Annual Report 2019

FINANCIAL STATEMENTS RISK MITIGATION Reputation and Branding – Reputational damage stemming from adverse media publicity or social networks that serve as platforms for airing consumer grievances or anti-organisation campaigns The Group mitigates this risk by conducting an annual brand health assessment to enable strategic brand management through understanding market preferences and creating positioning/perception efforts to meet these preferences. The Group also runs a 24/7 Social Command Centre which practises real time monitoring of consumer sentiments stemming from social networks through social listening platforms and uses customer service tools to enable quicker action and response to customer issues in primary social media channels. A media monitoring service is also used to monitor and notify the Group of any targeted media coverage of AirAsia and a team is established to ensure necessary and effective response to mitigate potential reputational threats. OPERATIONAL RISK System Outages – Outages of mission-critical systems required for continuity of flight operations and revenue channels which may result in significant losses The Group mitigates this risk by developing, implementing and testing systems-specific backup and failovers to reduce the impact of systems outages and ensure that the business continues to run in the event of a critical system outage. Value Chain Disruption – Failure in airport services such as airport fuelling systems, baggage handling systems or customs, immigration and quarantine processing may lead to significant delays and business disruption The Group mitigates this risk by monitoring and communicating any potential service disruption to service providers to prevent or ensure minimal disruption to operations. The Group has also created and tested incident-specific business continuity plans for selected main hubs while partnering closely with airport operators and authorities. Cyber Threats – Cyber security risk arising from heavy focus on online sales channels, guest feedback, help channels and other digital solutions The Group has a dedicated security team focused on detecting, containing and remediating cyber threats. The Group adopts the ISO/IEC 27002 International Code of Practice for Information Security Controls into our processes, procedures and technology. Regular security assessments, penetration tests and source code reviews are performed on systems to ensure cyber resilience. The Group constantly assesses and implements various new technologies/tools to mitigate emerging threats. Safety Threats – Increasing exposure to operational safety hazards and risks as the Group grows its routes, flights and passenger volume The Group mitigates this risk by identifying, assessing and managing safety risks to an As Low As Reasonably Practicable (ALARP) level and implements necessary mitigation actions through a robust Safety Management System. The Safety Review Board (“SRB”) oversees safety performance to ensure safety targets are met and that the highest safety and quality standards are upheld across the Group. Through the use of new digital tools, safety risk analysis and data capture has been made more efficient and accurate to improve risk identification and mitigation. The Group is also subject to routine mandatory audits by local civil aviation authorities which issue operating licenses to airline operating companies. In addition, all AirAsia Group airlines have completed the IATA Operational Safety Audit (IOSA), with certification obtained by Malaysia, Indonesia, and Philippines AirAsia, AirAsia X, and Thai AirAsia X. AIRASIA GROUP BERHAD ANNUAL REPORT 2019 197