Sembcorp maintains an effective governance and decision-making structure that embeds responsible business practices within the organisation. We are committed to fostering an ethical culture and conducting our businesses with integrity. We recognise the importance of the effective identification of risks, and work hard to ensure we have an adequate and effective risk management and internal control system.

Why this is material
We define corporate governance as the structures, practices and processes in place by which our organisation is controlled, operated, directed and accountable for. Well-defined corporate governance processes are essential to enhancing corporate accountability and long-term sustainability to preserve and maximise shareholder value.

Our approach
Sembcorp is led by an effective board. The board is collectively responsible for providing overall strategic direction and ensuring the long-term success of the Group. Several board committees have been established with clear terms of reference, both to assist the board in fulfilling its responsibilities and to provide independent oversight of management. Our Board Diversity Policy sets out principles to maintain diversity on the board’s composition. In 2019, 82% were independent non-executive directors.

We comply with the principles and guidelines set out in the new Singapore Code of Corporate Governance 2018 issued by the Monetary Authority of Singapore, and our corporate governance practices are set out in the Corporate Governance Statement in our annual report.

We are in the midst of transitioning from our GAF to an IAF to provide a more holistic and robust basis of assurance for the adequacy and effectiveness of our risk management and internal control system. The process identifies risk from strategic top-down and bottom-up perspectives from each key market, putting greater emphasis on the three LOD model.

a. First LOD
Key markets and business units are required to regularly review their risk and internal control environment to ensure that they operate within the prescribed risk appetite. This is done through a combination of detailed risk and control registers and review processes, established escalation procedures and well-defined consequence management. In addition, a rigorous management attestation process, the Management Control Assessment (MCA), is submitted quarterly by each market and business unit to provide the assurance that its risk management and internal control system is adequate and effective.

b. Second LOD
The second LOD sets the policies, standards and standard operating procedures that the markets and business units are required to adopt. Additionally, submissions and responses from the MCA are further validated through substantive review by the business lines, subject matter experts and corporate functions as an added layer of assurance.

c. Third LOD
Group Integrated Audit (GIA) provides independent assurance across financial, operational, compliance and IT risks through a series of walkthroughs and substantive testing. Management works closely with GIA in closing out all material issues and gaps in a timely manner to ensure that there is continual improvement to our risk and controls environment as well as an effective feedback loop to the first and second LODs. External audit considers internal controls relevant to the preparation of financial statements to ensure they give a true and fair view.

Why this is material
Responsible business conduct and ethical business practices ensure the long-term viability of our businesses by building trust and confidence with our stakeholders. We are committed to high standards of behaviour and integrity in everything we do and expect the same of those whom we do business with. We have zero tolerance for fraud, bribery and corruption. Our businesses operate in highly regulated environments where non-compliance may subject us to statutory and regulatory fines and sanctions, including losing our licence to operate and material litigation. It may also result in damage to our reputation and credibility, limiting future growth opportunities.

Our approach
Our Group Ethics & Compliance (GEC) function holds the charter to:

• Foster and promote an organisational culture of integrity, ethical decision-making and compliance that is in line with our values and with the law and regulations
• Promote appropriate risk assessment and due diligence to prevent, detect and respond to unlawful and unethical conduct or non-compliance

The outcomes and effectiveness of the GEC function are reported quarterly to the Senior Leadership Council and Audit Committee as part of our governance and accountability structure. The policies under the ownership and management of the department include the Code of Conduct (CoC), the Anti-bribery and Corruption (ABC) Policy and the Data Protection Policy.

The bonus payments of senior managers and above are tied to the completion of mandatory compliance training which comprises the CoC, ABC Policy, Gifts, Entertainment and Travel Policy as well as the Data Protection Policy.

Code of Conduct
All employees are required to comply with the requirements of the CoC, which is endorsed by the board.
Employees are required to complete an annual declaration form to acknowledge that they have read and understood the principles and requirements of the CoC, agree to comply with its principles and requirements, and will promptly report any violation through available reporting channels. Suppliers and contractors who work with Sembcorp are also expected to follow the Supplier CoC.

Anti-bribery and Corruption
Our ABC Policy sets out the standards and principles on conducting business with integrity and the highest ethical standards expected of every employee. Our Third Party Due Diligence compliance programme helps us better manage and mitigate the risk of bribery and corruption that may arise through an intermediary or third party acting on behalf of Sembcorp.

Data Protection
The Group Data Protection Policy sets out the framework and principles which govern the collection, use, disclosure and retention of confidential personal and business data. Our businesses globally are expected to abide by the policy, subject to local laws and regulations on data protection. We also respect the privacy of individuals and we protect personal information whenever personal data is collected, used and processed by us. Our Personal Information Protection Policy is available here.

Why this is material
The global energy transition and technological advances have led to significant risks and business model disruptions. As a diverse company with a presence in multiple markets, we are exposed to risks including financial, operational, compliance and information technology threats. Risk management is an integral part of our business as it minimises the likelihood and impact of potential financial losses, as well as provides a framework of evaluation for new business opportunities. It also assures our board and shareholders that key enterprise and business risks faced by the organisation have been identified, assessed and managed with appropriate risk mitigation measures and controls.

Our approach
The Group has an overall risk management strategy, as set in place by the board of directors and supported by the board’s Risk Committee and Audit Committee. The Risk Committee reviews and enhances the effectiveness of the Group’s risk management and health, safety, security and environment (HSSE) plans, systems, processes and procedures. It also regularly reviews group-wide risks including significant risk exposures relating to foreign exchange rates, commodity prices and major investment projects as well as corresponding risk mitigation plans. HSSE policies, guidelines and limits are also regularly reviewed.

Risk Appetite Framework
The board has determined a risk appetite framework which guides the board and management in the execution of the Group’s strategy and objectives. Under this framework, the board has approved risk appetite statements with respect to economic, environmental, social and governance areas in line with our material issues for the management and reporting of our overall sustainability performance.

Enterprise Risk Management
The Group is committed to ensuring that an effective and practical enterprise risk management (ERM) framework is in place. Our framework aims to safeguard our people and assets, protect shareholders’ interests, facilitate informed decision-making for value creation and ultimately enhance our brand and reputation. In designing our ERM framework, the Group has adapted and made reference to various industry risk management standards, such as ISO 31000 and the Enterprise Risk Management – Integrated Framework of the Committee of Sponsoring Organizations of the Treadway Commission.

For details of our risk appetite framework and enterprise risk management, please refer to the Risk Management section of our Sustainability Report.

back to top