Risk and Crisis Management
Importance and Mission
Risk and crisis management are critically important to the company’s operations, as they enable the organization to achieve its objectives and goals efficiently. Effective risk management helps minimize potential impacts from various emergency situations and ensures business continuity.
The core mission of risk and crisis management is to ensure that the company has robust processes in place to identify, assess, and manage potential risks. This also includes preparedness for crises that could affect the company’s operations. The ultimate goal is to maintain the organization’s stability and long-term sustainability.
Supporting the SDGs Goals
Goal 17:
Goal and Performance
Goal
Performance
Management Approach
The company operates a risk management system in accordance with the risk management policy announcement, which establishes standards and is used in concrete operations.
This is a process that assists the company in planning for long-term business operations, including adapting to potential future changes. There is a risk assessment that addresses emerging risks to reassure stakeholders that business operations and various operations can accomplish the specified objectives. To ensure sustainability, risks are managed and monitored using indicator-based risk management tools.
ESG Risk
| Number | Risk Lists | Description |
|---|---|---|
| Environmental | ||
| 1 | Effects of Climate Change | Risks from disasters, environmental issues, or new regulations. |
| Social | ||
| 2 | Human Resource Development | Enhance capabilities, knowledge, skills and organizational culture |
| 3 | Occupational Health and Safety (OSH) | Threats to employee health and life |
| 4 | Employee Fraud | Impact on trust and corporate reputation |
| 5 | Personal Data Breach (PDPA) | Violating privacy rights can lead to a variety of legal risks |
| 6 | Human Rights Violations | Impact on reputation and social responsibility |
| 7 | Unethical Partners | Risks to the company's reputation and credibility |
| Governance and Economic | ||
| 8 | Losing a Key Executive | Risks from Key Personnel Changes |
| 9 | Digital Disruption (IT Disruption) | Impacts on business operation capability |
| 10 | Non-Compliance with Laws or Contracts | Risk of penalties or legal actions |
| 11 | Information System Risks (IT Risks) | Insufficient internal data control |
| 12 | Cyber Security | An ineffective cybersecurity system |
Environmental
1. Effects of Climate Change
Risks: Disaster damage, volatility risk, and environmental laws strictness
Risk Management Approaches: Integrate sustainable practices, follow scope 1-3 of carbon emission, and establish Science Based Targets initiative (SBTi) objectives
Social
2. Human Resource Development
Risks: The skills shortage , job dissatisfaction, and poor performance
Risk Management Approaches: Organize training/development plans, succession plans, and welfare promotion (well-being)
3. Occupational Health and Safety (OSH)
Risks: Accidents, compensation costs, and operational disruptions
Risk Management Approaches: Occupational safety and health management system standard, regular inspections, and emergency drills
4. Employee Fraud
Risks: Reputational damage, loss of assets, diminish trust
Risk Management Approaches: Internal audit system, whistleblowing channels.
5. Personal Data Breach (PDPA)
Risks: Litigation, loss of customer confidence, and system’s upgrade costs
Risk Management Approaches: Data encryption, access authorization, and employee’s training on the Personal Data Protection Act (PDPA)
6. Human Rights Violations
Risks: Got allegations, business relationship disruptions
Risk Management Approaches: Business code of conduct, supply chain audit, and labor rights assurance
7. Unethical Partners
Risks: ESG-related risks, company’s reputational damage
Risk Management Approaches: ESG assessment, CSR agreements, and establish the blacklist system.
Governance and Economic
8. Losing a Key Executive
Risks: Loss of direction, diminished organizational stability
Risk Management Approaches: Succession plans, and Establishing an effective backup executive structure
9. Digital Disruption (IT Disruption)
Risks: Data loss, system crashes, business interruption
Risk Management Approaches: Business Continuity Plan, data backups, and system recovery drills
10. Non-Compliance with Laws or Contracts
Risks: Fines, loss of licence, loss of credibility
Risk Management Approaches: Compliance audits, and compliance training programs
11. Information System Risks (IT Risks)
Risks: System failure, service’s delay
Risk Management Approaches: IT infrastructure audits and improvements are performed as a regular basis.
12. Cyber Security
Risks: System is hacked, data loss
Risk Management Approaches: Firewall, Multi-factor Authentication, and Penetration Testing
Operation of the Risk Management Working Team
The company established a Risk Management Working Team, which meets quarterly. In 2024, the Risk Management Committee met four times, with all members present at each meeting.
The risk management committee considers that the company has a sufficient and appropriate risk management policy with continuous compliance with the risk management policy and promotion of risk management as an organizational culture. By creating awareness and comprehension to make executives at all levels and employees aware of the importance of risk management by considering risks every time as a decision is made to proceed with matters that are important and may affect operations.
The company has established risk-based decision-making criteria, and evaluated the possibility and impact of significant risks as follows:
Table of Assessment of the Probability of Occurrence
Risk Assessment Criteria
| Level | Previous definitions for each level | Definitions for potential future levels | Number of times (months) that occur each year |
|---|---|---|---|
| Lowest 1 | Never happened | It is expected to occur only in unusual circumstances. The probability of occurrence is less than or equal to 5%. | 1 time / year |
| Low 2 | Barely happened | It is expected to occur at specific times. The probability of occurrence is greater than 5, but not greater than 25%. | 2-3 times / year |
| Medium 3 | Happened sometimes | It is expected to occur at specific times. The probability of occurrence is greater than 25, but not greater than 50%. | 4-6 times / year |
| High 4 | Happened several times | It is expected to occur in most situations, with a probability greater than 50% but less than 95%. | 7-9 times / year |
| Highest 5 | Always happended | It is expected to occur in every circumstance and has a greater than 95% chance of happening. | 10-12 times / year |
Table for Assessing Risk Impact Levels
It is a risk assessment that considers both the severity of the impact and the possibility of occurrence.
Risk Matrix
| The possibility ofa risk event occurring | Severity of Impact | ||||
|---|---|---|---|---|---|
| Lowest 1 | Low 2 | Medium 3 | High 4 | Highest 5 | |
| Highest 5 | Medium 5 | High 10 | High 15 | High 20 | Highest 25 |
| High 4 | Medium 4 | Medium 8 | High 12 | High 16 | Highest 20 |
| Medium 3 | Low 3 | Medium 6 | Medium 9 | High 12 | High 15 |
| Low 2 | Low 2 | Low 4 | Medium 6 | Medium 8 | High 10 |
| Lowest 1 | Lowest 1 | Low 2 | Low 3 | Medium 4 | Medium 5 |
Pre-Credit Risk Control
Before providing credit, the company considers the risk of performing so based on the ability to repay debt transparent and fair manner. There is supervision to ensure compliance with legal requirements, regulations, and contract terms by constantly verifying the customer's identity before granting credit. This is in accordance with the Anti-Money Laundering Act B.E. 2542, which addresses transactions with customers that may be considered illegal acts. To effectively manage potential risks, the company has implemented a policy to examine the data about customers.
Business Continuity Management (BCM)
According to the business continuity management policy, the company has created crisis management prevention and preparedness plans by employing the Business Continuity Management (BCM) framework to reduce the effects of fires, natural disasters, terrorism, and virus transmission. The company has an effective response to ensure that regular operations are not disrupted or significantly impacted in the event of a crisis, and that regular operations can resume as soon as possible in order to promote stakeholder confidence and comply with good corporate governance principles.
Partner Risk Management
The company declares that it is committed to manage its business partners responsibly by following procurement and selection policies and guidelines, meeting the standards required for fair and transparent business partner selection, evaluation, and inspection, and adhering to business security principles in order to operate with integrity. To have a good financial standing, reliable business records, and auditable institutions, not violating human rights, and being aware of responsibilities to society, community, and the environment, seeking ways to reduce risks, and establishing an understanding of business operations by selecting partners in accordance with company standards.
In 2024, the company could meet with suppliers at two locations in Northern Province to assess business operational risks and promote and support suppliers' sustainable business operations employing the following evaluation criteria:
Corporate governance
Social aspects
Environmental aspects
Stakeholders Directly Impacted
Shareholders
Customers
Partners
Creditors
