Identify business risks based on business objectives across value chain
Analyze and assess risks
and prioritize based on likelihood of occurrence and potential impact
Enterprise Risk Management (ERM) is an integral part of our business operation planning and organization culture. ERM is applied to all business units and personnel to ensure business objectives are met while minimizing the probability and impact of potential risks, along with mitigating them. These considerations include internal and external aspects that may arise from within our organization and from other market factors.
Our ERM framework and processes are implemented in accordance with the Committee of Sponsoring Organization of the Treadway Commission (COSO) and ISO 31000:2018 Risk management guidelines. This has aided us in the execution of risk governance and culture, risk assessment and review that aligns our corporate strategies and sustainability development goals.
Once risk has been identified, they are categorized as follows; (1) Strategic Risk, (2) Operational Risk, (3) Reporting Risks, and (4) Compliance Risk. This allows us to assess and obtain a holistic view as to the potential affects the risk may have on internal and external functions and affects to related parties. The RMO coordinates with each business unit’s RC and RO to guide, follow-up, and implement mitigation plans, which results are monitored via Key Risk Indicator (KRI) reports.
The Group performs a risk management process by identifying corporate risks and unit risks along the value chain corresponding to the business direction and organizational goals including risk assessment, risk monitoring and control, reporting and Effective Risk Management Processes Promote Long-Term Corporate Sustainability Management communication, and regular review of the sufficiency and effectiveness of risk management of each unit involved. We established a Risk Management Committee to be responsible for the implementation under the supervision of the Board of Directors.
Report performance of risk management to the Board of Directors and management and communicate to stakeholders
Risk Report &
Risk Monitoring &
Regularly monitor and evaluate mitigation plans, sensitivity analysis, stress testing, Key Risk Indicators (KRIs), and internal controls on a regular basis