To be a leading value-oriented integrated energy company in Asia-Pacific

Slide Left Slide Right

To cope with the challenges for today’s business operation ranging from intensifying competition, innovation and technological advancement, and rapid change of environment, the Company has put greater emphasis on risk management aside from internal control. These management mechanisms are adopted to turn uncertainties into opportunities, which will create positive impacts and control risks that may adversely affect the organization’s goals.

The Risk Management Policy

The Board of Directors has established guidelines in the risk management policy to enhance operational efficiency and implemented as the administrative tool in helping increase the chances of success to achieve the company’s objectives. The essence of the policy is summarized below:

The Risk Management Structure

The Corporate Planning and Systems Development Division plays a leading role in tackling enterprise risks, under the supervision of the Asset Management Function. The Company also established the Risk Management Working Group represented by high level executives from all functions and the Board of Directors appointed the Risk Management Committee. Head of the Planning and Systems Development Division serves as the Risk Management Committee's secretary.

The Board of Directors-appointed sub-committees take part in identifying risk factors and measures to mitigate risks at an acceptable level and report to the Board of Directors. Details are as follows:

Project Risk Management

Business Development Function, Project Development Function and Asset Management Function are responsible for project-level risks in their respective areas. They must separately report work progress and operational updates to relevant sub-committees and then the Board of Directors in order for acknowledgement and consideration. Furthermore, the supervision through the Company’s representatives is assigned to the position of executive and/or director as well as a shareholder of subsidiaries, affiliates and joint ventures.

Enterprise Risk Management Approach

The Company has adopted the standards of The Committee of Sponsoring Organizations of The Treadway Commission-Enterprise Risk Management (COSO-ERM) as a framework for internal control and risk management which is aligned with the Company’s business strategy and operations. ี้

Enterprise Risk Factors

The Company analyzed, assessed and identified risk factors and preventive and management measures to minimize the probability and impacts as follows:

  1. Strategic Risk
    Approaches to prevent and manage risks and to reduce impacts
    • Follow up changes constantly as well as analyze and assess possible impacts against the strategic plan in aspects of business goal, operation, financial and environment.
    • Assess internal factors that enable the operations such as investment plan, human resource management and stakeholder relationship management.
    • Schedule an annual review on the Company’s strategies and business goals.
  2. Financial Risk
    Approaches to prevent and manage risks and to reduce impacts
    • Prepare a financial policy as the framework to control and manage financial risks relating to interest rates, exchange rates and liquidity management.
    • Plan financial projection concerning the amount and term accordingly to the Company’s financial status.
    • Elevate the efficiency of internal control system in monitoring implementation of financial policy and action plan.
  3. Operation Risk
    Approaches to prevent and manage risks and to reduce impacts
    • Monitor the power plants’ operating performance and assess risks relating to power plant management, generation efficiency, scheduled maintenance and reliability in accordance with power purchase agreements.
    • Emphasize safety of operators, contractors and the environment as required by relevant laws and regulations.
    • Monitor and assess the power plants' revenue generating capacity, concerning their efficiency and availability, on a regular basis.
    • Closely monitor the maintenance service quality, to meet pre-set standards.
    • Improve network security through, for example, control of access and authorization to devices, Firewall setup, web and email filtering, and installation of server protection systems like Server Firewall, Logon Policy and Anti-Virus Program.
  4. Corruption Risk and Compliance Risk
    Approaches to prevent and manage risks and to reduce impacts
    • The Company’s Board of Directors imposes the anti-fraud and corruption policy and rules for the acknowledgement and practice by all.
    • Test on employees’ understanding in the Company’s anti-corruption policy is scheduled, being a part of individual KPI.
    • The Company issues related rules as operational framework and a mechanism to inspect and prevent corruption, in line with the principles of CAC. The Audit Committee is tasked to monitor and ensure the overall operations following CAC principles.
    • The Company thoroughly studies the laws, rules and regulations in each investment destinations and seeks recommendations from specialized legal consultants.
    • The Company studies and reviews investment information and risks of each country from reliable sources and seek advice from legal advisers experienced in the country, to ensure appropriate and full compliance.
    • The Company seeks a local partner with experience and expertise in the particular business.

Emerging risk management

The Company has monitored both internal and external conditions to pinpoint emerging risks that may disrupt and affect the operations. Climate change and advancement of technology are considered two emerging risks that require preventive and adaptation measures. The measures are summarized as follows:

  1. Climate Change which is driven by increasing consumption of natural resources by the manufacturing, business and household sectors, in line with population growth.
    Management probability / Opportunity
    • Analyze and assess environmental risks and impacts as well as the availability of water and fuels throughout project period.
    • Monitor studies and researches on climate change, to support project risk analysis and the selection of locations.
    • Transfer risks through natural disaster insurance, to reduce possible economic impacts on the Company’s new and commercially-operated assets.
    • Raise renewable energy portion to ease impacts on raw materials and reduce greenhouse gas emission.
    • Raise renewable energy portion to ease impacts on raw materials and reduce greenhouse gas emission.
  2. Technology risk which is a result of rapid advancement of technological development especially Big Data, Artificial Intelligence and Quantum Computing as well as digital transformation.
    Management probability / Opportunity
    • Analyze business opportunities in support of the Company’s goal in diversifying to New S Curve industries.
    • Seek partners with technological expertise for new businesses, to achieve the business goal and reduce risks and economic impacts.
    • Monitor the evolution of Cyber Attacks and patterns and then assess the efficiency of the Company’s network security protection system, data system and power plants’ control system. Seek consultation on preventive measures from technology consultant.
    • Observe legal changes and law enforcement which may bring measures aimed at protecting information and privacy.

Business Continuity Management Policy

Crisis and business continuity management

The Company prepared the crisis management plan, the crisis communication plan and business continuity plan with a review and improvement on an annual basis. The business continuity management plan has been announced, serving as a guideline to ensure continuity and manage risks that may derive from rapid and unpredictable uncertainties affected by internal and external factors.

Internal Control

The Board of Directors appointed the Audit Committee and tasked it to define the targets in supervising, monitoring and assessing the Company’s internal control, for the implementation by the Internal Audit Division. The Company applied the Committee of Sponsoring Organizations of the Treadway Commission - Enterprise Risk Management (COSO-ERM) framework that integrates internal control and risk management with business operations and management process as a guideline for internal auditing. The framework contains 8 elements including organizational environment, objective setting and risk management, identification of risk events and factors, risk assessment, risk response, control activities, information and communication, and monitoring.

The Internal Audit Division was independent, leading by Vice President – Head of Internal Audit Division who serves as the Audit Committee’s secretary. The division reported directly to the Audit Committee, with administrative reporting to the Chief Executive Officer as guided by the Company’s order on the division’s responsibility and the order on Internal Audit. The Internal Audit Division’s scope of responsibility and authority was clearly defined. It was also tasked to implement the Board of Directors’ assignments to the Audit Committee.

The appointment, dismissal, transfer or termination as well as independence of Head of Internal Audit Division is subjected to the Audit Committee’s approval.