GC continuously promotes a risk management culture throughout the organization and has extended its efforts into an integrated GRC (Governance, Risk Management & Internal Control and Compliance) management approach to ensure a stable and sustainable growth. GC develops a risk culture guideline and enforces it throughout the organization. There are six components as follows: 1) Risk Governance, 2) Leadership, 3) Risk Structure, 4) Risk Technique, 5) Risk Communication and 6) Risk Management Knowledge. The company has established a comprehensive risk management structure covering all levels and required regular monitoring and reporting of risk management to executives and the Board of Directors on a quarterly basis.

Risk Governance
GC governs risk management by establishing policies, risk appetite and risk management framework while tangibly extending risk management efforts through the GC Way of Conduct.
Leadership
The Board of Directors and Executives place great important on the subject of risk management by continuously and closely monitor the process of risk management.
Risk Structure

GC’s risk management structure covers all levels. Roles, duties and guidelines are also assigned to each level. The Risk Management Committee (RMC) is appointed by the Board of Directors to govern risk management through risk management policies, risk appetite and risk management framework.

The Management Committee (MC), the Enterprise Risk Management Committee (ERMC), and senior executives from various departments are authorized to manage corporate risk management performance in accordance with policies, objectives, and frameworks approved by the RMC.

GC has appointed managers to be a “GRC Partner” in order to advice as well as present, improve and report risk management in accordance to GRC, in order to strengthen the risk management capability in all levels.

Risk Techniques
GC has applied the international standards: ISO 31000 and COSO Enterprise risk management. Appropriate risk management tools have been employed in line with international standards in analyzing, assessing and defining risk management frameworks, such as assessing and prioritizing risks using the risk map, monitoring risk management using a mitigation plan, Key Risk Indicators (KRI), etc. Furthermore, the company has implemented the Sensitivity Analysis, Scenario Planning, Stress Testing and Control Self-Assessment (CSA) tools in various departments throughout the organization.
Risk Communication

Regularly monitor and report risk management performance to the management and the Board of Directors as well as communicate about risk management and the internal control system, GC Group Code of Conduct, and corporate governance culture through diverse channels, such as intranet, newsletter, Hook Talk short video clips. Executives are required to regularly utilize Hook Talk to convey contents to employees in internal meetings, etc.

Furthermore, risk management and related issues are communicated through the Annual Report and the Integrated Sustainability Report to strengthen corporate risk management culture.

Risk Management Knowledge
GC continuously promotes knowledge and understanding about risk management and internal control through training courses that are appropriate for the target group using the UP Learning Platform, which is GC’s online platform for learning. Furthermore, the company provides updates on business situations, future trends of changes and emerging risks by internal and third-party experts for relevant parties at all levels to enhance their knowledge and ability in identifying risks, assessing impacts, and determining risk management measures.