Page 73 - BAM ONE REPORT 2565 (ENGLISH VERSION)
P. 73
67
Form 56-1 One Report 2022
Risk Management
Risk Management Policy and Plan
The Company attaches priority to risk management, which is one of the main components of good corporate
governance, with focus on alerting, preventing and dealing with any uncertain situations that may occur and affect its
capability to successfully achieve its goals and objectives at both the organization level and the activity level. The
Company also cultivates risk management concept as part of its business operation.
The risk management system has been integrated into the Company’s business operation at the organization,
department, and operation levels. Its management information system allows executives to monitor risk status at each
level and connects the risk management system with the database. The Company has appointed directors and external
experts to sit on the Risk Oversight Committee in accordance with the Company’s policy and in order to improve the
efficiency of its risk management. It has continuously developed and disseminated risk management knowledge and
understanding among its employees at each level to contain risks within the risk appetite. The Company’s risk
management also focuses on business continuity management to ensure it would be able to carry on its business
without interruption even in case of any incidents that affect the Company.
The Company has reviewed, updated, and improved its risk management system consistently in accordance
with its risk management policy established by the Board of Directors. Its risk management system has played an
important role in formulating and reviewing its risk management policy/manual in line with the nature of the business
and covers all the key risks. Strategies have been mapped out to manage, monitor, and control the enterprise risks at
the acceptable level.
The Company realizes that risk management is crucial to its business operation. Therefore, it has put in place
risk management guidelines that are appropriate and efficient in alignment with the nature of the business. The Company
has to study, assess, monitor, and manage risks systematically and continuously to make sure that its executives
understand all the risks associated with its business operation as well as emerging risks and environmental, social and
governance (ESG) risks, and would be able to manage those risks within the framework laid down by the Company.
Risk management structure
The Company has ensured consistent enterprise risk management with consideration of multiple risks that may
prevent the Company from achieving its goals. The Board of Directors has assigned executives at all levels to manage
risks associated with the departments under their responsibility and at the discretion of top executives of the respective
business groups as well as under the supervision of the Risk Oversight Committee. Risk management activities are
reviewed by the Internal Audit Department, with the result of which presented to the Audit Committee on a regular
basis.
The Company has established Enterprise Risk Management Division, Information Technology Risk Management
and Compliance Division, and Personal Data Protection Support Division, all being attached to Risk Management
Department, to be responsible for formulation of the guidelines on risk management, analysis, coordination and
follow-up, along with provision of advice on the risk management guidelines to personnel across the organization and
preparation of reports for submission to the Risk Oversight Committee.
