Page 75 - BAM ONE REPORT 2565 (ENGLISH VERSION)
P. 75

69

                                                                                                                   Form 56-1 One Report 2022







                  Integration of Governance, Risk Management and Compliance (GRC)
                  The Company gives importance to governance, risk management and compliance (GRC) and recognizes that GRC
            integration system is a key factor to ensure continuous, secure and sustainable business growth, enhance credibility
            and bring benefits to the parties concerned including stakeholders of the Company. It also focuses on encouraging the
            employees at all levels to adhere to and comply with the GRC and has developed the GRC integrated system in the
            organization by implementing the GRC policy to rationalize the GRC processes in line with international practices and
            assuring linkage of information.


                                               GRC Integration of the Company

                                                  GRC
                                   Board of Directors
                                                                                       Corporate Governance for  Audit
                                                          Risk Oversight Committee R  G  Sustainability Committee  Committee

                                                                                                         Internal Audit
                     Vision                                            Management Committee               Department
                                          Approve annual
                                          strategic plan
                    Mission                                                                   Result of  Risk report
                                                                           Top Down
                                                                                              compliance  for information,
                    Objective                                                                 monitoring  CSA report for
                                                                                                         consideration
                                                                          Corporate Risk
                                                  Review of strategic
                                                                 Strategic  Financial
                                                  risk during the year             Compliance Risk
                                    Strategy risk /               Risk     Risk
                    Strategy
                                     Risk Appetite
                                                                 Operational  Reputation
                                                                                      IT Risk
                                                                   Risk      Risk
               Strategic  Operational  Financial  Compliance
                Risk     Risk    Risk      Risk
                                                                           Bottom Up
                  Reputation Risk      IT Risk                                             Compliance
                                                                                             Risk
                                                                                                        Result of
                                                                        Department-level Risk         CG performance
                            Internal Control
                                                                                            Corporate Governance
                                                    Operational  Financial  Compliance  Reputation
                                                                                    IT Risk  and Compliance  C
                                                      Risk   Risk    Risk    Risk
                                                                                              Department
                  Enterprise Risk Management Policy
                  The Company recognizes the importance of risk management and has developed enterprise risk management
            policy to serve as risk management framework, taking into account the alignment with the objectives and goals of the
            Company’s business operation. The enterprise risk management policy is reviewed on a regular basis and covers key
            business risks at present as well as emerging risk and environmental, social and governance (ESG) risks in accordance
            with the regulations of the Bank of Thailand and the Stock Exchange of Thailand. The Company has put in place the
            integrated risk management under the COSO ERM framework and the governance, risk management and compliance
            (GRC) practice.
   70   71   72   73   74   75   76   77   78   79   80