
Risk Management
Organizational Importance and Commitment
Systematic risk management and crisis preparedness are key components of business stability and long-term sustainable operations. The Company places importance on establishing an appropriate risk management structure to analyze and assess risks comprehensively, including the assessment of emerging risks, to formulate risk management plans for dealing with crises and to ensure a timely response to unexpected events, thereby minimizing the potential impact on stakeholders.
Opportunities and Impact
Systematic risk and crisis management serve as essential mechanisms for preventing and mitigating the impact of unexpected events – both financial impacts and effects on the Company’s image, credibility, and strategic decision-making. It also presents an opportunity to develop the organization’s resilience and ability to adapt effectively to changing environments, thereby enhancing competitiveness and operational efficiency – crucial factors for achieving sustainable growth.
Supporting the SDGs Goals
Goal 16:
Stakeholders Directly Impacted
Goals and Performance
ESG Performance Indicators and Targets | 2024 Performance Results |
---|---|
The overall Risk Index decreased compared to 2023 | The overall Risk Index is 10.73 decreased from 13.25 in December 2023 |
Conduct Risk Management Training sessions at least 1 time for annually | Organized a training session on “Legal Consideration In Contract Management” There were 120 participants in the training. |
Quarterly track and report risk management results | Risk management result is monitored on a quarterly basis and reported to the Board of Directors 3 times |
Number of complaints or incidents regarding security of information systems and customer information is zero | 0 No complaints regarding security of information systems and customer information |
Testing and risk assessment of equipment and information systems (Penetration Test) | Completed according to plan |
Preparation of Log Monitoring reports to ensure the safety of the network system from the risk of attack | Completed according to plan |
Management Guidelines
Strategy
Management Approaches
Risk Management Policy
The Risk Management Committee has formulated a policy that covers risk management processes and methodologies, including oversight and regular reviews to ensure efficiency and responsiveness to external risk factors. Additionally, the Company promotes widespread internal communication regarding risk management to foster organization-wide risk awareness.
Risk management is positioned as a core strategic component for all departments, with clearly defined risk appetite levels and actionable, adaptable plans that are regularly reviewed and updated in response to changing conditions. Progress tracking and performance evaluations are implemented to ensure the risk management process aligns with the organization’s policies, strategies, and goals, as well as regulatory requirements and the risk management standards recommended by the Securities and Exchange Commission and the Stock Exchange of Thailand. Ultimately, this approach helps mitigate potential obstacles to achieving organizational objectives and strengthens the foundation for sustainable long-term growth.
Risk Management Structure
The Board of Directors has established a risk management structure that includes a committee and a working group composed of representatives from core business units and support functions. This structure ensures that the diverse nature of the business group is fully addressed. The roles and responsibilities of executives are clearly defined, including planning, implementing measures, and monitoring performance to ensure alignment between business activities and the Company’s policies, goals, and strategies. This structure also supports the Company’s ability to respond to rapidly evolving sustainability issues. Furthermore, the internal audit unit operates independently to review and evaluate the risk management process. The details of roles and responsibilties are outlined in the related documents.

Strategy Formulation
1. Building an Organizational Culture in Risk Management
Instilling a proactive risk management mindset among executives and employees at all levels, while encouraging executives to take a key leadership role in risk management, which is crucial to the organization’s strategic risk planning. This is carried out through training and seminars. Furthermore, the Company utilizes insights from actual events, past incidents, or near-miss events as case studies and promotes the integration of risk management concepts into all stages of operations. Employees are also responsible for setting goals, strategies, plans, and risk response measures. Risk management issues are also integrated into key performance indicators (KPIs) at both the organizational and departmental levels, applying to all personnel from the board of directors and executives to employees and risk owners.
2. Establishing Risk Appetite Criteria
To ensure that risk management is conducted with quality, is measurable, and clearly reflects outcomes that are beneficial to business operations, the Company has established risk appetite criteria as a guideline for determining which risks it should prioritize for improvement and development.
3. Planning for Future Risk Management
The Company closely monitors situational developments, forecasts, and prepares to handle future risks by considering all possible scenarios that may arise. It consistently sets measures and adjusts risk management plans to align with the organization’s long-term sustainability goals and build organizational resilience in response to current situations, including managing the diversity of the supply chain and reviewing plans to reduce redundancy in operations.
4. Risk Management Partnerships
Supports collaboration with partners, customers, business allies, surrounding communities and society, as well as educational institutions, government agencies, and private sector organizations. These collaborations aim to conduct both direct and indirect risk management activities to strengthen the supply chain in a systematic and effective manner. It also reflects a shared commitment and responsibility in addressing global challenges.
Partnerships in product and service development.
Collaboration in developing new technologies and innovations that address environmental and sustainability issues.
Business Risk Factors and Risk Management
The Company collected risk issues from business groups and support units, selecting key risk issues using acceptable risk criteria and grouping risk issues with similar causes or impacts to ensure effectiveness and efficiency in setting risk management measures.
Crisis Management
The Company has implemented a Business Continuity Plan (BCP) that addresses responses to major risks which could cause business disruptions or hinder work operations. These include fire, natural disasters, terrorism, cyberattacks, epidemics, and infectious diseases to ensure that internal departments are adequately prepared in advance to handle crisis or emergency events. This aims to ensure the Company is capable of responding to crises, continuing its operations, and consistently delivering quality products and services.
Information Technology and Cybersecurity Governance
The Company has established a governance structure and clearly delineates roles and responsibilities, continuously assesses risks and establishes mechanisms to monitor and respond to potential cyber threats systematically. The aim is to ensure to protect information and IT systems' security, confidentiality and availability, thereby safeguarding the Company's digital assets from all forms of cyber threats. This governance aligns with relevant regulations, standards and practices.

Approach for Protection Against Threats to Systems and Information
Cybersecurity Awareness and Culture Building
The Company has established an Information Security Policy and security regulations that all employees must follow. New employees receive documentation outlining these practices and are trained on these policies. Additionally, regular communication and alerts regarding cybersecurity threats are shared via email and internal communication channels. The Company also continuously organizes training sessions on information technology and system usage to foster a culture of cybersecurity awareness within the organization.
Cyber Threat Response Measures
Response procedures are in place for actual cyber threat incidents, including drills and simulated scenarios to assess vulnerabilities, system capability, and the responsiveness of responsible departments. Results from these exercises are used to improve response processes and mitigate risks. This also includes updating operational manuals and maintaining an incident reporting process. Moreover, the Company has a Business Continuity Plan and Disaster Recovery Plan in place to ensure swift and effective responses to emergencies.
Key Developments





- 4 courses were provided
- 104 employees participating