Risk and Crisis Management
Supporting the SDGs Goals
SDGs
Goal 16:
Challenges and Opportunities
Commitment
The Company recognizes that today’s rapid economic, social, and environmental changes create uncertainty in business operations and hinder the achievement of the Company’s objectives, which may affect all stakeholders. Therefore, risk and crisis management are fundamental to protecting and mitigating business operations.
The Company is committed to managing risks and crises efficiently, covering ESG areas, and encouraging a corporate risk culture, to address crises seamlessly and to sustain business growth.
Management Approach and Value Creation
Management Guidelines
The Company establishes the policies and management plans for risk management that focuses on strong risk management with systematic process to efficiently handle risk and maintain the overall risk at an acceptable level. The risk management process includes:
- Policy Setting for Risk Management: defining the scopes, responsibilities and risk management guidelines aligned with the Company's strategies and operational objectives.
- Risk Identification: identifying potential risks that affect the achievement of the Company's objectives, considering both internal and external factors related to the Company. To cover strategic, operational, financial, legal and regulatory risks, risks of Environmental, Social and Corporate Governance (ESG) impacts as well as newly Emerging Risks.
- Risk Assessment: Evaluating the risk levels based on predefined criteria for likelihood of occurrence, and impacts on the Company's objectives achievement, in case that such risk occur, to prioritize the risk matrix and define the methods to manage such risks.
- Risk Management: defines the critical methods for developing a risk management plan in order to reduce likelihood of occurrence and impacts or potential damages that may occur. It is essential to manage risks to maintain them at an acceptable level.
- Risk Monitoring & Review: tracking the results of risk management according to the established plans, including
evaluating the effectiveness of risk management. This ensures that the Company’s risks are appropriately managed.The Management team monitors and reports to the Audit and Risk Management Committee and the Board of Directors.
Risk Management Structure
Roles and Responsibilities
-
Board of Directors and Audit and Risk Management Committee
Board of Directors are responsible for ensuring that risk management aligns with the Company’s policies, assigning Audit and Risk Management Committee to oversee, audit and improve a risk management process, and tasking Risk Management Working Group with risk management operation and reporting to Audit and Risk Management Committee, and Board of Directors, respectively.
-
Internal Audit Department
Internal Audit Department is responsible for inspecting the operational working group, and the supervisory and operational support working group to ensure that appropriate and effective risk management is in place, and reports the audit results to the Audit and Risk Management Committee.
-
Risk Management Working Group
Management Department has formed a Risk Management Working Group to establish the Company’s Risk Management Policy and its framework, and to oversee the risk management process for properly mitigating business impact. Furthermore, the group consists of 10 members, including top executives and line managers, serving as Risk Owners. They have united in the Risk Management Working Group with the following roles and responsibilities:
- Set a risk management policy, risk management framework, risk tolerance levels and a risk management process, which must be approved by the Audit and Risk Management Committee.
- Identify short-term and long-term Corporate Risks, covering the following areas: strategic risks; operational risks; financial risks; compliance risks; Environmental, Social, and Governance (ESG) risks; as well as emerging risks in the next 3-5 years.
- Assess and form a risk management approach aligned with the Risk Management Policy so that it can be assessed, monitored, and controlled within risk tolerance.
- Establish KRIs (Key Risk Indicator) to monitor risk trends and set KPIs (Key Performance Indicator) for each department. This allows the anticipation of risk status and the implementation of mitigating actions within the set indicators.
- Conduct a comprehensive report on risk management, business operations, corporate risk status, changes, and necessary improvements to align with policy and practical guidelines. This report must be delivered to the Audit and Risk Management Committee and Board of Directors.
- Closely monitor trends and status of risks, relevant measures, and frameworks for continuously developing a risk management process.
- Promote a Risk Culture to be a fundamental growth of sustainability.
Procedure for Risk Management
Encouraging Risk Culture
The Company encourages Risk Culture for all levels of its personnel and cultivates the awareness of risk management significance among all employees, boosting its potential for risk management. It also prompts a foundation to risk management in place with COSO (Committee of Sponsoring Organizations of the Treadway Commission), enabling the risk management procedure in business operations to be effective and up to date. The guidelines for strengthening Risk Culture are as follows:
- Establish a clear risk management policy and its framework, review annually, and ensure communication throughout the Company so that executives and employees at all levels are aware of potential risks and impacts, the importance of risk management, and their responsibilities.
- Incorporate risk management criteria in project approval, new service development, and operational planning.
- Use risk management as a key performance indicator (KPI) in assessing the performance of top executives and line managers to effectively monitor and support risk management.
- Divide risk management responsibilities among departments according to the Three Lines of Defense model to ensure a check and balance system for preventing or reducing risks and errors in operations, thereby achieving corporate goals and objectives and building stakeholder confidence. The Three Lines of Defense are as follows:
- First Line of Defense refers to risk owners or operational units responsible for managing their own tasks in compliance with rules and regulations to ensure appropriate internal controls and effective risk management.
- Second Line of Defense refers to units responsible for overseeing and supporting the work of the operational units.
- Third Line of Defense refers to internal and external audit departments tasked with reviewing and auditing operational processes.
- Support all levels of employees to take responsibility for assessing and identifying potential risks in their responsible departments or Risk Owners and set a process to minimize risks and report to the Risk Management Working Group.
- Promote training to create knowledge and understanding about risk management or operational risks through the development of the "SkillHub" program as a self-learning platform (E-Learning) in the Agilis HR application, which all employees can easily access via their own smartphones.
Emerging Risks
| Risk | Business Impact and Risk Management Measures |
|---|---|
| Risks from Digital Technology |
Impact on the Company’s Business These days, utilizing digital technology can expose the Company to cyber threats, potentially causing breaches or leaks of critical information, such as trade information and personal data, which could lead to legal action under the Personal Data Protection Act B.E. 2562. The proceedings may include administrative fines of up to 5,000,000 baht; criminal fines of up to 1,000,000 baht (or both imprisonment and a fine); and civil penalties, including compensation and punitive damages of up to twice the compensation amount. Additionally, if internal system operations are disrupted, it could result in operational shutdowns, impacting overall business activities, such as damage to image and reputation, loss of customer trust, and decreased revenue from product and service sales. Mitigation Measures The Company has established practical guidelines for digital technology use that follow international security standards to prevent cyber threats and leaks of critical data. These guidelines contain measures for system access prevention, user access rights permission, logging access to important information, and incident-response plans, such as a Disaster Recovery Plan and a Personal Data Breach Response Plan. Additionally, the Company continuously raises awareness and understanding among employees who are involved with digital technology use. |
| Risks from Economic Environment |
Impact on the Company’s Business In 2024, the overall domestic economy remained uncertain. Although the government tried to stimulate the economy through various projects to encourage expenditure and build public confidence, Thailand’s household debt situation stayed high. Additionally, widespread flooding in many areas across the country has reduced citizens’ purchasing power, affecting the Company’s sales of products and services and causing deficiency in overall performance. Mitigation Measures The Company has developed a real-time reporting system to accurately monitor its sales of products and services at every store. This system enables executives to efficiently plan operations in response to current situations and adjust product offerings to meet customer needs in each area, maintaining sales and financial liquidity. Additionally, the Company procures goods based on sales trends. |
| Risks from Transition to a Low-Carbon Society |
Impact on the Company’s Business Transition to a low-carbon society has changed consumer behavior, leading to increased attention on “Eco Friendly” products and services, while lowering sales of goods that are not classified as such term. Furthermore, changes in laws or regulations promoting the reduction of greenhouse gas (GHG) emissions can result in high expenses for the Company’s business operations. The Company’s nationwide chain of stores has the potential to release a large volume of greenhouse gases, which may exceed government-mandated thresholds Mitigation Measures The Company has adapted its business operations to align with a low-carbon society. Firstly, to address changes in consumer behavior, the Company categorizes its goods as eco-friendly and ergonomic products, or ESG products, which include energy-saving products, global-warming-reducing products, natural-resource-conserving products, health-promoting products, products for the elderly and disabled, and products for the new lifestyle. Secondly, to ensure clear and concrete operations, the Company has set sustainability goals in the economic dimension. The goal is to achieve 40% of sales of ESG products by 2025 to accommodate changes in consumer behavior and support responsible consumption. Finally, to reduce its greenhouse gas emissions, the Company has switched to using renewable energy from the sun by installing Solar Rooftop panels on the roofs of all stores, has replaced gas-powered forklifts with electric forklifts, and has also set sustainability goals in the environmental dimension, aiming to reduce greenhouse gas emissions by 20% from the base year by 2030. |
