Risk and Crisis Management

Management Approach

Guidelines for Risk Management and Internal Control

GGC has appropriate risk management and internal control guidelines that are in line with international standards, namely COSO (The Committee of Sponsoring Organization of the Treadway Commission) 2017 and ISO 31000 standards in order to achieve the objectives of effective internal control in the area of operation, as well as accuracy and completeness of the report and compliance with the law and relevant rules for conducting business, which will help support the work of the Company and ensure accuracy, transparency, achieve the Company's objectives, and respond to the expectations of stakeholders who expect the organization to conduct business with transparency, ethics and social responsibility. The Company, therefore, attaches great importance to (Governance, Risk Management and Compliance (GRC) to promote business operations with stability and sustainability and meet the expectations of key stakeholders.

GGC has established a unit responsible for supervising and monitoring the internal control system to ensure its efficiency on a regular basis in order to operate efficiently. The generated reports are accurate, reliable, and the operations are in compliance with relevant laws and regulations. The Company is able to protect its assets from the misuse of authorized persons and those involved, including sufficient transactions with persons who may have conflicts of interest and connected persons. Furthermore, the internal audit department has reviewed the internal control system of the Company, according to the risk-based audit plan.

In addition, GGC emphasizes through risk assessment quarterly so that risk management and internal control are in line with corporate governance principles and the good practices of the SEC, as well as the best practices of the Company Group, while increasing the efficiency of internal control according to international standards to achieve the objectives of internal control in all 3 aspects, namely Operation, Reporting, and Compliance. The Risk Management Committee Supported and suggested the risk and control self-assessment (RCSA) development process in order to increase the efficiency of internal control and create understanding of operators in carrying out activities. The committee can assess the key points of the internal control process and assess work process risks, as well as implement a risk culture promotion program for employees at all levels within the organization. Furthermore, in order to improve GGC's risk management corporate culture, the company provides its employees with expert guidance on enterprise risk management. This training involves the Board, Executives, and all levels of employees, making risk management a part of everyone's job description. This approach promotes better knowledge and understanding of corporate risk management, ultimately leading to increased effectiveness. As well as encourage all employees’ awareness of risk culture by conducting the following projects:

For more about our risk and crisis management program, see the 2022 Integrated Sustainability Report at Integrated Sustainability Report 2022

• Risk Management Workshop for Top Management Project to increase efficiency and understanding of risk management at both the operational and corporate levels for executives.
• Risk Awareness Training Refreshment to raise awareness and increase risk management efficiency, as well as internal control/ to exchange risk issues arising from each department within the Company.
• Risk and Control Self-Assessment (RCSA) Project to ensure effective risk management and internal control, as well as build confidence and credibility of financial reports, ensure property protection and compliance with relevant laws and regulations of the Company.
• Business Continuity Plan (BCP) Project to prepare for incidents, reduce the impact on business operations, and enable employees at all levels in the business continuity planning (BC Team) to understand their roles and responsibilities, according to the guidelines set forth in the business continuity plan with efficiency.

See the details about the training on Governance, Risk Management and Compliance : GRC and Risk and Control Self-Assessment: RCSA for GGC’s top management in 2022 at GRC and RCSA Refreshment Workshop for Top Management : GGC GRC and RCSA Refreshment Workshop for Top Management

The Company manages risks and improves internal controls along with strategic management for the business operations in order to meet the strategic objectives and key objectives of the organization within an acceptable risk level. This covers risk management in terms of quality, security, safety, occupational health and environment, Human Rights, Labor Rights, Compliance with relevant laws, rules and regulations and Anti-Corruption, while responding to stakeholders in a fair manner, by analyzing the business environment, covering both internal and external factors that may affect the Company's current business operations. The Company also requires risk assessment along with strategic planning, investment and business planning, in order to conduct business in accordance with the annual corporate goals, both Short-Term and Long-Term Goal. The Company also implements measures to prevent the impact that has been defined to control the level of risk to an acceptable level, as well as conduct Root Cause Analysis in case of non-compliance with the plan.

The Company considers risks, covering corporate risks, operational risks and emerging risks in line with the COSO Standards (The Committee of Sponsoring Organisations of the Treadway Commission)