Part 2
Corporate Governance
of personal data of customers, business partners and persons who are interested in the Company’s business by searching information via the Company’s website including training on personal data awareness for employees in the organization. The Company assigned the Chief of Information System as the Data Protection Officer (DPO) to supervise and maintain all personal data within the organization, whether it is internal or external information of the organization, as well as to give advice, inspect and supervise usage of personal data pursuant to the personal data protection laws.
In 2024, the Company employed the employees to supervise cyber security works to specifically prevent cyber risks. In addition, the Company did not have any complaints or incidents related to personal data at all.
Internal Control System
The Company realizes the importance of the internal control system in both executive and operation levels. In order to control the shareholders’ capital and the Company’s assets, the Company has set up the operational guidelines to increase the efficiency of the internal control system. These guidelines become the operational policy and identify the duties and operational power of the operators and the executives in writing. The duties of operators, supervisors and assessors are segregated. The policy also controls the Company’s assets deployment to maximize its benefits.
The Company appointed the Audit Committee to review that the internal control system and the internal audit are appropriate and efficient for the business, and the assets are efficiently deployed. In order to prevent the potential damage or fraud. The Company shall outsource the internal auditor to observe and monitor the internal control system and review the significant matters consistently. They shall coordinate with the Company’s internal audit function and report to Audit Committee on the sufficiency and efficiency of the internal control system that covers the operations and compliance control, risk management and the significance given to the abnormal issues. The suggestions to improve the internal control system shall be provided in order to assure that the Company has the efficient system and supports the credibility to the Company’s financial statement.
Risk Management
The Company has the Risk Working Committee to directly report to the Corporate Governance and Risk Management Committee to consider and set guidelines to prevent the risks from internal and external factors that can cause the damages to the Company. In order to ensure that the Company can manage risks in acceptable level (risk appetite) and risk management strategy shall be reviewed and adjusted to make them conform to the constant changing situations for efficient risk management system.
108
Annual Registration Statement / Annual Report 2024
(Form 56-1 One Report)