Page 69 - BAM ONE REPORT 2564 (ENGLISH VERSION)
P. 69
Form 56-1 One Report 2021
Bangkok Commercial Asset Management Public Co., Ltd. 67
(4) Review & Revision
Principle 15: Assesses substantial change
Principle 16: Reviews risk and performance
Principle 17: Pursues improvement in ERM
(5) Information, Communication & Reporting
Principle 18: Leverages information technology
Principle 19: Communicates risk information
Principle 20: Reports on risks, culture and performance
Managing the Company’s primary risks
The Company manages its risks by classifying them into 6 types, as follows.
(A) Strategic Risk
Risks that occur from the inappropriately defined strategic plans or the adjustment of the strategic plan that is
inconsistent with the organization’s internal and external environment. As a result, those risks may affect the Company’s
ability to achieve its goals, in accordance with its strategic plans and operation plans. Strategic risks may also affect
the Company’s revenue, financial position, competitive capability, and survivability.
The tool for managing strategic risks
The Company reviews and makes sure that its annual operation plan is consistent with its internal and external
environment. The strategic risk management starts from the Company’s Board of Directors and executives, as they
determine the Company’s direction, create the strategic plans while considering the annual risk analysis data, regarding
risks that may affect the Company. In this regard, the Risk Map will be used for analyzing the organization’s risks, as
well as determining the key risk indicators, the acceptable level of risks (Risk Appetite), and the deviation interval of
the risk tolerance.
(B) Operational Risk
Risks of damages arise from insufficiency in corporate governance and internal control, which may be related to
internal operation process, personnel, work system, IT system or external events that affect the Company’s revenues
and financial position, including legal risk which may arise from internal operation process that is related to the laws
and prosecution.
The tool for managing operational risks
The Company uses the following tools for managing the operational risks:
• Control Self Assessment (CSA): this is a technique that requires every department to regularly assess and
control their risks, on a yearly basis, as well as to determine the correction plan and monitoring plan.
• Key Risk Indicators: this is a technique that must requires every unit to internally monitor the risks of their
units. It is a primarily monitoring technique that prevents risks from evolving into corporate risks in the future.
• Logging the loss data: every department will be responsible for logging the damage report of specific risk-
related incidents, as well as any other damages that may present operational risks. The data record herein
allows each department to develop the risk assessment process and risk management process of their own,
in order to implement an appropriate internal control system, and to prevent such damages or losses from
