Page 58 - Anual report STi 2022_eng
P. 58
business plan in order to be consistent and suitable for the 3. Risk Assessment. It is an analysis and
organization's business operations in the current situation. assessment of the risks identified in the risk identification by
The Board of Directors has established and considering likelihood and impact, both positive and negative,
communicated the risk appetite of the Company to serve as of each risk according to the criteria set by the company.
management and operational guidelines for employees and 4. Risk Management. It is an important step
their ability to accept and manage risks. The Company has to make the organization operate efficiently, able to achieve
the risk appetite in relation to various risks as follows: objectives and strategic goals set leading to sustainable
1. Financial Risk - The Company does not development.
accept the risk of unreliable financial reports, including 5. Risk Monitoring and Review. The risk
non-compliance with accounting standards. owner department shall report risk assessment results and
2. Compliance Risk - The Company does not risk management results to the meeting of the risk
accept the risk of violating laws or regulations related to management working group, the Risk Management
operations and violation of Code of Conduct or lack of good Committee, the Audit Committee, and the Board of Directors
corporate governance in the organization. for further consideration.
3. Business Risk - The Company does not Roles and Responsibilities
accept risks arising from not operating in accordance with 1. Roles and Responsibilities of the Board of
the organization's strategic goals, as well as the supply chain Directors
risk caused by the quality of service and affect the Company's The Board of Directors will oversee risk management
performance. throughout the organization with the following responsibilities:
4. Hazard Risk - The Company does not accept ● Define and approve risk management policy.
risks from the security of information technology systems ● Consider corporate risk management reports
from the use of unauthorized software in the organization.
regularly presented by the Risk Management Committee,
5. Operational Risk - The Company does not which collect information and opinions from executives,
accept the risk of errors in work or control work that does not internal audit department, and/or external auditors so that the
meet the standards set by the Company or neglect to comply Board of Directors can be confident that the internal control
with safety principles system which is one of the important tools in risk management
Risk Management Process operates with sufficient efficiency.
All risks that affect the achievement of corporate ● Delegate responsibility to the executive team to
strategy objectives, including the risk from the operational lead to practical risk management.
department, important business decisions, and important 2. Roles and Responsibilities of the Audit
routine work must be handled through the enterprise risk Committee are to support the Board of Directors in reviewing
management process consists of 5 steps as follows: the financial reports to be accurate and reliable, as well as
1. Objective Establishment. It allows an reviewing to ensure that the Company Group has an
organization to reduce the likelihood of future damage to an appropriate, adequate, and effective internal control system,
acceptable, controllable and auditable level of risk. internal audit, risk assessment system, and risk management.
2. Risk Identification. It is a survey of any
risks that may affect operations or result in inability to achieve
the strategic goals set by the organization and risk categories.
56 Annual Report 2022 (56-1 One Report)
