form. Every suggestion received will be considered in order to continually improve AOT's risk management.

Risk Management Guidelines and Business Continuity Management Standards of AOT

AOT's risk management system is consistent with the guidelines of the Committee of Sponsoring Organizations of the Treadway Commission - Enterprise Risk Management Integrating with Strategy and Performance: COSO - ERM 2017 and the Business Continuity Management Framework in accordance with International Organization for Standardization: ISO 22301: 2019 (Security and Resilience - Business Continuity Management Systems - Requirements). AOT aims to use the risk management process as a part of AOT's corporate plan preparation and important project management in order to manage risks and disasters that may occur and affect AOT's business operations in a timely and continuous manner. In addition, it also supports AOT to be able to achieve the set objectives and targets.

มาตรฐาน

See more details

AOT Risk Management Process 2022

AOT's Risk

AOT risks can be divided into the following 12 categories:

Strategic Risk

refers to the risks associated with the formulation of strategic plans, action plan and improper implementation of such plans. In addition, it also includes changes from external and internal factors which affect the formulation of strategies or operation to achieve the main objectives, goals, and operational guidelines of AOT.

Operational Risk

means the risk associated with the operations of each process or activities within AOT, including risks related to information management in information technology and various knowledge information in order to achieve the specified goals. It will affect the efficiency of AOT's work processes and affect the achievement of AOT's main objectives.

Financial Risk

refers to the risks associated with financial management which may be arising from internal factors such as liquidity management and investment, or from external factors, such as changes in interest rates and exchange rates, which affect the existence or the efficiency of AOT's work processes. This also includes resulting in damage to AOT.

Compliance Risk

means the risk associated with compliance to rules, orders, regulations of regulatory agencies such as the Stock Exchange of Thailand, Civil Aviation Authority of Thailand, etc., including various legal risks relating to AOT's business operations. It will affect the reputation and the image of AOT.

Human Capital Risk

is the gap between the corporate goals and the operational skills of employees that may affect the organization's ability to achieve goals, which may be caused by intentional or unintentional act of the employees, for example, the work efficiency may not be in accordance with the specified requirements, etc.

Safety Risk

is the risk that may occur from humans or processes by mistake until causing injury to persons or damage to property.

Security Risk

is an act of unlawful interference or intentional violation of the practice which can lead to personal harm, property damage or long-term interruption of service and reputation damage.

Hazard and Environmental Risk

is the risk arising from various hazards or natural disasters that may affect operations such as floods, pandemics, including terrorist threats, etc.

Fraud Risk

refers to the risk arising from intentional actions to exploit unlawful benefits for oneself or others, such as family members (relatives), etc.

Information Technology Risk (IT Risk)

means the risk arising from the potential event and cause damage to AOT's information assets, such as data damage caused by virus, damage of the host computer system, unauthorized access to significant data, etc.

Reputation Risk

refers to the risk arising from a potential event that has an opportunity to occur and cause a negative image of AOT, resulting in being criticized in the society and may lead to the loss of its reputation.

goal

Emerging Risk

is the risk that emerges a loss arising from risks that have not yet occurred at present but may arise in the future, due to changing environment. This type of risk is a slow-occurring risk that is difficult to identify, have frequency of low occurrence, but will cause a serious impact once happening. This re-emergence of the risk is often identified by projections based on available evidence-based studies; this new risk is often the result of changes in the political, legal, social, technological, physical environment or natural changes. Sometimes, the effects of this type of risk may not be identifiable at the present. For example, problems that occur from Nanotechnology or climate change, etc.

Emerging Risks

Changes in Consumer Behavior: New Normal Travel after COVID-19

Organizational Adaptability to External Changes: Increase of Travel Options for Passengers

Nature of the Risk

A change in travel behaviors due to the New Normal after COVID-19 is the changing perspectives and behaviors of passengers on air travel, such as the service standard of not too crowded and the disease control standards. In addition, economic slowdowns and measures to control travel in some countries to control diseases may result in slow recovery of tourism.

Advances in technology and public-private investment have given passengers more options to travel, e.g., high-speed trains across regions, new domestic airports, and airport link high-speed trains. Moreover, a change in behavior from business travel to online meetings could lead to more passenger decrease of AOT due to travel cost, convenience and environmental friendliness. The airport, therefore, needs to continuously adapt to business changes.

Business Impact

Passengers’ concern on the spread of Covid-19 greatly affected the recovery of the aviation industry in terms of revenue and economic growth. Additionally, passengers have been expecting towards the preventive measures of Covid-19 and services that accommodate New Normal lifestyle that could reflect the level of airport users’ satisfaction.

Advances in technology and public-private investment have given passengers more options to travel, e.g., high-speed trains across regions, new domestic airports, and airport link high-speed trains. Moreover, a change in behavior from business travel to online meetings could lead to more passenger decrease of AOT due to travel cost, convenience and environmental friendliness. The airport, therefore, needs to continuously adapt to business changes.

Management Approaches

  • Provide screening measures for arrival and departing passengers at the airport.
  • Mandatory mask-wearing at all time and implementation of social distancing measurements.
  • Implementation of “Touchless Airport” and encourage the use of digital payment.
  • Cleaning operational areas in the airports.
  • Service providers at the airport are fully vaccinated.
  • Encourage advance reservation of accommodation and restaurants to avoid congestion.
  • Turn the crisis into opportunity by expanding the international passenger and freight customer base by collaborating with rail transport partners and other international airports.
  • Develop low-carbon airports to maintain competitiveness for customers who wish to travel or transport internationally.
  • Establish a career path, including creating personnel’s organization engagement to motivate personnel with knowledge and expertise to create long-term loyalty to the organization.

See more details

AOT Emerging Risk 2022

Promoting a Risk Culture

AOT has implemented a process to create an atmosphere and culture that supports risk management. The meeting of AOT's Risk Management Working Group and Risk Management Committee is scheduled every month as a platform to review risk situations that will help everyone to understand the relationship and impact of risk before making any decisions. This also includes stimulating the awareness of risks in the organization. The examples for risk management culture promotion activities are AOT e-Learning Platform, a joint meeting with Airports and Aviation Standards Group as well as risk awareness surveys.

Risk Awareness Survey

AOT conducts an annual risk awareness survey of AOT employees, aiming to assess the perceived efficiency of risk management information through internal and external media channels. In addition, the survey results will be used for developing communication channels which create awareness of risk management in an effective manner. The results of the survey in 2022 revealed that AOT’s level of understanding and ability to implement risk management was at a high and the highest level, increasing from 2021. AOT Staff Application is a channel for more than 75 percent of AOT employees to received information about risk management.

Risk Training

According to the results of the AOT Risk Awareness Survey, AOT organize training that incorporates risk management knowledge to AOT personnel. In particular, in the fiscal year 2022, AOT passed 2 training courses, namely, Intermediate Airport Management and Airport Management, which are based on the content of the fiscal year 2022 the Risk Management Handbook B.E.2565.

Risk Management Performance Assessment

AOT participated in the risk management performance assessment under the State Enterprise Assessment Model (SE-AM) for the improvement of AOT’s risk management operations continuously. The results of the assessment will be indicative of the strengths and weaknesses of the operation in five dimensions:

  1. governance and culture.
  2. information, communication, and reporting;
  3. risk management review
  4. risk management

Triple A Risk Management Project (3A: Alert Analysis Agility)

Triple A Risk Management Project is a collaboration between AOT’s Risk and HR Department to create risk management behaviors for executives and employees and a strong corporate risk culture. Triple A Risk Management Projects are the product of risk awareness surveys and risk management performance audits.

See more details

AOT Risk Culture 2022

Home

Last Updated: August 26, 2023