Page 204 - BAM ONE REPORT 2564 (ENGLISH VERSION)
P. 204
202 Part 2
Corporate Governance
(RA) and risk tolerance (RT) that suit the nature 4.3 Implementation of the appropriate and
of business. efficient communication processes and
3.5 Requirement of regular submission of a report channels; for example, the use of Intranet,
on the enterprise risk status and risk alert to e-mail, etc.
the Risk Oversight Committee, the Audit 4.4 Implementation of risk management with
Committee and the Board of Directors on a the KRIs-based early warning system, in order
monthly and quarterly basis. to allow the executives to monitor the
organization’s risk status, which is set up in
Moreover, the Company defines the scope of the Company’s MIS.
power, duties and approval authority of executives at 4.5 Upgrade of Information Technology and
each level in the operational regulations, with the aim Digital Group, with effect from 1 January 2021,
to clearly segregate the duties in different processes. consisting of two departments, Information
This is an important control activity that ensures the Technology Strategy Department and
adequate and appropriate control of operation at all Application Development Department, to
levels of the organization and the checks and balances support the organization’s growth.
between departments, especially for the activities with
potential interest or conflict of interest. 5. Monitoring Activities
The Company puts in place the system that
4. Information and Communication monitors and evaluates its internal control in order to
The Company puts in place the information and ensure that its internal control system remains efficient
communication systems both inside and outside of and effective and is capable of performing the monitoring
the organization in order to improve the efficiency and and evaluation tasks completely and appropriately as it
effectiveness of its business operation. The overview of is designed for, as well as managing the ever-changing
the Company’s performance in this regard is as follows: risks in each time period, as follows:
4.1 Formulation of action plans for the BAM-D 5.1 Implementation of the process for regular
Project in order to incorporate the information performance monitoring and internal
system into the Company’s key strategic plan, control assessment in order to ensure the
which supports the improvement of operational appropriateness of the internal control system.
efficiency and effectiveness, covering three 5.2 Monitoring of departments’ mid-year moderate
main issues: level risk assessment to be conducted as a
• Infrastructure precaution against risks moving up to a high
• New core level.
• Data governance 5.3 Assignment of all departments to prepare and
4.2 Provision of information to support the present their reports in order to review their
appropriate communication both inside and operation.
outside of the organization and, thus, enable 5.4 Arrangement of the Internal Audit Department
the organization to operate and achieve its to directly report to the Audit Committee.
objectives.
