Our Approach and SDGs Environment Society Reporting Center Sustainability in Actions Awards and Recognitions
Corporate Governance Business Conduct, Ethics and Compliance Organization Contributions Tax Strategy Innovation Management Supply Chain Management Information Security, Cybersecurity and System Availability Sustainability Valuation
Risk Management Risk Governance Emerging Risk Monitoring Sensitivity Analysis and Scenario Planning Business Continuity Management

Risk Culture

GC regulary promotes a risk management culture throughout the organization and has extended its efforts into an integrated GRC (Governance, Risk Management & Internal Control and Compliance) practices. This is achieved by enhancing risk management knowledge among employees at all levels and leveraging digital technologies to improve operational efficiency. Key initiatives include the development of a GRC knowledge database (GRC Portal), an online whistleblowing channel, and conducting risk assessments through the Enterprise Risk Management Portal on the SharePoint Power BI platform, aimed at ensuring effective risk evaluation.

GC monitors and evaluates the effectiveness of the implemented measures, with reporting covering the following information:

Monitoring Process

Utilizing the GRC Portal and Enterprise Risk Management Portal to enable continuous tracking and evaluation of risk management measures.

Targets, Metrics, and KPIs

Establishing clear goals, performance indicators, and KPIs to ensure alignment with the organization’s sustainable development objectives.

Progress and Effectiveness Assessment

Quarterly reporting and comprehensive dashboards to evaluate the effectiveness of implemented measures and progress against defined targets and metrics.

Lessons Learned and Policy Integration

Applying risk management lessons to policies and workflows, while fostering a GRC culture through ongoing initiatives that promote best practices.

GC has established a risk culture guideline and enforced it throughout the organization. There are six components as follows: 1) Risk Governance, 2) Leadership, 3) Risk Structure, 4) Risk Technique, 5) Risk Communication and 6) Risk Management Knowledge. These elements are designed to ensure GC’s growth is both stable and sustainable in the long term.

Risk Governance

GC governs risk management by establishing policies, risk appetite and risk management framework while tangibly extending risk management efforts through the GC Way of Conduct.

Leadership

The Board of Directors and Executives place great important on the subject of risk management by continuously and closely monitor the process of risk management.

Risk Structure

GC’s risk management structure covers all levels. Roles, duties and guidelines are also assigned to each level. The Risk Management Committee (RMC) is appointed by the Board of Directors to govern risk management through risk management policies, risk appetite and risk management framework.

The Management Committee (MC), the Enterprise Risk Management Committee (ERMC), and senior executives from various departments are authorized to manage corporate risk management performance in accordance with policies, objectives, and frameworks approved by the RMC.

GC has appointed managers to be a “GRC Partner” in order to advice as well as present, improve and report risk management in accordance with GRC, in order to strengthen the risk management capability in all levels.

Risk Techniques

GC has applied the international standards: ISO 31000 and COSO Enterprise risk management. Appropriate risk management tools have been employed in line with international standards in analyzing, assessing and defining risk management frameworks, such as assessing and prioritizing risks using the risk map, monitoring risk management using a mitigation plan, Key Risk Indicators (KRI), etc. Furthermore, the company has implemented the Sensitivity Analysis, Scenario Planning, Stress Testing and Control Self-Assessment (CSA) tools in various departments throughout the organization.

Risk Communication

Regularly monitor and report risk management performance to the management and the Board of Directors as well as communicate about risk management and the internal control system, GC Group Code of Conduct, and corporate governance culture through diverse channels, such as intranet, newsletter, Hook Talk short video clips. Executives are required to regularly utilize Hook Talk to convey contents to employees in internal meetings, etc.

Furthermore, risk management and related issues are communicated through the Annual Report and the Integrated Sustainability Report to strengthen corporate risk management culture.

Risk Management Knowledge

Director

Risk Management Education

  1. GC organized training for all Board members on the risk management process, covering current and future risk management approaches. Key risk training topics included emerging challenges and key trends, such as the reduction of greenhouse gas emissions, and the application of the Foresight Process in formulating the Company’s long-term strategy. The training was delivered by McKinsey and focused on providing insights into global and Thailand outlook in carbon capture, utilization and storage (CCUS) and hydrogen technologies. This training aimed to enhance the Board’s understanding of modern risk management practices to better address climate-related risks.
  2. GC provided training to the entire Board of Directors on the topic “What’s and Why’s for Board of Directors to Guide a Refining and PET-Chem Company,” conducted by consultants from the Petroleum Institute of Thailand. The training covered business environment trends in the Next Normal, principles for analysing and monitoring the petrochemical and refining industry landscape, as well as the risk management process. This included risk assessment and the development of mitigation measures for potential risks affecting business operations. The training aimed to support the Board in setting the company’s strategic direction, planning, governance, and exploring business expansion opportunities to maintain competitiveness.
  3. GC provided training to the Risk Management Committee covering topics such as the roles and responsibilities of the committee in risk oversight, the risk management organisational structure and its roles, as well as the frameworks and guidelines for risk management.

Frequency

3 times / year

Executive/ Management

Risk Management Education

GC regularly provides training for its management, organized by internal departments as well as external training institutes. For example, training on assessing corruption risks within work processes is conducted to ensure that managers understand their roles and responsibilities. This enables them to identify and manage business risks effectively and implement appropriate control measures.

Frequency

3 times / year

Non-Executive Director

Risk Management Education

GC provides regular risk management education for all non-executive directors. The training programme covers key topics, including fundamental principles of risk management based on international standards (e.g., ISO 31000), risk identification, analysis, and assessment, planning of risk control measures, and monitoring and improving risk management plans. The programme also includes case studies and practical training to develop real-world management skills. The training emphasises the roles and responsibilities of non-executive directors in overseeing risk management in collaboration with the executive team, thereby supporting strategic decision-making and fostering a sustainable risk management culture within the organization.

Frequency

On a regular basis (at least 1 time / year)

Employees

Risk Management Education

GC continuously enhances knowledge and understanding of risk management and internal control through tailored training programmes delivered via the Company’s online learning platform, the UP Learning Platform. In addition, GC regularly updates relevant stakeholders at all levels on business developments, future trends, and emerging risk issues through expert insights from both internal and external specialists. These efforts aim to strengthen the capability to identify risk factors, assess their potential impacts, and develop appropriate risk management measures.

Frequency

2 times / year

GC has comprehensively improved and developed the organizational risk management culture, including providing focused training throughout the organization on risk management principles. GC has considered the incorporation of risk criteria in the development of new products. Risk management principles are applied at every stage of product and service development, both financially and in quality control, with emphasis on the design and risk assessment of products, from raw material procurement, production, transportation, and usage to compliance with market standards and international regulations such as the United Nations Council, the International Council of Chemical Associations (ICCA), the Montreal Protocol on Chemicals, Registration, Evaluation, Authorization and Restriction of Chemicals (REACH), and Restriction of Hazardous Substances (RoHS) to control hazardous products.

Furthermore, GC has considered integrating financial incentives which incorporate risk management metrics by establishing a reward system linked to risk management performance. This system is based on short-term performance indicators and long-term growth and sustainability goals, including organizational safety indices, cost savings, EBITDA growth, and greenhouse gas emission reductions. This approach aligns safety and financial risk management to create a direct connection between risk management outcomes and employee rewards, thereby fostering a strong culture of risk awareness throughout the organization.