GC continuously promotes a risk management culture throughout the organization to ensure a stable and sustainable growth. GC develops a risk culture guideline and enforces it throughout the organization. There are six components as follows: 1) Risk Governance, 2) Leadership, 3) Risk Structure, 4) Risk Technique, 5) Risk Communication and 6) Risk Management Knowledge.

Risk Governance
GC governs risk management by establishing policies, risk appetite and risk management framework while tangibly extending risk management efforts through the GC Way of Conduct.
Leadership
The Board of Directors and Executives place great important on the subject of risk management by continuously and closely monitor the process of risk management.
Risk Structure

GC’s risk management structure covers all levels. Roles, duties and guidelines are also assigned to each level. The Risk Management Committee (RMC) is appointed by the Board of Directors to govern risk management through risk management policies, risk appetite and risk management framework.

The Management Committee (MC), the Enterprise Risk Management Committee (ERMC), and senior executives from various departments are authorized to manage corporate risk management performance in accordance with policies, objectives, and frameworks approved by the RMC.

GC has appointed managers to be a “GRC Partner” in order to advice as well as present, improve and report risk management in accordance to GRC, in order to strengthen the risk management capability in all levels.

Risk Techniques
GC has applied the international standards: ISO 31000 and COSO Enterprise risk management. Appropriate risk management tools have been employed in line with international standards in analyzing, assessing and defining risk management frameworks, such as using risk maps and key risk indicators (KRI) to assess and prioritize risks. Additionally, the Control Self-Assessment (CSA) technique has been applied across the organization.
Risk Communication

Regularly monitor and report risk management performance to the management and the Board of Directors while raising awareness of both internal and external risk management using various means of communication, such as newsletter and e-learning. In addition, the digital system has been applied as a channel to report emergency incidents and as a center for data compilation, such as the Incident Management System (IMS), etc. Furthermore, risk management and related issues are communicated through the Annual Report and the Integrated Sustainability Report to strengthen corporate risk management culture.

Risk Management Knowledge
GC continuously promotes knowledge and understanding about risk management and internal control through various training courses that are appropriate for the target group. The company also conveys updates on business situations, future transformation trends and emerging risks based on the opinions of internal and external experts to all relevant parties on a regular basis. In 2021, GC has utilized its online learning platform, or Up Learning Platform, to offer risk management training courses, such as Integrated GRC, Fundamentals of Enterprise Risk Management, and Development of Corporate Risk Mitigation Plan based on ISO22301, etc., to allow employees access to learning at any place and time.