Page 73 - E-BOOK
P. 73
(E) Monitoring
The Company monitors, improves, and reviews its risk management operation, whereas the responsible
departments will monitor, improve, and review the Company’s risks, in accordance with a clearly defined timeframe.
Then the Company will evaluate, respond, and manage the risks found from the monitoring system.
Managing the Company’s primary risks
The Company manages its risks by classifying them into 4 types, as follows.
(A) Strategic risks
Risks that occur from the inappropriately defined strategic plans or the adjustment of the strategic plan
that is inconsistent with the organization’s internal and external environment. As a result, those risks may affect the
Company’s ability to achieve its goals, in accordance with its strategic plans and operation plans. Strategic risks may
also affect the Company’s revenue, financial position, competitive capability, and survivability.
The tool for managing strategic risks
The Company reviews and makes sure that its annual operation plan is consistent with its internal and
external environment. The strategic risk management starts from the Company’s Board of Directors and executives,
as they determine the Company’s direction, create the strategic plans while considering the annual risk analysis
data, regarding risks that may affect the Company. In this regard, the Risk Map will be used for analyzing the
organization’s risks, as well as determining the key risk indicators, the acceptable level of risks (Risk Appetite), and
the deviation interval of the risk tolerance. 71
(B) Operational risks
The risks of potential damages that are results of the good corporate governance–related measures
and the internal control measures that have been poorly defined. Operational risks involve internal operational
procedures, employees, work systems, or external situations that may affect the Company’s income and financial
position.
The tool for managing operational risks
The Company uses the following tools for managing the operational risks:
• Control Self Assessment (CSA): this is a technique that requires every department to regularly assess
and control their risks, on a yearly basis, as well as to determine the correction plan and monitoring plan.
• Key Risk Indicators: this is a technique that must requires every unit to internally monitor the risks of
their units. It is a primarily monitoring technique that prevents risks from evolving into corporate risks in
the future.
• Logging the loss data: every department will be responsible for logging the damage report of specific
risk-related incidents, as well as any other damages that may present operational risks. The data record
herein allows each department to develop the risk assessment process and risk management process
of their own, in order to implement an appropriate internal control system, and to prevent such
damages or losses from ever happening again in the future. Keeping the data record also allows the
Company to maintain a database of losses, where it can use for determining the guideline for preventing
and mitigating the risks in the future, or for minimizing the effects to its business operation.
