Risk Management
Basic Policy
Consistent with the "Our Vision" management principles, NSG Group aims to enhance corporate value by sustained growth in line with the Medium-term Plan RP24. That said, the business environment enveloping the Group has become increasingly complex and is continuing to dynamically transform. We see risks in the uncertainties that stem from internal and external factors, which threaten to affect the Group's ability to achieve its business targets. We therefore position risk management, which is tasked with identifying, assessing, and properly managing major risks, as an important part of our management foundation in order to minimize the negative effects and maximize positive results. By systematically and methodically implementing appropriate risk management across the entire Group, we can not only achieve our short-term business targets, but also reliably execute business strategies.
NSG Group's risk management is carried out in accordance with our Fundamental Policy on Internal Control Systems, which was resolved by the Board of Directors in accordance with the Companies Act and Corporate Governance Code. Specific measures for addressing risks that arise in connection with our corporate activities are prescribed in our NSG Group Risk Management Policy and are consistent with ISO 31000 (principles and guidelines on risk management) as well as the COSO Enterprise Risk Management model.
We are looking to continuously improve our systems in line with developing standards and the evolving risk landscape.
Framework
NSG's risk management systems are established so that they are fully embedded within the Group's day-to-day operations and operate as “three lines of defense”. The first line of defense is established within the business SBU's and Group Functions who operate controls and mitigations to identify, assess and manage risks across all the activities of the Group as part of its the day-to-day operations. The second line of defense is made up of the Group Functions and management forums who not only set the operating and risk management policies and standards for the operations, but also monitor the effective operation of the controls. The third line of defense is provided by the Group Internal Audit Function who make an independent evaluation of the effectiveness of the controls and the risk management processes.
At the heart of its enterprise risk management system - mainly the second line of defense - NSG Group employs a two-tiered “hybrid” risk management framework comprising the Strategic Risk Committee (SRC) as a top-down approach and the Enterprise Risk Management Team (ERMT) as a bottom-up approach, both of which are under the supervision of the Management Committee, and report onwards to the Board of Directors.
SRC Structure and Purpose - Top-down Risk Review
SRC is chaired by the Chief Risk Officer (CRO) and its members are mostly executive officers including CEO. SRC determines the companywide risk management policy and framework, based upon which it identifies and classifies: (a) high level risks thought to have a serious impact on the Group; and (b) operational risks that ought to be managed by SBUs or Group functions. It then monitors how those risks are being addressed and requests that additional measures be taken if required. For high level risks, SRC appoints "risk owners" to manage the collection of risk information and the progress of countermeasures.
CRO presides over all SRC meetings and as representative of the committee, periodically reports to and receives feedback from the Management Committee and the Audit Committee regarding the effectiveness of the Group's basic internal control system and risk management structure.
On an annual basis the SRC members formally review the current risk universe and the results of the ERMT Bottom-Up Risk Review as explained below, to identify if the risks being monitored by SRC need to be amended.
In FY2023, SRC convened three meetings and reported once each to the Management Committee and the Audit Committee.
ERMT Structure and Purpose - Bottom-up Risk Review
ERMT is chaired by CFO and its members comprise heads and relevant senior managers of SBUs and functions such as accounting, finance, human resources and legal. Every year this team identifies, assesses, and prioritizes the key risks pertaining to business execution and endeavors to improve the effectiveness of risk management by formulating necessary measures to mitigate risks. Those risks and mitigation measures are reviewed as necessary according to the circumstances from time to time, among others, material risks are escalated to, and monitored by SRC. ERMT periodically, or whenever requested, reports on its activities to SRC.
Independent Assurance
The Internal Audit Department's role is to provide assurance from an independent standpoint, regarding the companywide efficiency of risk management, and the effectiveness of specific risk mitigations.
Global Insurance Program
To transfer or share risks, we have established an NSG Group Insurance Program. The program identifies the key insurable risks, including property losses caused by natural disasters, and endeavors to transfer them by placing cost effective insurance. Every year, under the supervision of SRC, we review the Group's comprehensive insurance coverage under the global insurance program.
Major Risks for NSG Group
In FY2023/3 SRC identified, assessed and monitored the following risks. For each risk, an owner has been appointed from among the executive officers or senior managers, to take responsibility for appropriately managing it.
For each of the key risks being monitored, SRC has determined that sufficient mitigations are in place, or are being progressed, to manage the risk within the Group's appetite.
(Please refer to pp90~92 of NSG Group Integrated Report 2023 for the specific risk focuses.)
Risks |
Lack of Funding |
Economy & Market |
Efficiency & Cost base |
Commodities & Supply & Business Interruption & Asset Loss |
Failure to Identify / Manage Cyber Incident |
Product Quality Failures |
Climate Change & ESG |
Technology & Systems |
Lack of Adequate Talent |
Failure to Deliver Key Contracts |
Loss of Market to (new) Competitor |
Political / Fiscal Regime |
Non-Compliance with Laws / Regulations |
Change Readiness / Project Execution Failure |