GC continuously promotes a risk management culture throughout the organization and has extended its efforts into an integrated GRC (Governance, Risk Management & Internal Control and Compliance) management approach to ensure a stable and sustainable growth. GC develops a risk culture guideline and enforces it throughout the organization. There are six components as follows: 1) Risk Governance, 2) Leadership, 3) Risk Structure, 4) Risk Technique, 5) Risk Communication and 6) Risk Management Knowledge. The company has established a comprehensive risk management structure covering all levels and required regular monitoring and reporting of risk management to executives and the Board of Directors on a quarterly basis.

Risk Governance

GC governs risk management by establishing policies, risk appetite and risk management framework while tangibly extending risk management efforts through the GC Way of Conduct.

Leadership

The Board of Directors and Executives place great important on the subject of risk management by continuously and closely monitor the process of risk management.

Risk Structure

GC’s risk management structure covers all levels. Roles, duties and guidelines are also assigned to each level. The Risk Management Committee (RMC) is appointed by the Board of Directors to govern risk management through risk management policies, risk appetite and risk management framework.

The Management Committee (MC), the Enterprise Risk Management Committee (ERMC), and senior executives from various departments are authorized to manage corporate risk management performance in accordance with policies, objectives, and frameworks approved by the RMC.

GC has appointed managers to be a “GRC Partner” in order to advice as well as present, improve and report risk management in accordance to GRC, in order to strengthen the risk management capability in all levels.

Risk Techniques

GC has applied the international standards: ISO 31000 and COSO Enterprise risk management. Appropriate risk management tools have been employed in line with international standards in analyzing, assessing and defining risk management frameworks, such as assessing and prioritizing risks using the risk map, monitoring risk management using a mitigation plan, Key Risk Indicators (KRI), etc. Furthermore, the company has implemented the Sensitivity Analysis, Scenario Planning, Stress Testing and Control Self-Assessment (CSA) tools in various departments throughout the organization.

Risk Communication

Regularly monitor and report risk management performance to the management and the Board of Directors as well as communicate about risk management and the internal control system, GC Group Code of Conduct, and corporate governance culture through diverse channels, such as intranet, newsletter, Hook Talk short video clips. Executives are required to regularly utilize Hook Talk to convey contents to employees in internal meetings, etc.

Furthermore, risk management and related issues are communicated through the Annual Report and the Integrated Sustainability Report to strengthen corporate risk management culture.

Risk Management Knowledge

Development and Training at Director Level

  1. GC organized a training session for the Board of Directors as a whole on the topic of “What’s and Why’s for Board of Directors to Guide a Refining and PET-Chem Company,” hosted by the Petroleum Institute of Thailand, in order to inform the Board of the trends in the business landscape in the next normal era, principles for analyzing and monitoring the situation in the petrochemical industry and refinery business, as well as the risk management process that encompasses the risk assessment and formulation of measures to address risks that may impact the business operation for use in establishing GC’s strategic direction and action plans, supervising the operation, and seeking opportunities for business expansion to ensure GC’s competitiveness.
  2. GC organized training for the Risk Management Committee covering topics on the Committee’s roles and responsibilities in risk governance, risk management structure, roles and responsibilities, and risk management framework and guidelines.
  3. GC arranged training sessions for executive and non-executive directors regarding the risk management process as well as current and future risk management guidelines. An example of important risk training programs include the session on key trends and challenges of carbon emissions and the implementation of the foresight process to formulate GC’s long-term strategies, conducted by speakers from McKinsey to provide updates on the outlook and trend of carbon capture, utilization and storage (CCUS) as well as global and Thailand’s outlook on hydrogen. This risk-specific education/training allows non-executive directors to acquire knowledge about modern risk management practices that can enable the preparation of climate change risk assessment.

Development and Training at Executive/Management Level

GC works to develop personnel at the executive level and incorporate useful perspectives and ideas that can be applied to risk management to strengthen and keep knowledge and abilities on par with the ever-competitive business landscape. Therefore, GC regularly organizes training sessions internally and at third-party training institutes, e.g., training on assessment of corruption risks in the work process to provide executives at the management level with an understanding of their roles and responsibilities, enabling them to assess corruption risks, including determining appropriate control measures.

Development and Training of Personnel at all Levels

GC continuously promotes knowledge and understanding about risk management and internal control through training courses that are appropriate for the target group using the UP Learning Platform, which is GC’s online platform for learning. Furthermore, the company provides updates on business situations, future trends of changes and emerging risks by internal and third-party experts for relevant parties at all levels to enhance their knowledge and ability in identifying risks, assessing impacts, and determining risk management measures.