Material Topics
Risk and Crisis Management
Impact Level
Impact Materiality : Medium
Financial Materiality : Very High
Double Materiality : Very High
Stakeholders
Investor
Public Sector
Employee
Shareholder
Customer
Supplier and Business Partner
Community

Management Approach GRI 3-3 (2021)

Nowadays, business operations have become more complex. The way of conducting business has also changed from the past. The main reason for this lies in the global economic slowdown and China’s delayed economic recovery coupled with uncertainties and risks arising from geopolitical conflicts, which may create new risks and opportunities with impact on GC’s future business operations.

GC, therefore, emphasizes on a systematic risk management for the entire organization while continuously improving the agility of the business. GC also continues to provide many training programs regarding risk management to raise the awareness and improve personal development for the executives and all employees. These are to assure that the company will be able to handle uncertainties effectively and achieve the operational strategy.

Risk Management and Internal Process GRI 2-25

GC has developed an Enterprise Risk Management according to the international standard of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the International Organization for Standardization's ISO 31000, as well as, the corporate governance principles for businesses registered in 2017 (CG Code 2017) and anti-corruption guidelines.

GC has set up a risk management framework and guidelines in order to systematically, efficiently and effectively manage risks throughout the organization. Additionally, GC has also established a risk management monitoring and performance evaluation system to detect any potential emerging risks, which may arise.

Nevertheless, GC has integrated the risk management in the organization under 3 aspects of Governance, Risk Management and Internal Control and Compliance under one system called GRC. This allows GC to reduce the risks in more comprehensive manner. Furthermore, GC has also developed risk taxonomy to classify risks and integrated company-wide risk management at both the enterprise and operation levels, allows GC to achieve any goals and targets more efficiently.

Risk Management Process

The risk management process comprises of four steps, which are

1.) Risk Identification & Assessment

GC has leveraged a range of risk management tools to analyze, assess and define a risk management framework, such as appropriate business environment analysis processes based on internal and external factors, risk appetite, risk tolerance, risk assessment, and risk prioritization using a risk map.

Risk Appetite and Risk Tolerance Levels

2) Risk Treatment/ Mitigation

GC has appointed a person responsible for risk assessment, established mitigation plan in accordance with the risk appetite, and determined Key Risk Indicators (KRI). Furthermore, the company has adopted the Sensitivity Analysis, Scenario Planning and Stress Testing to assess risk impacts under different scenarios, covering potential financial risks and non-financial risks. GC has also laid out preparation measures and a process to continuously monitor situations and trends of six external factors based on PESTEL Analysis Framework.

3.) Monitoring & Review

GC has determined that risk management is controlled and tracked through the Risk Management Committee and the Audit Committee. The company requires that risk management performance is monitored and reported regularly at all levels, from the corporate level through to business groups, business lines, business units and subsidiaries.

Risk Management Process

4.) Audit of Risk Management Process

GC has defined that risk management audits shall be annually conducted by internal audit and external audit as follows:

  1. Audit key risks that affect operations by the Internal Audit Department, provide recommendations on internal control to the management, determine corrective actions according to the recommendations, and report the audit results to the Audit Committee on a regular basis.
  2. Audit and monitor efficiency of machinery/equipment on a monthly basis by fully complying with the equipment inspection standards.
  3. Audit operational management results of utility system service providers to assess risks and collectively seek risk management methods.
  4. Audit operation risk management system using GC Management System (GCMS).
  5. Externally audit by Management System Certification Institute (MASCI).
  6. Conduct internal audit on risk management process by Internal Audit through inspection of procedures and guidelines to identify key risk issues with potential impact on GC’s operations, designate responsible persons, establish short-term and long-term risk management measures covering all risk issues.
  7. Assess risk management maturity by external audit.