Internal Policies and Procedures Policies, procedures and processes governing the Group’s businesses and operations are documented and readily available to employees across the Group on Capital A’s intranet portal. These policies, procedures and processes are reviewed and updated by the business and functional units through a structured and standardised process of review. This is to ensure that appropriate management controls are in place to manage risks arising from changes in legal and regulatory requirements as well as the business and operational environment. Financial Budgets A detailed budgeting process has been established requiring all Heads of Department to prepare budgets and business plans annual ly for deliberation and approval by the Board. In addition, the Group has a reporting system on actual performance against the approved budgets, which requires explanations for significant variances and plans by Management to address such variances. People Management The Group acknowledges that a robust risk management and internal control system is dependent on its employees applying responsibility, integrity and good judgment to their duties. As such, the Group has in place policies and procedures that govern its recruitment, appointment, performance management, compensation and reward mechanisms as well as policies and procedures that govern discipline, termination and dismissal of employees and ensures compliance of the same with all applicable laws and regulations. Limits of Authority The Group documented its Limits of Authority (“LOA”) clearly defining the level of authority and responsibility in making operational and commercial business decisions. Approving authorities cover various levels of Management and the Board. The LOA is reviewed regularly and any amendments made must be tabled to and approved by the Board. The latest Capital A’s LOA was approved by the Board on 28 August 2019. Insurance The Group maintains adequate insurance and physical safeguards on assets to ensure these are sufficiently covered against any incident that could result in material losses. Specifically, the Group maintains the Group Aviation Insurance which provides coverage for the following: • Aviation Hull and Spares All Risks and Liability • Aviation Hull and Spares War and Allied Perils (Primary and Excess) • Aircraft Hull and Spares Deductible • Aviation War, Hijacking and other Perils Excess Liability (Excess AVN52) Information Security Information Security protects information (data), the systems it is housed in and the users of these systems from a wide range of threats, as well as safeguards the confidentiality, integrity and availability of information. Information security in the Group is achieved through a set of controls which includes policies, standards, procedures, guidelines, organisation structures and software control functions. The Group acknowledges the importance of leveraging Information Technology (“IT”) to promote effectiveness and efficiency of business operations. Heavy reliance on IT exposes us to emerging cyber security threats, hence Group Information Security Management is in place to manage cyber security risk. The Information Security Management programme includes: • Evaluations of the adequacy of controls for new infrastructures and information systems • Valuations of emerging security technologies • Adequacy of information asset protection within the Group • Assurance of the adequacy of security controls by coordinating security reviews such as penetration testing and vulnerability assessment Code of Conduct The Group has a Code of Conduct (“the Code”) which governs the conduct of its employees, officers and directors. The Code sets out the standards and ethics that they are expected to adhere to. It highlights the Group’s expectations on their professional conduct which includes: • The environment inside and outside of workplace • The working culture • Conflicts of interest • Confidentiality and disclosure of information • Good practices and controls • Duty and declaration The Code also sets out the circumstances in which an employee, officer and director would be deemed to have breached the Code after due inquiry and disciplinary actions that can be taken against them if proven guilty. C O R P O R A T E G O V E R N A N C E A N N U A L R E P O R T 2 0 2 1 1 8 3
RkJQdWJsaXNoZXIy ODU0MjU5