Investors
CollectionOfficeSteelcaseHomeKitchenWalk-in closet & StorageHardware & Fitting
ProjectEditorialNewsE-CatalogueExportFind Store
English
Th - ภาษาไทยEn - English

Risk Management

The Company prioritizes the awareness of risk management and therefore has tangibly formulated the risk management policy and a risk management plan at a corporate level. It also encourages staff at all levels, namely, directors, the management and employees, to familiarize themselves and pay attention to the risk management under the Company’s risk management framework that shall reflect international standard of practice in order to achieve corporate goals and ensure that all internal operation is subject to adequately efficient risk management.

 

Risk Oversight
Board-of-Director.jpg

The Risk Oversight Committee (ROC) is appointed by the Board to help the Board oversee risk management at various levels to ensure that the management, who is responsible for risk management, can effectively implement the risk management system encompassing various types of risks associated with the Company’s business. The Company has set up the risk management structure and supervision responsibilities using the Three Lines Models where three important roles are identified as follows.

  • 1st Line: This involves risk-owning departments, the management and employees who shall evaluate potential risks, issue preventive and control measures, manage them and prepare effective risk management reports.
  • 2nd Line: This refers to the Risk Management Committee, which supervises that the Company is equipped with an adequate risk management process based on required standards.
  • 3rd Line: The Internal Audit Department assesses and enhances the efficiency of the risk management process, the supervision and control independently from the management to ensure fair and reliable advice.


Risk management process

The Company manages all types of important risks whether they are strategic risk, operation risk, financial risk, compliance risk and other risks that may affect its main goals. The process contains steps and procedures to systematically manage these risks to the same direction organization-wide. It consists of eight components under the COSO-ERM framework as follows.

  1. Internal Environment

The internal environment is jointly determined between the management and employees through activities and work processes in order to create common behaviors and work ethics that reflect the company’s core values while being able to raise awareness and create common commitment towards main corporate goals and corporate risks.

  1. Objective setting

The Company clearly sets its business objectives that align with strategic goals before managing them and keeping them within an acceptable risk appetite and risk tolerance.

  1. Event Identification

All risk factors are reviewed both from internal and external factors to effectively identify events that may affect the Company’s main objectives and goals.

  1. Risk assessment

Causes and possible sources of risks, opportunities and potential effects, both positive and negative nature, are identified to assess risk levels. Criteria of impact and likelihood risk assessment are classified into five levels with clear definitions for mutual understanding and for benchmarking with the Company’s risk appetite for sound management.

  1. Risk response

A risk management plan must be submitted to the management’s meeting and to the Risk Oversight Committee to review and select appropriate risk management procedures. The review aims to select response methods such as avoidance, sharing, reducing or accepting risks so that the risks are kept within the risk appetite level; or that they will not materially disrupt the Company’s main goals.

  1. Control activities

Control activities will be conducted organization-wide where the Company will take into consideration the cost-effectiveness of benefits expected to appropriately, adequately and systematically received from the organized activities.

  1. Information and communication

The Company underlines the importance of information management where it conducts internal communication with the management and all employees to raise awareness that their performance shall align with the Company’s objectives, goals, strategies and major risk management factors.

  1. Monitoring

The Company makes sure that there is a coordination, meeting and reporting process between the management and those responsible for risk management, the Risk Oversight Committee and the Audit Committee. A monitoring and review process through the internal audit must be conducted to analyze major risks that currently exist as well as new potential risks and to monitor their changes. This is to ensure that the risks are constantly reviewed and prioritized and that the adequacy of the risk management is constantly assessed.
 

Risk Culture

  • The Company promotes the knowledge sharing about risk and risk management practices among employees.
  • The Internal Audit Department formulates a risk-based audit plan to review and reduce operational risk. Proposals from the risk-based audit plan are submitted to risk owners to inform risks that need to be constantly managed.
See More
Share