Management Approach GRI 3-3 (2021)
Presently, business operation has complications and has changed from the past, as a result of economic uncertainties after COVID-19 pandemic coupled with Geopolitical Conflicts and Geoeconomic Confrontations. Although, these changes currently have no direct impacts on the business's operations, there are possibilities the emerging risks may have a significant impact in the future.
GC, therefore, emphasizes on a systematic risk management for the entire organization while continuously improving the agility of the business. GC also continues to provide many training programs regarding risk management to raise the awareness and improve personal development for the executives and all employees. These are to assure that the company will be able to handle uncertainties effectively and achieve the operational strategy.
Risk Management and Internal Process GRI 2-25
GC has developed an Enterprise Risk Management according to the international standard of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the International Organization for Standardization's ISO 31000, as well as, the corporate governance principles for businesses registered in 2017 (CG Code 2017) and anti-corruption guidelines.
GC has set up a risk management framework and guidelines in order to systematically, efficiently and effectively manage risks throughout the organization. Additionally, GC has also established a risk management monitoring and performance evaluation system to detect any potential emerging risks, which may arise.
Nevertheless, GC has integrated the risk management in the organization under 3 aspects of Governance, Risk Management and Internal Control and Compliance under one system called GRC. This allows GC to reduce the risks in more comprehensive manner and allows GC to achieve any goals and targets more efficiently.
Risk Management Process
The risk management process comprises of three steps, which are
1.) Risk Identification & Assessment
GC has leveraged a range of risk management tools to analyze, assess and define a risk management framework, such as appropriate business environment analysis processes based on internal and external factors, risk appetite, risk assessment, and risk prioritization using a risk map.Risk Appetite and Risk Tolerance Levels
2) Risk Treatment/ Mitigation
GC has appointed a person responsible for risk assessment, established mitigation plan in accordance with the risk appetite, and determined Key Risk Indicators (KRI). Furthermore, the company has adopted the Sensitivity Analysis, Scenario Planning and Stress Testing to assess risk impacts under different scenarios, covering potential financial risks and non-financial risks. GC has also laid out preparation measures and a process to continuously monitor situations and trends of six external factors based on PESTEL Analysis Framework.
3.) Monitoring & Review
GC has determined that risk management is controlled and tracked through the Risk Management Committee and the Audit Committee. The company requires that risk management performance is monitored and reported regularly at all levels, from the corporate level through to business groups, business lines, business units and subsidiaries.Risk Management Process
GC has defined that risk management audits shall be conducted by internal audit and external audit as follows:
- Audit key risks that affect operations by the Internal Audit Department, provide recommendations on internal control to the management, determine corrective actions according to the recommendations, and report the audit results to the Audit Committee on a regular basis.
- Audit and monitor efficiency of machinery/equipment on a monthly basis by fully complying with the equipment inspection standards.
- Audit operational management results of utility system service providers to assess risks and collectively seek risk management methods.
- Audit operation risk management system using GC Management System (GCMS).
- Externally audit by Management System Certification Institute (MASCI).
- Audit Risk Management Maturity by external consultants.