The Company’s Risk management is under supervision of the Company’s Board of Directors whereby the Risk Management Committee is responsible for setting up efficient risk management policy and approaches as well as overseeing the Enterprise Risk Management Working Committee to ensure that their operations are appropriate for current business contexts and situations. The Risk Management Committee comprises 7 members from the Company’s directors and senior executives with an Independent Director serves as Chairman of Risk Management Committee. (For more details about Risk Management Structure please see 56-1 One Report, “Corporate Governance Structure” and “Risk Management” Section)
In order to enable the Company to drive effective risk management throughout the organization and respond to the Company's risk management and crisis management policy, the Risk Management Committee has appointed the new Enterprise Risk Management Working Committee in 2020 consist of management, representatives from various departments and Managing Directors of subsidiary companies totally 24 persons. The Chairperson of the Committee is the Senior Vice President of Accounting, Tax and Finance, Investor Relation, and Information Technology. The roles and responsibilities are as follows:
As the Risk management is the responsibility of employees at all levels. The employees must be aware of the existence of risks in the business value chain and their working process and provide the appropriate and sufficient risk management measures. Therefore, all departments in the Company and its subsidiaries have appointed their risk coordinators in operational level working together with the Enterprise Risk Management Working Committee and Corporate Strategy and Risk Management Division in risk identification and assessment, risk mitigation plan preparation and evaluation, and also promoting risk awareness, risk culture and participation of employees in their own departments.
The Company conducts Enterprise Risk Management using the guidelines of the Committee of Sponsoring Organization (COSO). (Disclosure 102-11) The Company conducts corporate risk assessment annually by considering the current risks, emerging risks, economic conditions, business competition, innovations and technology development, government policies and regulations, social and environmental changes that may affect the Company’s business operations.
The Company has set the corporate risk management process which is in line with the international standard in order to manage all risks effectively.
The risk management must be implemented in the same direction across the organization, including being part of the decision making, strategic planning and business operation. It must also support the achievement of business objectives and goals.After risk identification and assessment, the Company has prepared the appropriate risk mitigation plans, determined key risk indicators (KRI), and risk appetite to monitor risk management performance and effectiveness of risk management measures, and considered business opportunities arisen from these risks. In 2020, the Company paid attention to enterprise risks which are related to environmental, social, and good governance (ESG-related risks) and had assigned the enterprise risk owner to develop their risk management plans and key risk indicators.
The Enterprise Risk Management Working Committee keeps monitoring the result of risk treatment measures and the situations which cause the risks and reports the findings to the Strategic Management Meeting which consist of the Chairman of the Audit Committee, all Chief level, and Managing Directors of subsidiary companies and to the Board of Directors respectively.
In addition, the Company intended to enhance employee participation in risk management, therefore, the Company has provided workshops and trainings on risk management to employee at all levels in order to educate, raise awareness, and develop corporate risk culture in the Company employees.
In 2021, the Company reassessed the enterprise risks to ensure consistency with Corporate Strategic plans and targets, the trends in global and technology changes as well as changing environmental and social context. The Company has emphasized on the ESG-related risks and emerging risks which are strategically important to the Company. The Enterprise Risk Management Working Team has categorized the risks into 5 categories, namely Strategic Risk, Operational Risk, Compliance Risk, Financial Risk and Emerging Risk and reassessed and reviewed the risk management plans and key risk indicators (KRIs) to follow up and monitor the risks. The Company targets to expand the risk management further down to business unit level across the Company.
The Company's risk assessment result shows one significant emerging risk that may affect the Company's business operations in the next 3-5 years, which is the risk from changing behaviors and demands in the new/next normal due to the pandemic. Although this emerging risk has not directly impacted the Company yet, but the Company is aware of the importance of such risk and has raised it to an enterprise risk which is needed to monitor and assess closely.
The new normal refers to changes in the lifestyle, business conduct, attitude, and demand of the Company's stakeholders after the COVID-19 pandemic. It is expected to be a key factor to speed up the changes of global trends in many areas, such as product demand, trade policy, global supply chain, labor-intensive industry, production innovation and technology, and human resource management. These changes may force manufacturers in the industrial estates to adapt to and prepare for future situations. Then the manufacturers have to adjust their business policies, change production processes, delay their investments, or have new requirements for decision making to invest in AMATA City Industrial Estates. Those may affect the Company's revenue and decrease its competitiveness if appropriate response measures have not been set in place.
Therefore, the Company has been closely monitoring the global and regional changes, as well as their impacts on our clients in the industrial estates in order to assess the business risk and determine appropriate risk management measures. It has also adjusted its international business model to ensure business continuity. In addition, the Company has been monitoring changes in demands, expectations, and concerns of internal and external stakeholders to analyze and address appropriate responses.
Promotion of Risk Management Culture
The Company places importance to the participation of executives and employees in the Company’s risk management, especially the risks in their duties and responsibilities. The Company requires the risk management system to be a part of the daily operation and eventually turn it to become a corporate culture. Besides the executives of each department and subsidiary, there are risk coordinators jointly drive the risk management by attending the meeting with the Enterprise Risk Management Working Committee and transmitting the message to other employees in operation level.
In 2021, the Company determined four approaches to promote corporate risk management culture to all staff level which are 1) EDUCATE: Promotion of Knowledge and Understanding 2) PARTICIPATE: Promotion of participation 3) MANAGE: Systematic Risk Management and 4) ENCOURAGE: Integration risk management into daily work.
The Company realized that knowledge and understanding of all staff is a key factor that will help bring about the efficient corporate risk management process and achieving the risk management objective and therefore, held workshop and special lecture on topics relevant to each risk category. The Company also set to regularly hold special lectures and trainings every year. The performance in 2021 included the followings:
The Company has adopted “The Committee of Sponsoring Organization” or COSO for Enterprise Risk Management approaches and set to have systematic internal control in accordance with the three Lines of Defense concept which consists of 1st Line of Defense (risk owner who is responsible for risk management), 2nd Line of Defense (Corporate Strategy and Risk Management Department who sets guidelines and standards of risk management and follow up the operation), and 3rd Line of Defense (Internal Audit Division who independently audits the efficiency of the enterprise risk management system). The risk management performance will be reported monthly to senior executives and to Risk Management Committee.
In 2021, the Company reported the performance of enterprise risk management to senior executives and Risk Management Committee 12 times and 5 times, respectively.
The Company has set the achievement of enterprise risk management as key performance indicators of the Company (Corporate KPIs) as well as of senior executives which will be evaluated every 6 months and it also linked to the KPIs of units that are risk owner also.