Our Approach and SDGs Environment Society Reporting Center Sustainability in Actions Awards and Recognitions
Corporate Governance Business Conduct, Ethics and Compliance Organization Contributions Tax Strategy Innovation Management Supply Chain Management Information Security, Cybersecurity and System Availability
Risk Governance Risk Culture Emerging Risk Monitoring Sensitivity Analysis and Scenario Planning Business Continuity Management

Risk Management

Material Topics
Risk Management
Impact Level
Impact Materiality : Very High
Financial Materiality : Medium
Stakeholders
Shareholder
Business Partner
Customer
Investor
Community
Public Sector
Employee
Stakeholder Type of Impact Cause of Impact
Shareholders
  • Negative
 Products/Services
Business Partners
  • Positive
  • Negative
 Operations, Products/Services
Customer
  • Negative
 Products/Services
Investor
  • Positive
  • Negative
 Operations
Community
  • Positive
  • Negative
 Operations, Products/Services
Public Sector
  • Positive
  • Negative
 Operations
Employee
  • Positive
  • Negative
 Operations

SDGs Targets

6.6
8.2, 8.4
9.4, 9.5
12.1, 12.2, 12.5

Business Case, Business Impact: Risk/ Cost / Revenue

Why business must focus on Risk Management

Comprehensive risk management enables GC to achieve established corporate goals and objectives. It also supports the creation of values for stakeholders in the long run.

Protect Image and Reputation
 Proactive risk management serves as a prevention and response to unexpected situations that may affect GC’s image and reputation.
Serve as a Basis for Decision-making
 Risk management can contribute to accurate decision-making for planning and determining future business directions.
Reduce Business Costs
 Identifying key financial risks, including planning and defining strategies to prepare for risk management, can cut down operating costs.
Ensure Business Continuity
 Risk management can comprehensively reduce risks, both in internal processes and in collaborations with suppliers, allowing business to run smoothly according to established plans and reducing the risk of profit loss.
Enhance the Organization
 Risk management can lower the likelihood and impact of risk factors in a comprehensive and effective manner, enabling GC to grow and become a sustainable leader in the industry.

Management Approach GRI 3-3 (2021)

Nowadays, business operations are significantly more complex and dynamic than in the past. This is primarily due to the global economic slowdown, along with uncertainties and risks stemming from geopolitics, which impact economic stability. In addition, changes in government policies and consumer demands, as well as advancements in generative artificial intelligence (AI) and digital technologies, are creating both new opportunities and risks that may influence future business directions. As a result, GC is adapting and implementing strategies to effectively respond to these changes.

GC, therefore, emphasizes on a systematic risk management for the entire organization while continuously improving the agility of the business. GC also continues to provide many training programs regarding risk management to raise the awareness and improve personal development for the executives and all employees. These are to assure that the company will be able to handle uncertainties effectively and achieve the operational strategy.

Commitment

GC strives to manage risks systematically throughout the organization by implementing international standards, covering assessment, management and monitoring of risks. GC also places emphasis on the company’s preparedness for emerging risks. In addition, the risk management framework and operational plans have been improved in line with key corporate strategies and goals under an acceptable risk appetite. This is to ensure that the organization can cope with challenges and accomplish established goals.

Risk Management and Internal Process GRI 2-25

GC has developed an Enterprise Risk Management according to the international standard of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the International Organization for Standardization's ISO 31000, as well as, the corporate governance principles for businesses registered in 2017 (CG Code 2017) and anti-corruption guidelines.

GC has set up a risk management framework and guidelines in order to systematically, efficiently, and effectively manage risks throughout the organization. Additionally, GC has also established a risk management monitoring and performance evaluation system to detect any potential emerging risks, that may arise.

Nevertheless, GC has integrated the risk management in the organization under 3 aspects of Governance, Risk Management and Internal Control and Compliance under one system called GRC. This allows GC to reduce the risks in more comprehensive manner. Furthermore, GC has also developed risk taxonomy to classify risks and integrated company-wide risk management at both the enterprise and operation levels, allowing GC to achieve any goals and targets more efficiently.

Business Strategies

GC has established policies and frameworks related to risk management and business continuity in order to comprehensively manage risks and crises in accordance with international standards. GC has also developed the following action plans to upgrade the efficiency of internal risk management:

  • Integrate risk management, covering policies, laws, and operating standards, under a framework called GRC (Governance, Risk & Internal Control and Compliance).
  • Monitor and analyze internal and external factors to enable continuous risk identification throughout the year.
  • Upgrade risk culture as part of the work process in line with the organization’s sustainability goals.
  • Develop online whistleblowing channels and database to connect risk-related information at all levels of the company.

Risk Management Process

The risk management process comprises of four key steps, which are

1.) Risk Identification & Assessment

GC has leveraged a range of risk management tools to analyze, assess and define a risk management framework, such as appropriate business environment analysis processes based on internal and external factors, risk appetite, risk tolerance, risk assessment, and risk prioritization using a risk map.

Risk Appetite and Risk Tolerance Levels

2) Risk Treatment/ Mitigation

GC has appointed a person responsible for risk assessment, established mitigation plan in accordance with the risk appetite, and determined Key Risk Indicators (KRI). Furthermore, the company has adopted the Sensitivity Analysis, Scenario Planning and Stress Testing to assess risk impacts under different scenarios, covering potential financial risks and non-financial risks. GC has also laid out preparation measures and a process to continuously monitor situations and trends of six external factors based on PESTEL Analysis Framework.

3.) Monitoring & Review

GC has determined that risk management is controlled and tracked through the Risk Management Committee and the Audit Committee. The company requires that risk management performance is monitored and reported regularly at all levels, from the corporate level through to business groups, business lines, business units and subsidiaries.

Risk Management Process

4.) Audit of Risk Management Process

GC has defined that risk management audits shall be annually conducted by internal audit and external audit as follows:

  1. Audit key risks that affect operations by the Internal Audit Department, provide recommendations on internal control to the management, determine corrective actions according to the recommendations, and report the audit results to the Audit Committee on a regular basis.
  2. Audit and monitor efficiency of machinery/equipment on a monthly basis by fully complying with the equipment inspection standards.
  3. Audit operational management results of utility system service providers to assess risks and collectively seek risk management methods.
  4. Audit operation risk management system using GC Management System (GCMS).
  5. Externally audit by Management System Certification Institute (MASCI).
  6. Conduct internal audit on risk management process by Internal Audit Department through inspection of procedures and guidelines to identify key risk issues with potential impact on GC’s operations, designate responsible persons, establish short-term and long-term risk management measures covering all risk issues.
  7. Assess risk management maturity by external audit.
Enlarge Image

Top Risk

GC analyzes both internal and external top risk factors by categorizing enterprise risks into three groups, namely Business as Usual Risk, Strategic Risk, and Emerging Risk.

Business as Usual Risk Factors
  1. Operational and Safety
  2. Market Volatility
  3. Cyber Threat

Additional information on the management of Business as Usual Risks is available in One Report 2025, pages 95-97
Strategic Risk Factors
  1. Sustainable Feedstock
  2. Financial and Investment Management
  3. Business Restructuring and Impairment
  4. Decarbonization Implementation
  5. People and Organization

Additional information on the Management of Strategic Risk Factors is available in One Report 2025, pages 98-100
Emerging Risks
  1. Geopolitical & geoeconomic policy volatility
  2. Misuse & Under-utilization of Generative & Agentic AI and Unable to Utilize Digital & AI Technology
  3. Changes in regulatory affect consumer demand and shift market landscape
  4. Climate Change Risk

Additional information on the management of Emerging Risks is available in One Report 2025, pages 102-105

Emerging Risk Monitoring
Risk Appetite Risk Tolerance
Strategy
Maintain a higher Return on Investment Capital (ROIC) than the Weighted Average Cost of Capital (WACC) in the long-term, invest in sustainable growth strategies and innovations, uphold international sustainability standards in the chemical industry, and conduct business according to established plans to achieve net zero by 2050 in response to stakeholder expectations.
  • GC’s Internal Rate of Return (IRR) must not be lower than the Hurdle Rate.
  • The total return on all innovation investment projects must not be lower than GC’s WACC.
  • Investment in Corporate Venture Capital (CVC) projects must not exceed the budget approved by the Board of Directors
  • Maintain top 10 position in the Dow Jones Sustainability Indices (DJSI).
  • Control carbon emissions in accordance with specified targets.
Business
Obey laws, regulations, requirements and standards related to business operations and conduct business in a transparent and verifiable manner to prevent fraud that may cause damage to the company.
  • No case of legal violation or inconsistency with internal regulations.
  • No case of non-compliance that may hinder GC from achieving significant standard certifications
  • No case of fraud causing damage to the Company that resulted in civil or criminal litigation against the offender.
Operation
Conduct business with focus on quality and safety for employees and the society, utilize technology to enhance production and energy efficiency in line with international standards, and safeguard IT security to prevent impacts on reputation and operations.
  • No Process Safety Event: LOPC Tier 1* in accordance with the safety definition.
  • No damage to GC’s reputation, properties and important data.
Finance
Operate business under a disciplined financial policy that takes into account the returns of stakeholders by effectively managing financial risks to strengthen GC’s financial position and maintain the company’s credibility.
  • Maintain liquidity (cash) at an appropriate level
  • Maintain Debt Service Coverage Ratio (DSCR) at no less than 1.25 in accordance with the Company's financial policy.
  • Maintain credit rating at no less than the Investment Grade

Remark

* Executive KPI and Compensation Metric