Page 364 - BAM ONE REPORT 2564 (ENGLISH VERSION)
P. 364
362 Attachment
and risk management system that are appropriate and sufficient and can support the Company’s important operations
so that the Company can efficiently achieve its objectives and goals. Here is an overview of the Audit Committee’s operation:
2.1 Internal control
2.1.1 Considering the audit report on the Company’s management and operation processes such as the
management of NPL purchase, the debt restructuring process management, the NPA management, the management
of litigation and legal execution, etc., as well as reviewing important processes in order to make sure that the Company
has a good internal control system with appropriate risk management and efficient operation in line with its goals and strategies.
2.1.2 Holding meetings with the management to discuss the significant observations derived from the audit
result in order to devise corrective and preventive measures and to control and monitor the operations for greater efficiency
and effectiveness such as the management of litigation and legal execution, the management of property information
(back office), website, and others.
2.1.3 Encouraging the IT development and digitization to enhance efficiency and effectiveness in the operation
and governance such as the development of office cash management system for operational support, the development
of website, the recommendation for study on the use of corporate card in place of cash payment at regional offices, etc.
2.1.4 Attaching importance to cyber security measures by considering the progress report on a quarterly
basis and giving advice to ensure the Company has a sufficient and appropriate security system such as the formulation
of a definite data security plan, giving of priority to system/data recovery to ensure business continuity, use of the checking
or alert systems or devices in the operation, creation of awareness among employees across the organization, etc.
2.2 Risk management
Reviewing the Company’s risk management system, the quarterly enterprise risk management, the risk
management guidelines, and the risk management plan in order to evaluate the Company’s risk management process
that covers the key risk factors and ensure that the Company has sufficient risk management guidelines, as well as providing
recommendations beneficial to the development of the Company’s risk management system.
2.3 Regulations compliance
2.3.1 Considering and reviewing the compliance report prepared by the Corporate Governance and Compliance
Department to ensure that the internal control and corporate governance comply with the related regulations.
2.3.2 Considering and giving opinion on the related party transactions between the Company and the
persons with possible conflict of interest, while taking into account the reasonability and the interest of the Company’s
stakeholders, as well as sufficient disclosure of information, in order to make sure that the Company’s operation
conforms with the regulations, procedures and policy on related party transactions.
2.3.3 Giving importance to the actions taken to gear up for compliance with the Cyber Security Act B.E.
2562 and the Personal Data Protection Act B.E. 2562 by considering the progress report thereon on a quarterly basis
to ensure that the operation conforms with the laws.
3. Monitoring and review of the sufficiency of internal audit process the details of which can be
summarized as follows:
3.1 Reviewing the Internal Audit Department’s Charter and handbook to ensure conformity with the IIA Standards
and the Internal Audit.
3.2 Considering and approving the annual audit plan, long-term audit plan, and annual budget of the Internal
Audit Department with the aim to cover all key risks of each operation process (risk-based approach).
