Risk and Crisis Management

Supporting the SDGs Goals

SDGs

Goal 16:

Peaceful and inclusive societies, justice, and non-discrimination.

Challenges and Opportunities

Commitment

The Company realizes the important to Enterprise Risk Management according to the good corporate governance principles and believes that risk management is one of strategies that will help the Company to reach the operational Objectives and Goals. Also, the business operations in present have changes all the time whether it is caused by external factors or internal factors, including Changes in the economy, technology, competition, and the expectations of stakeholders which may affect to the business operations.

The Company is committed to continuously enhancing its risk management processes to effectively respond to changes and support operational objectives and goals, and sustainable growth.

Management Approach and Value Creation

Management Approach

The Company establishes the policies and management plans for risk management that focuses on strong risk management with systematic process to efficiently handle risk and maintain the overall risk at an acceptable level. The risk management process includes:

Risk Management Policy Setting: Defining the scopes, responsibilities and risk management guidelines aligned with the Company's strategies and operational objectives.
Risk Identification: Identifying potential risks that affect the achievement of the Company's objectives, considering both internal and external factors related to the Company. To cover strategic, operational, financial, legal and regulatory risks, risks of Environmental, Social and Corporate Governance (ESG) as well as Emerging Risks.
Risk Assessment: Evaluating the risk levels based on predefined criteria for likelihood of occurrence, and impacts on the Company's objectives achievement, in case that such risk occur, to prioritize the risk matrix and define the methods to manage such risks.
Risk Management: Defines the critical methods for developing a risk management plan in order to reduce the likelihood of occurrence and minimize potential impacts or damages. All risks must be managed to remain within acceptable levels.
Risk Monitoring & Review: Tracking the results of risk management according to the established plans, including evaluating the effectiveness of risk management. This ensures that the Company’s risks are appropriately managed. The Management team monitors and reports to the Audit and Risk Management Committee and the Board of Directors.

1

Risk Management Structure

Click to Enlarge

Roles and Responsibilities

Board of Directors and Audit and Risk Management Committee

Board of Directors are responsible for ensuring that risk management aligns with the Company’s policies, assigning Audit and Risk Management Committee to oversee, audit and improve a risk management process, and tasking Risk Management Working Group with risk management operation and reporting to Audit and Risk Management Committee, and Board of Directors, respectively.
Internal Audit Department

Internal Audit Department is responsible for inspecting the operational working group, and the supervisory and operational support working group to ensure that appropriate and effective risk management is in place, and reports the audit results to the Audit and Risk Management Committee.
Risk Management Working Group

Management Department has formed a Risk Management Working Group to establish the Company’s Risk Management Policy and its framework, and to oversee the risk management process for properly mitigating business impact. Furthermore, the group consists of 10 members, including top executives and line managers, serving as Risk Owners. They have united in the Risk Management Working Group with the following roles and responsibilities:

Set a risk management policy, risk management framework, risk tolerance levels and a risk management process, which must be approved by the Audit and Risk Management Committee.
Identify short-term and long-term Corporate Risks, covering the following areas: strategic risks; operational risks; financial risks; compliance risks; Environmental, Social, and Governance (ESG) risks; as well as emerging risks in the next 3-5 years.
Assess and form a risk management approach aligned with the Risk Management Policy so that it can be assessed, monitored, and controlled within risk tolerance.
Establish KRIs (Key Risk Indicator) to monitor risk trends and set KPIs (Key Performance Indicator) for each department. This allows the anticipation of risk status and the implementation of mitigating actions within the set indicators.
Conduct a comprehensive report on risk management, business operations, corporate risk status, changes, and necessary improvements to align with policy and practical guidelines. This report must be delivered to the Audit and Risk Management Committee and Board of Directors.
Closely monitor trends and status of risks, relevant measures, and frameworks for continuously developing a risk management process.
Promote a Risk Culture to be a fundamental growth of sustainability

Audit and Risk Management Committee

2

Procedure for Risk Management

Click to Enlarge

3

Encouraging Risk Culture

The Company encourages Risk Culture for all levels of its personnel and cultivates the awareness of risk management significance among all employees, boosting its potential for risk management. It also prompts a foundation to risk management in place with COSO (Committee of Sponsoring Organizations of the Treadway Commission), enabling the risk management procedure in business operations to be effective and up to date. The guidelines for strengthening Risk Culture are as follows:

Establish a clear risk management policy and its framework, review annually, and ensure communication throughout the Company so that executives and employees at all levels are aware of potential risks and impacts, the importance of risk management, and their responsibilities
Incorporate risk management criteria in project approval, new service development, and operational planning.
Use risk management as a key performance indicator (KPI) in assessing the performance of top executives and line managers to effectively monitor and support risk management.
Divide risk management responsibilities among departments according to the Three Lines of Defense model to ensure a check and balance system for preventing or reducing risks and errors in operations, thereby achieving corporate goals and objectives and building stakeholder confidence. The Three Lines of Defense are as follows:
- First Line of Defense refers to risk owners or operational units responsible for managing their own tasks in compliance with rules and regulations to ensure appropriate internal controls and effective risk management
- Second Line of Defense refers to units responsible for overseeing and supporting the work of the operational units.
- Third Line of Defense refers to internal and external audit departments tasked with reviewing and auditing operational processes.
Support all levels of employees to take responsibility for assessing and identifying potential risks in their responsible departments or Risk Owners and set a process to minimize risks and report to the Risk Management Working Group
Promote training to create knowledge and understanding about risk management or operational risks through the development of the “SkillHub” program as a self-learning platform (E-Learning) in the Agilis HR application, which all employees can easily access via their own smartphones.

4

Emerging Risks

Risk	Business Impact and Risk Management Measures
Risks from Adapting to a Low-Carbon Society	“A low-carbon society” is one of the solutions to address global warming and climate change. It focuses on reducing greenhouse gas across all sectors while improving quality of life and maintaining ecological balance, allowing people and the environment to live sustainably together. Being “eco-friendly” is one approach to transitioning into a low-carbon society. This means considering environmental impacts throughout the entire value chain, including sourcing raw materials, transportation, production or processing, packaging, distribution, marketing, consumer use, and recycling. The entire process aims to minimize carbon emissions and reduce environmental impacts. Business Impact The global shift toward a low-carbon society directly affects businesses. Companies that fail to adapt may face multiple risks, including stricter environmental regulations, higher operating costs, reputational damage affecting stakeholder trust, and competitive disadvantages compared to businesses that can offer more efficient and sustainable products or services. Mitigation Measures The Company recognizes the importance of adapting to low-carbon consumer behavior and has implemented a mitigation plan. The Company focuses on creating business opportunities while reducing environmental impacts by developing and promoting eco-friendly ESG products. ESG product categories are clearly defined, and a target has been set for ESG product revenue to reach at least 40% of total sales by 2025, supporting responsible consumption and advancing the Company’s transition toward sustainable low-carbon operations. The Company’s revenue share from ESG products has steadily increased from 33.73% in 2023, to 42.20% in 2024, and 45.28% in 2025. In addition, the Company continuously tracks and analyzes trends in eco-friendly products to adapt strategies to changing consumer needs. This proactive approach helps reduce operational risks and strengthens the Company’s competitiveness.
Extreme weather events Risk	The Company recognizes the risks associated with climate change, which may lead to extreme weather events such as floods, heavy rainfall, cyclones, strong winds, heatwaves, and droughts. These events can directly impact the Company’s operations, including customer service, logistics management, outdoor storage, and employee safety across all stores nationwide. Business Impacts Extreme weather events may cause damage to property, buildings, infrastructure, and inventory, potentially disrupting operations at some stores and affecting sales and revenue. Delays in transportation or shortages of goods in certain areas could also impact the Company’s overall supply chain. Mitigation Measures To ensure business continuity and resilience against extreme weather, the Company has implemented the following measures: Business Continuity Management (BCM): Developing business continuity management for natural disasters and extreme weather to enable rapid recovery, minimize service disruptions, and maintain the integrity of the supply chain. Risk Assessment of Locations: Identifying stores in flood-prone or high-risk areas to plan structural improvements, such as elevating buildings, installing drainage systems, and providing backup power, to enhance preparedness and resilience Green Infrastructure Development: Promoting the installation of solar rooftop systems at high-risk stores, using weather-resistant construction materials, and designing surrounding landscapes to manage and store rainwater effectively. High-pressure water barriers are also deployed to prevent flooding and reduce potential damage. Supply Chain Resilience: Diversifying sourcing and increasing backup inventory in safe locations to reduce the impact of transportation delays or disruptions. Early Warning and Communication Systems: Establishing centralized information systems to alert stores in high-risk areas, enabling timely preparedness and response to extreme weather events.
Misinformation and Disinformation Risks	In the current digital era, rapidly advancing AI can generate highly realistic text, images, audio, and video, enhancing communication and marketing. However, it also increases the risks of misinformation and disinformation, especially through deepfake technology and automated content-generation tools that make it difficult to distinguish real information from fabricated content. This includes false claims about product quality or safety, misleading promotions, fake websites, impersonation of company employees, and disinformation intended to damage the company’s reputation. Such content can spread rapidly online, significantly affecting the company’s reputation, stakeholder confidence, and overall business value. Business Impacts The spread of misinformation or disinformation can seriously harm a company’s image and reputation, reduce customer confidence, weaken investor trust, and impact financial performance, including sales, stock value, and overall business operations. It can also lead to lost business opportunities and threaten long-term operational sustainability. Mitigation Measures The Company has implemented proactive plan to prevent and respond to misinformation and disinformation: Content Verification Process: The company has established a content verification process before publication, with a dedicated team that reviews critical information such as specifications, pricing, return terms, and promotional materials. Additionally, all content intended for public release must be approved by authorized personnel to ensure it is complete, accurate, and free from misinformation. Social and Media Monitoring:The company continuously tracks online content, news, comments, and public sentiment using social listening tools. Reports are generated to detect trends and identify inaccurate misinformation and disinformation, enabling timely response and action. Incident Response and Communication Protocol: The company has established guidelines for responding to and communicating during incidents of misinformation or disinformation. It provides official updates through a designated central team to ensure accurate and consistent information and to avoid confusion. All announcements are shared through the company website (https://globalhouse.co.th/ ) or the Customer Service Center (1160). Customers and stakeholders are encouraged to use only these official channels to prevent misunderstandings from unofficial sources. Security and Identity Protection: The company implements official verified accounts to prevent fake pages or accounts. Control measures are applied to internal information systems, along with regular security audits.

Risk

Business Impact and Risk Management Measures

Risks from Adapting to a Low-Carbon Society

“A low-carbon society” is one of the solutions to address global warming and climate change. It focuses on reducing greenhouse gas across all sectors while improving quality of life and maintaining ecological balance, allowing people and the environment to live sustainably together. Being “eco-friendly” is one approach to transitioning into a low-carbon society. This means considering environmental impacts throughout the entire value chain, including sourcing raw materials, transportation, production or processing, packaging, distribution, marketing, consumer use, and recycling. The entire process aims to minimize carbon emissions and reduce environmental impacts.

Business Impact

The global shift toward a low-carbon society directly affects businesses. Companies that fail to adapt may face multiple risks, including stricter environmental regulations, higher operating costs, reputational damage affecting stakeholder trust, and competitive disadvantages compared to businesses that can offer more efficient and sustainable products or services.

Mitigation Measures

The Company recognizes the importance of adapting to low-carbon consumer behavior and has implemented a mitigation plan. The Company focuses on creating business opportunities while reducing environmental impacts by developing and promoting eco-friendly ESG products. ESG product categories are clearly defined, and a target has been set for ESG product revenue to reach at least 40% of total sales by 2025, supporting responsible consumption and advancing the Company’s transition toward sustainable low-carbon operations.

The Company’s revenue share from ESG products has steadily increased from 33.73% in 2023, to 42.20% in 2024, and 45.28% in 2025.

In addition, the Company continuously tracks and analyzes trends in eco-friendly products to adapt strategies to changing consumer needs. This proactive approach helps reduce operational risks and strengthens the Company’s competitiveness.

Extreme weather events Risk

The Company recognizes the risks associated with climate change, which may lead to extreme weather events such as floods, heavy rainfall, cyclones, strong winds, heatwaves, and droughts. These events can directly impact the Company’s operations, including customer service, logistics management, outdoor storage, and employee safety across all stores nationwide.

Business Impacts

Extreme weather events may cause damage to property, buildings, infrastructure, and inventory, potentially disrupting operations at some stores and affecting sales and revenue. Delays in transportation or shortages of goods in certain areas could also impact the Company’s overall supply chain.

Mitigation Measures

To ensure business continuity and resilience against extreme weather, the Company has implemented the following measures:

Business Continuity Management (BCM): Developing business continuity management for natural disasters and extreme weather to enable rapid recovery, minimize service disruptions, and maintain the integrity of the supply chain.
Risk Assessment of Locations: Identifying stores in flood-prone or high-risk areas to plan structural improvements, such as elevating buildings, installing drainage systems, and providing backup power, to enhance preparedness and resilience
Green Infrastructure Development: Promoting the installation of solar rooftop systems at high-risk stores, using weather-resistant construction materials, and designing surrounding landscapes to manage and store rainwater effectively. High-pressure water barriers are also deployed to prevent flooding and reduce potential damage.
Supply Chain Resilience: Diversifying sourcing and increasing backup inventory in safe locations to reduce the impact of transportation delays or disruptions.
Early Warning and Communication Systems: Establishing centralized information systems to alert stores in high-risk areas, enabling timely preparedness and response to extreme weather events.

Misinformation and Disinformation Risks

In the current digital era, rapidly advancing AI can generate highly realistic text, images, audio, and video, enhancing communication and marketing. However, it also increases the risks of misinformation and disinformation, especially through deepfake technology and automated content-generation tools that make it difficult to distinguish real information from fabricated content. This includes false claims about product quality or safety, misleading promotions, fake websites, impersonation of company employees, and disinformation intended to damage the company’s reputation. Such content can spread rapidly online, significantly affecting the company’s reputation, stakeholder confidence, and overall business value.

Business Impacts

The spread of misinformation or disinformation can seriously harm a company’s image and reputation, reduce customer confidence, weaken investor trust, and impact financial performance, including sales, stock value, and overall business operations. It can also lead to lost business opportunities and threaten long-term operational sustainability.

Mitigation Measures

The Company has implemented proactive plan to prevent and respond to misinformation and disinformation:

Content Verification Process: The company has established a content verification process before publication, with a dedicated team that reviews critical information such as specifications, pricing, return terms, and promotional materials. Additionally, all content intended for public release must be approved by authorized personnel to ensure it is complete, accurate, and free from misinformation.
Social and Media Monitoring:The company continuously tracks online content, news, comments, and public sentiment using social listening tools. Reports are generated to detect trends and identify inaccurate misinformation and disinformation, enabling timely response and action.
Incident Response and Communication Protocol: The company has established guidelines for responding to and communicating during incidents of misinformation or disinformation. It provides official updates through a designated central team to ensure accurate and consistent information and to avoid confusion. All announcements are shared through the company website (https://globalhouse.co.th/ ) or the Customer Service Center (1160). Customers and stakeholders are encouraged to use only these official channels to prevent misunderstandings from unofficial sources.
Security and Identity Protection: The company implements official verified accounts to prevent fake pages or accounts. Control measures are applied to internal information systems, along with regular security audits.