Page 219 - BAM ONE REPORT 2565 (ENGLISH VERSION)
P. 219
213
Form 56-1 One Report 2022
1.12 Giving importance to the governance, risk 2.4 Integration of risk management with the
management and compliance (GRC) work formulation of strategic plan of the Company
integration by scheduling joint meetings of in order for the strategic plan to cover risk
the Risk Oversight Committee and the Audit assessment under the COSO ERM 2017
Committee, report on risk management status framework and conform to the integration
and corporate governance and compliance of GRC operations.
performance to the relevant committees, and 2.5 The Board of Directors’ approval of the
exchange of information on internal audit, risk enterprise risk management policy, thereby
management and compliance between the classifying risks into six categories which are
2 and 3 lines of defense on a regular basis to strategic risk, operational risk, financial risk,
rd
nd
enable coordination and sharing of information compliance risk, reputation risk, and information
among one another and promote the GRC technology risk, with importance given to
atmosphere and culture across the organization. emerging risk and ESG risk.
2. Risk Assessment 3. Control Activities
The Company recognizes the importance of risk The Company establishes the operational control
management under changes that affect its business operation, policy, operational procedures, and operational handbook
whether from internal or external factors. The Company in writing, all of which are reviewed and updated regularly
deems that risk management is an important part of all of or when there are significant changes. The overview of the
its business processes and must be inter-connected at all Company’s performance in this regard is as follows:
levels. Therefore, the Board of Directors establishes the risk 3.1 Determination of the internal control process,
management policy, which all employees must adhere to both at the organizational level and the
and where risk assessment must be conducted at all levels. important sub-process level, in accordance
The overview of the Company’s performance in this regard with the Company’s business operation and
is as follows: control environment.
2.1 Implementation of systemic risk assessment 3.2 Creation of documented workflows of all
at leve o the organization and business transactions and preparation of
communication with all employees in order standard operating procedures (SOP) handbook.
for them to realize the related risks and risk 3.3 Segregation of duties and responsibilities,
control of the organization and departments. including approval duty, account and
2.2 Appointment of the Risk Oversight Committee information recording duty, etc.
with duty to consider and provide opinion 3.4 Determination of the enterprise-level KRIs
on the Company’s risk management. and the Risk Alert Indicators for tracking and
2.3 Creation of tools for monitoring the enterprise containing the Company’s key risks at the
risk management plan, formulation of the acceptable level by defining the risk appetite
risk management plan, and determination (RA) and risk tolerance (RT) that suit the
of the key risk indicators (“KRIs”) for regular nature of business.
risk monitoring.
