ENTERPRISE RISK MANAGEMENT
Enterprise Risk Management
Enterprise Risk Management (ERM) is an integral part of our business operation planning and organization culture. ERM is applied to all business units and personnel to ensure business objectives are met while minimizing the probability and impact of potential risks, along with mitigating them. These considerations include internal and external aspects that may arise from within our organization and from other market factors.
Our ERM framework and processes are implemented in accordance with the Committee of Sponsoring Organization of the Treadway Commission (COSO) and ISO 31000:2018 Risk management guidelines. This has aided us in the execution of risk governance and culture, risk assessment and review that aligns our corporate strategies and sustainability development goals.
Enterprise Risk Management Structure
Once risk has been identified, they are categorized as follows; (1) Strategic Risk, (2) Operational Risk, (3) Reporting Risks, and (4) Compliance Risk. This allows us to assess and obtain a holistic view as to the potential affects the risk may have on internal and external functions and affects to related parties. The RMO coordinates with each business unit’s RC and RO to guide, follow-up, and implement mitigation plans, which results are monitored via Key Risk Indicator (KRI) reports.

Business Continuity and Crisis Management
To ensure business continues uninterrupted, we have implemented plans that will allow for personnel flexibility, operation, and production contingencies and employment of new technology to optimize our effectiveness and safety
To ensure that our business continues uninterrupted and that you will not be affected by it, we have implemented plans to keep our operation and production facilities running smoothly, utilize technology to facilitate communication and adaptability of our personnel to serve you, our stakeholders and partners.
Report performance of risk management to the Board of Directors and management and communicate to stakeholders
Report &
Communication
Monitoring &
Review
Monitor and evaluate mitigation plans and internal controls on a regular basis
Report & Communication
Report performance of risk management to the Board of Directors and management and communicate to stakeholders
Risk Identification
Identify business risks based on business objectives across value chain
Monitoring & Review
Monitor and evaluate mitigation plans and internal controls on a regular basis
Risk Assessment
Analyze and assess risks
and prioritize based on likelihood of occurrence and potential impact