Financial Budgets

A detailed budgeting process has been established requiring all Heads of Department to prepare budgets and business plans annually for

deliberation and approval by the Board. In addition, AAB has a reporting system on actual performance against the approved budgets which

requires explanations for significant variances and plans by Management to address such variances.

Human Capital Management

The Group acknowledges that robust risk management and internal control system is dependent on its employees applying responsibility,

integrity and good judgment to their works. As such, the Group has in place policies and procedures that govern its recruitment, appointment,

performance management, compensation and reward mechanisms as well as policies and procedures that govern discipline, termination and

dismissal of employees.

Limits of Authority

The Group documented its Limits of Authority (“LOA”) clearly defining the level of authority and responsibility in making operational and

commercial business decisions. Approving authorities cover various levels of Management and the Board. The LOA is reviewed regularly and

any amendments made must be tabled to and approved by the Board. The latest version of LOAwas approved by the Board in November 2017.

Moving forward, AAGB would adopt the same LOA.

Insurance

The Group maintains adequate insurance and physical safeguards on assets to ensure these are sufficiently covered against any incident

that could result in material losses. Specifically, the Group maintains the Group Aviation Insurance which provides coverage for the following:

●

Aviation Hull and Spares All Risks and Liability;

●

Aviation Hull and Spares War and Allied Perils (Primary and Excess);

●

Aircraft Hull and Spares Deductible; and

●

Aviation War, hijacking and other perils excess liability (Excess AVN52).

Information Security

Information Technology (“IT”) security protects information from a wide range of threats as well as safeguards the confidentiality, integrity

and availability of information. IT security in the Group is achieved through a set of controls which includes policies, standards, procedures,

guidelines, organisation structures and software control functions.

The Group acknowledges the importance of leveraging IT to promote effectiveness and efficiency of business operations. However, heavy

reliance on IT may pose emerging cyber security threats. In response to such threats, the Group has a Cyber Risk Management programme

through which it -

●

has established an Information Security Management System to design, implement and maintain a coherent set of policies and processes

to manage information risks; and

●

conducts penetration tests, system vulnerability assessments and reviews to minimise IT security incidents.

[ ]

AirAsia Group Berhad

REPORTS AND FINANCIAL STATEMENTS

201