Internal Control
The company sets focus on internal control covering finance, operation and compliance with relevant laws and regulations as well as appropriate risk management that is efficient enough to prevent or mitigate risks which may cause damage to assets or reputation. The Company evaluates the operation of work in accordance with good corporate governance.
The Company is certified a membership of the Private Sector Collective Action Coalition against Corruption (CAC) which is the Company’s 2nd renewal of the certificated. The Board of Directors clearly defines roles and duties of each committee and the management and monitors the performance pursuant to the roles and duties and the organization structure and line of command designed to create balance of power and internal control. Goals and key performance indicators are established to evaluate efficiency and to monitor the work result in comparison to the corporate objectives regularly.
The Board of Directors annually evaluates the sufficiency of internal control system in accordance with the guidelines provided by the Securities Exchange Commission and the framework set by the Stock Exchange of Thailand with reference to the 5 elements and 17 principles of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The Board of Directors and the Audit Committee consider that the Company has sufficient and appropriate internal control system suitable to the business characteristics.
The Company is certified a membership of the Private Sector Collective Action Coalition against Corruption (CAC) which is the Company’s 2nd renewal of the certificated. The Board of Directors clearly defines roles and duties of each committee and the management and monitors the performance pursuant to the roles and duties and the organization structure and line of command designed to create balance of power and internal control. Goals and key performance indicators are established to evaluate efficiency and to monitor the work result in comparison to the corporate objectives regularly.
The Board of Directors annually evaluates the sufficiency of internal control system in accordance with the guidelines provided by the Securities Exchange Commission and the framework set by the Stock Exchange of Thailand with reference to the 5 elements and 17 principles of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The Board of Directors and the Audit Committee consider that the Company has sufficient and appropriate internal control system suitable to the business characteristics.
1
Control Organization
The Company clearly sets measurable business goals and action plans. The goals are revised while the actual results are compared with the goals regularly. The organization structure is made with the concept to allocate duties and to establish line of command with responsibility so as to achieve objectives with the supervision of the Board of Directors. The Company prescribes business ethics, corporate governance policy, anti-corruption practices and conflict of interest policy to express its commitment to integrity and business ethics. List of authorities and operational manuals are made and regularly revised to be in line with new standards.
The Board of Directors is independent from the management. The Board is empowered to govern and develop the internal control system. The Board also promotes the development of personnel so that they shall be capable to administer and take responsibility for the internal control effectively.
As regards anti-corruption matters, the Company provides manual of anti-corruption measurement and risk evaluation of internal fraud.
2
Risk Assessment
The Company is aware of the evaluation of the risks that may cause adverse effect to business operation. The Risk Management Committee together with the Risk Management Office evaluate risk factors both from outside and inside the organization that may have impact upon the business. The Office identifies and analyses all types of relevant risks including fraud and corruption and categorizes material risks pursuant to the effects and probability of occurrence in each business process and establishes risk management plans. The risk factors are revised every year.
3
Operational Control
The Company has internal control that is consistent with the risks and types of business. The control is clearly allocated to each functional unit as defined in the manual of authorities and the manuals of operation which are made and revised to suit the organization structure and present operation. Each functional unit is designed to balance the power and to cross-examine appropriately, particularly the task that incurs significant risks so as to mitigate or reduce errors such as financial transactions, sales, procurement, asset supervision, personnel management, etc. The internal audit office is set up to audit each operation regularly in accordance with rules, regulations, manual of authorities and manual of operation to ensure sufficient and appropriate internal control. There is efficient operation of work including the use of information technology to help conduct the work more rapidly and efficiently.
4
Information and Communication
The Company strengthens information technology system and communication, promotes and supports continuous system development so that the information is correct and updated. The Company uses the information technology system that is up-to-date, efficient and data-secured to collect data, process data, store date and monitor data so that the administration, the decision-making, policy regarding information technology security and the use of information by directors, executives and staff can be done safely and correctly within reasonable time.
The Company provides appropriate communication channels to convey messages regarding duties, responsibility and other matters to personnel and specifies secured channels for submitting clues or complaints regarding fraud and corruption. Also, there is communication in respect of issues that may cause impact to internal control between internal functional units and between the Company and third parties.
5
Monitoring System
The Audit Committee, by the Office of Internal Audit, audits the internal control system. The internal audit office examines, monitors and evaluates the operation to ensure that the findings arising from audit process are rectified in reasonable time. The independent Auditor evaluates the internal control regarding finance and accounting and submits the audit result to the Audit Committee on a quarterly and yearly basis. In the previous year, there is no significant flaw as to the internal control audit.
Risk Management
The Risk Management Committee stipulates risk management policy, risk factors and risk management process for the management to bring to practice so as to help the management to consider control points to manage the risks to the acceptable level. The management is responsible for the business planning, the operation, the specification, analysis and evaluation of work structure by taking into consideration the internal and external risk factors.
In 2020, the Risk Management Committee and the Office of Risk Management implemented the Risk Management Activity Plans as follows:
1. The Committee revised Charter of the Risk Management Committee, objectives, scope of authority and responsibility, manual on risk management and operational manual of the risk management office year.
2. The Committee specify causes of organizational risk and the responsible persons in each division for each risk for the year 2019/2020 as approved by the Risk Management Committee.
3. The Committee provided plans to support analysis and evaluation of new risks in 2020/2021 and make preliminary guidelines with measures to respond the risks.
4. The Committee held preparatory meeting for the risk management office to work on various sites pursuant to the supporting plans.
5 The Committee supported the making of report stating risk status by the responsible person of each division in 7 sites with head office.
6. The Committee reported the risk status to the Board of Directors showing information as to risks that are stable, decreasing and increasing together with causes so that the management can use for planning and operation on quarterly basis respectively.
7. The Committee monitored a result of the Business Continuity Plan (BCP) and rehearsal an emergency plan especially situation of COVID – 19 pandemics.
By virtue of dedication and cooperation of all parties concerned, the internal control system and the risk management of the group of companies are regarded acceptable by the Company and can be developed to serve the objectives and goals of each department.
In 2020, the Risk Management Committee and the Office of Risk Management implemented the Risk Management Activity Plans as follows:
1. The Committee revised Charter of the Risk Management Committee, objectives, scope of authority and responsibility, manual on risk management and operational manual of the risk management office year.
2. The Committee specify causes of organizational risk and the responsible persons in each division for each risk for the year 2019/2020 as approved by the Risk Management Committee.
3. The Committee provided plans to support analysis and evaluation of new risks in 2020/2021 and make preliminary guidelines with measures to respond the risks.
4. The Committee held preparatory meeting for the risk management office to work on various sites pursuant to the supporting plans.
5 The Committee supported the making of report stating risk status by the responsible person of each division in 7 sites with head office.
6. The Committee reported the risk status to the Board of Directors showing information as to risks that are stable, decreasing and increasing together with causes so that the management can use for planning and operation on quarterly basis respectively.
7. The Committee monitored a result of the Business Continuity Plan (BCP) and rehearsal an emergency plan especially situation of COVID – 19 pandemics.
By virtue of dedication and cooperation of all parties concerned, the internal control system and the risk management of the group of companies are regarded acceptable by the Company and can be developed to serve the objectives and goals of each department.
