Page 66 - BAM ONE REPORT 2564 (ENGLISH VERSION)
P. 66

64   Part 1
             Business Operation and Performance









                   The Company has established Enterprise Risk Management Division, Information Technology Risk Management
          and Compliance Division, and Personal Data Protection Support Division, all being attached to Risk Management
          Department, to be responsible for formulation of the guidelines on risk management, risk analysis, coordination, follow-up
          and provision of advice on the guidelines on risk management to personnel within the organization, and preparation
          of reports for presenting to the Risk Oversight Committee.




                                                  BAM’s Risk Management Structure



                                               Board of Directors
                                                                                      Chain of command
                                                                                      Chain of reporting
                                                                                      Chain of coordination
                        Audit Committee      Risk Oversight Committee

                                                                   Corporate Governance and Risk Management Group




                    Internal Audit Department  Chief Executive Officer           Risk Management Department
                                                                                - Enterprise Risk Management Division
                                                                                - Information Technology Risk Management
                                                                                  and Compliance Division
                                       Department/Office/Branch Office            - Personal Data Protection Support Division






               The Company specifies the scope of risk management by classifying its risks into 3 levels, as follows.
               (1)  Corporate Risk: corporate risks may prevent the Company to fail to achieve its organization-level objectives
                   and goals. Corporate risks are evaluated by top executive of each departments and the Board of Directors,
                   and are under the supervision of the Risk Oversight Committee.
               (2)  Business Group Risk: business group risks may prevent the Company to fail to achieve its department-level
                   objectives and goals. Business group risks are evaluated by top executives of each department and the
                   Board of Directors, and are under the supervision of the Risk Oversight Committee. However, each department
                   will be responsible for their own business group risks.
               (3)  Functional Risk: functional risks may are risks that normally occur with the day-to-day operations. Such risks
                   are evaluated by each department and branch, according to the important processes, as well as any
                   processes, in which the department involved may not be able to achieve its plans and goals.


               The Company reviews its internal control and risk management regularly, on a yearly basis, through the review
          and approval of each chain of command (Bottom-up approach) and the review and approval of the top executives
          (Top-down approach); in order to monitor and review the important risks that may affect the Company’s business
          operation.
   61   62   63   64   65   66   67   68   69   70   71