Management processes that meet and adhere to international standards

Constantly improving the efficiency of corporate governance and production management is the most effective way to ensure customer satisfaction, enhance competitiveness and provide sustainable benefits to stakeholders. Moreover, this is an indispensable tool for ensuring compliance and achieving FPT’s sustainable development goals according to international standards.

In 2021, FPT continuously implemented the OKR management method throughout the Corporation. The OKR methodology helped maintain the consistency between personal targets and the objectives of their department, subsidiary, and the entire Corporation. It contributed to improving operational efficiency and labor productivity. Objectives and key results of the Corporation, its subsidiaries, functional departments, and every employee were measured, updated, and monitored by the OKR online management tool to accurately track goal completion levels while adhering to the annual targets.

In addition, FPT and each core business area also achieved prestigious international standard certifications.

Operating sector Certifications
The Corporation
  • ISO 9001:2015: Quality management systems standard.
  • OKR: A set of quality evaluation criteria in accordance with objectives and key results. 
Technology
  • ISO 9001:2015: Quality management systems standard.
  • ISO/IEC 27001: Information Security Management.
  • ISO 22301: Societal security — Business continuity management systems. 
  • ISO/IEC 27017: Code of practice for information security controls based on ISO/IEC 27002.
  • HIPAA: The US Health Insurance Portability and Accountability Act of 1996. 
  • CMMiDEV/5: Capability Maturity Model Integration CMMI – Maturity Level 5.
  • ISO/IEC 20000-1: 2018: The most recognized international standard for IT management systems.
  • TMMi Certitiec level 5: Test Maturity Model integration level 5.
  • A-SPICE: Automotive – Software Process Improvement and Capability determination.
Telecommunications
  • ISO/IEC 27001: Information Security Management.
  • ISO/IEC 27017: Code of practice for information security controls based on ISO/IEC 27002.
  • Uptime Design Tier III: Data center tier standards – The infrastructure is designed to ensure redundancy and no interruption in maintenance.
  • PCI DSS: The Payment Card Industry Data Security Standard.
  • TIA 942B Constructed Facility Rated 3: Standard on setting up and operating data center infrastructure – The infrastructure is designed to ensure redundancy and no interruption in maintenance.
Education
  • International QS 3-star ranking (one of the leading standards for ranking universities worldwide).
  • ISO 21001:2018: Educational organizations – Management systems for educational organizations.
  • Standards for accreditation of educational institutions promulgated by the Ministry of Education and Training.
  • Standards for accreditation of educational institutions promulgated by the Ministry of Labor, War Invalids, and Social Affairs.
  • Quality accreditation by ACBSP – one of the global leading accrediting organizations.
  • Member of ASEAN University Network-Quality Assurance network – AUN-QA.
  • Member of AACSB Accreditation Organization – one of the global leading accrediting organizations.

Data management

The collection, processing, storage, and protection of data were uniformly regulated throughout the Corporation to ensure four factors, including:

04 factors to ensure

  • Comply with legal data protection requirements and practices.
  • Protect the legitimate interests of data subjects.
  • Protect data processing from risks of data breaches.
  • Protect the Organization from the risks of reputational loss.

07 principles to follow

  • Legality: Data must be processed to the extent required by law.
  • Right purposes: Data is processed only for the registered and approved legitimate purposes.
  • Minimalist: Data is processed only to the extent necessary to achieve the specified purpose.
  • Restricted Use: Data is only used with the consent of the data subject or approval by the authority.
  • Accuracy and integrity: Data must be appropriately handled based on respecting the accuracy of the data, legitimate rights, and interests of the data subject.
  • Confidentiality: The data is protected with protection measures during processing.
  • Storage: Data processing records need to be archived for legitimate query purposes.

FPT’s data management model is defined to ensure the following factors simultaneously:

  • Leadership is committed to the highest levels of data collection, processing, storage, and use.
  • Authoritative determination of the Corporation’s data-related decisions.
  • Defining standards, procedures, and processes to guide the management and exploitation of data.
  • Identifying technology and infrastructure to be used uniformly in the Group to ensure safety and security when exploiting data.
  • Strictly enforcing relevant policies issued throughout the Corporation.
  • Monitoring compliance and identifying risks in the event of data leaks.

In addition, at the Corporation or subsidiaries, we all have specialized departments to ensure customer privacy and security. As a result, we are highly aware and seriously protect customers’ data safety.

Response plans when data security incidents arise fully adhere at two levels:

  • Prevention: Based on understanding the root causes, prevention plans will also be devised and strictly enforced.
  • Fix: Immediately, security breaches will be prevented, highly specialized security departments will remedy security holes. Impact assessment to check relevant data areas will also be performed to avoid spreading out the risk.

The critical point of all the above data safety plans is that all procedures and actions are systematically designed throughout the Corporation. The tasks and responsibilities of each department are strictly controlled, monitored and reported.

Risk management

Despite the complicated developments of the pandemic, the effective operation results and social contributions throughout 2021 show that FPT has been successful in its risk management efforts, especially risks related to the sustainable development of the Corporation and the community. With the preparation of policies, human resources, finance, and technology infrastructure from 2020, FPT has ensured the health of personnel and working performance, helping to increase revenue and profit respectively 19,5%, and 20.4%.

Depending on the characteristics of each business sector, the risk management framework will be directed, approved, and improved by the CEO every year. For sustainable development, FPT identified four core risk groups.

Strategic risks

Type Risk management measures
Strategic risks
  • Participating in major economic and technological events globally to get updates on new tech trends and look for business development opportunities.
  • Organizing annual strategic governance conferences to explore the latest trends in business and technology to consistently      and promptly adjust the vision and strategic direction of the Corporation
Competitive threats
  • Providing end-to-end services and gradually enhancing its prestige in the IT value chain. This strategy will help continuously improve the competitiveness of the Corporation.
  • Promoting staff training and development, especially for technology staff, in order to improve technological capabilities and meet competitive needs. The total tech employee headcount within FPT stands at 24,068 employees. 
  • Continuously improving business models, information systems and internal processes to optimize operations and expenditures based on a modern corporate governance system.
  • Promoting internal DX to assure unified and transparent operations towards a real-time data-driven corporation. This significant factor helps build competitiveness, steadily overcoming challenges in the context of the complicated and unpredictable Covid-19 situation. In 2021, 43 internal digital transformation projects were implemented based on real-time data.

Operational risks

Type Risk management measures
Risks of information disclosure
  • Fully updating regulations related to information disclosure for listed companies.
  • Setting up internal processes of information provision and disclosure to provide timely, accurate reports on operational and financial activities.
  • Regularly contacting the person in charge of information disclosure at the State Securities Commission and the HCMC Stock Exchange to check the sufficiency and accuracy of information to be disclosed.
Human resources risks
  • Becoming a learning organization on the basis of developing highly qualified staff members and reinforcing the leadership based on the Corporation’s long-term goals. In 2021, training programs are widely deployed throughout the Corporation with 8,289 training courses, an increase of 25% over the same period. The number of new technology certificates also increased from 2,815 in 2020 to 4,768 in 2021, a corresponding increase of 69%.
  • Developing competitive remuneration policies based on the “Work more – Earn more” criteria. Employees’ income would be commensurate with work results and contributed values; fairly, transparently and reasonably. Additionally, FPT also implemented other policies such as housing subsidiary programs.
  • Creating an equal and happy working environment to attract more talent.
Reputation/brand risk
  • Developing a customer feedback system for gathering and implementing consumer      opinions in order to promptly adjust and improve customer services. Periodically surveying stakeholders’ satisfaction.
  • Setting up a crisis management process for immediate reactions.
  • Developing the media code of conduct.
  • Daily and hourly monitoring information related to the Corporation and its subsidiaries on media and social networks to promptly handle potential reputational crisis.
Cybersecurity risks
  • Thoroughly applying anti-data loss and system safety measures to ensure the IT security of the Corporation. 
  • Increasing investment in cybersecurity systems and solutions, updating processes and applying the latest security standards. Currently, in addition to outsourced systems, FPT has been developing a number of cybersecurity products such as CyRadar, FPT EagleEye…

Financial risks

Type Risk management measures
Exchange rate risk
  • Strictly monitoring factors that affect foreign exchange rates, diversifying resources of foreign-earned income.
  • Implementing appropriate insurances against exchange risks
  • Deploying flexible sales policies based on exchange rate fluctuations.
Business risks
  • Complying with sales – purchasing processes, contract management procedures… to reduce operational risks in business.
  • Creating liability management and inventory management policies.
  • Developing an automated monitoring and approving software system to improve management efficiency and minimize risks.
  • Strictly analyzing and monitoring overall business processes right from the stage of quantifying customer needs.

Regulatory risks

Type Risk management measures
Regulatory risks
  • Swiftly following the policies and crucial directions of the Government. Actively researching and recommending competent authorities to promote the role of IT in boosting economic growth.
  • Researching, updating and complying with provisions, and respecting the cultural and business environment of related foreign markets.
  • Training employees about local cultures.

Corruption and tax risk management

FPT Corporation always takes precautions against conflicts of interest and strictly handles any violations of financial discipline. To avoid conflicts, it requires employees to practice the following codes of conduct voluntarily:

  • Avoid conflicts of interest in outside business investment activities, affecting decision-making and negatively affecting the interests of the Corporation.
  • Avoid conflicts of interest with investment activities of employees’ relatives. Employees must declare to the Corporation and report to their Direct Managers if any of their relatives contribute capital/ hold executive positions at enterprises as our customers, suppliers, or competitors.
  • Be transparent in the selection and management of human resources, based on clear criteria of capacity, experience, and appropriate skills.

Anti-corruption and fraud policy

As one of the large-scale enterprises operating in many countries, FPT has developed a policy and a code of conduct to ensure that personnel at all levels and departments comply with legal regulations on anti-corruption:

  • All gifts sent to relevant authorities, partners, or third parties are required to be approved in writing by the legal and compliance control department.
  • Continually organizing personnel training globally on the code of conduct, especially on corruption issues and conflicts of interest between FPT and third parties.
  • Establishing a specialized department and defining a process for receiving and handling reports of violations of anti-corruption and fraud policies, strictly complying with the regulations of the Corporation.

FPT always complies with all strict tax regulations in Vietnam and the countries and territories worldwide. It has built a transparent and effective management system and promoted the digital transformation of the internal financial and accounting system. In addition, FPT continuously organized internal inspection and control meetings to ensure the compliance of the entire system with relevant local tax regulations and related industries.

Anti-corruption policy for suppliers

FPT, together with its direct and indirect subsidiaries, has a zero-tolerance policy against bribery and corruption of any kind. The purchase of goods and services and the selection of suppliers should be made based on actual needs. Quality, price, and criteria are determined in a specific and reasonable way and must put the organizational interests first. FPT also expects customers and suppliers to behave in a civilized manner, comply with the law, and in accordance with the following principles:

  • Do not directly/indirectly offer, promise or authorize payment of any money or material benefits to any FPT employee, leader, or third party to secure improper advantage;
  • Do not suggest, solicit, accept any money material benefits from employees, leaders, or any other third party in exchange for improper advantages;
  • Do not instigate or assist others in violating the above policies. If any violation is detected, it should be reported immediately to FPT and related parties;
  • Suppliers should keep accurate and complete documents, records, and books for future retrieval. Invoices should fully be kept with receipts and other supporting documentation for any expenses paid on behalf of FPT.

In the event that FPT reasonably suspects any supplier has violated this policy term, it may terminate/restrict the business relationship with the supplier. In addition, any FPT employee or leader found to be infringing or assisting others to violate the above principles may be subject to appropriate disciplinary action.

Internal control

In order to improve the governance capacity of FPT and its subsidiaries, ensuring transparency and the interests of shareholders and stakeholders, FPT designed an internal control system in compliance with relevant legal regulations and in reference to international standards.

Internal control model

Subject Responsibility
CEO
  • Review and approve the compliance control plan.
  • Direct to solve problems as well as improve the system.
  • Develop, approve, implement and control the Corporation’s risk management framework.
Head of Compliance Monitoring Board
  • Organize the control of compliance with legal requirements and high-risk areas/activities in governance.
  • Organize inspection sessions at the request of the BOM. 
Chief Quality Officer
  • Plan and organize the control of compliance with governance system requirements.
  • Organize inspection sessions at the request of the BOM.
Head of functional departments 
  • Review and update the corporate governance documents to ensure compliance with relevant legal requirements, national/international standards, and actual operations.
  • Coordinate with the Quality Assurance Department and the Compliance Monitoring Board to control activities, solve problems, and improve the system.

To ensure practical internal control activities and minimize risks mainly related to sustainable development, FPT also developed a detailed plan for the operation of the internal control apparatus. Accordingly, the Head of Compliance Monitoring Board, the Chief Quality Officer, and the Heads of functional divisions are responsible for developing a compliance control plan corresponding to the scope/area.

At the same time, to review the system to make timely adjustments, FPT will implement unscheduled control sessions depending on the business situation.

During the year, FPT implemented key control activities, including:

  • Consolidate the internal control system and risk management policy throughout the Corporation.
  • Supervise the compliance with legal regulations in the management and operation of production and business activities of the Corporation and its subsidiaries.
  • Coordinate with specialized divisions to implement irregular and periodical control sessions.
  • Supervise activities between FPT/subsidiaries and its suppliers/partners to ensure transparency in the spirit of mutually beneficial cooperation and risk prevention.
  • Propose solutions to manage potential risks that may occur in operations.

Leave a Reply

Your email address will not be published.