Page 386 - BAM ONE REPORT 2565 (ENGLISH VERSION)
P. 386
380
The Audit Committee also provided its opinions or recommendations for prudent internal control and risk and loss
prevention in order to ensure that the Company will have the internal control system, corporate governance system, and risk
management system that are appropriate and adequate and can support the Company’s key areas if operation so that
it can efficiently achieve its objectives and goals. Here is an overview of the Audit Committee’s operation:
Bangkok Commercial Asset Management Public Co., Ltd.
2.1 Internal control
2.1.1 Considering the audit report on the Company’s management and operation processes, such as management
of the purchase of NPLs, debt restructuring process management, NPA management, management of litigation and
legal execution, etc., as well as reviewing key processes in order to make sure that the Company has a sound internal
control system, appropriate risk management and efficient operation in response to its goals and strategies.
2.1.2 Holding meetings with the management to discuss significant observations derived from the audit
result in order to devise corrective and preventive measures and to control and monitor the operation for greater efficiency
and effectiveness, such as management of litigation and legal execution, centralization of certain critical functions, etc.
2.1.3 Encouraging IT development and digitalization to boost efficiency and effectiveness in the operation
and governance, such as development of office cash management system for operational support and NPA website
system, and recommendation to adopt measures/tools to reduce cash holding, etc.
2.1.4 Attaching importance to cyber security measures to ensure the Company has an adequate and appropriate
security system, such as the implementation of detection and monitoring measure and cybersecurity incident response
system, as well as enhancement of awareness among employees across the organization and giving of priority to system/data
recovery to ensure business continuity, etc.
2.1.5 Considering and reviewing the NPA solution process in case of chemical leak in the area and engaging
an outside company for disposal of chemicals in such properties taking into concern the nearby community and the
environment, which was completely handled.
2.2 Risk management
Reviewing the Company’s risk management system, quarterly enterprise risk management, risk management
guidelines, and risk management plan in order to evaluate the Company’s risk management process that covers key
risk factors and ensure that the Company has sufficient risk management guidelines, providing recommendations beneficial
to the Company’s development of its risk management system, and having meetings with the Risk Oversight Committee
(ROC) to exchange information and achieve work integration between both committees.
2.3 Regulatory compliance
2.3.1 Considering and reviewing the compliance report prepared by the Corporate Governance and Compliance
Department to ensure that the internal control and corporate governance comply with the relevant regulations.
2.3.2 Considering and giving opinion on related party transactions between the Company and the persons/parties
with possible conflict of interest, while taking into account the reasonableness and the interests of the Company’s
stakeholders, as well as sufficient disclosure of information, in order to make sure that the Company’s operation
conforms with the regulations, procedures and policy on related party transactions.
2.3.3 Giving importance to taking actions to gear up for compliance with the Cyber Security Act B.E. 2562
and the Personal Data Protection Act B.E. 2562 by considering the progress report thereon on a quarterly basis to
ensure that the operation conforms with the applicable laws.
