Risk and Crisis ManagementUnder conditions of global economic fluctuations and uncertainties, risks that impact the business must be managed effectively to aid an organization in achieving its business objectives and sustainable growth. For this reason, GPSC has adopted Enterprise Risk Management in accordance with COSO ERM Framework and ISO31000:2009 standards to ensure that all related persons understand risk management principles and can apply the knowledge appropriately. GPSC appoints the Risk Management and Internal Control Committee to oversee the overall corporate risk management as well as issuing the Risk Management Policy with the following approach in risk and crisis management.
Risk Management Policy
GPSC establishes a risk management policy to serve as a guiding framework for all executives and employees. This policy provides a clear, comprehensive, and systematic risk management approach which is aligned with the company’s business strategies.
Download Risk management policyDownload
Risk and Crisis Management Approach
Risk Management Structure and Framework
Risk management at GPSC is overseen by the Risk Management Committee (RMC), comprising selected board members. The Committee is responsible for initiating and reviewing the company’s risk management policy and operational framework as well as overseeing and ensuring that corporate risk management practices are consistent with the company’s strategies and business goals. The Committee is also responsible for monitoring, filtering, and making suggestions aimed at enhancing risk management effectiveness on an ongoing basis (See additional information on the scope, authority, and duties of the Risk Management Committee in the Risk Management Committee Charter). The GPSC Management Committee (GPSCMC), consisting of senior executives from various divisions, is responsible for reviewing and monitoring the implementation of the company’s risk management policy, while the Risk Management and Internal Control Committee (RMCC), consisting of senior executives, is responsible for ensuring that appropriate and effective risk management and internal control systems are in place and operational. Corporate risk management is reviewed at the RMCC monthly meeting and the results are then reported to the RMC which convenes at least every quarter.
Within the overarching framework of Enterprise Risk Management (ERM) embedded in Operational Risk Management (ORM), all risks are classified into 2 levels, namely corporate level and functional level. The RMC and MC are responsible for reviewing corporate level risks, while the RMCC reviews both corporate level and functional level risks which are of high significance or have the potential to have significant impacts on the company.
Enterprise Risk Management Framework
Risk Management Strategies
GPSC has established an ERM strategy that necessitates the training of all executives, employees, and related stakeholders. In addition, risk agents have been appointed for all business units based on relevant risk clusters with the Corporate Risk Management function serving as the central coordinator for undertaking continuous process improvement in accordance with ORM in the Operation Excellence Management System (OEMS) as part of PTT Group’s Operation Best Practice Development Project. GPSC also sets its objectives, risk appetite, and risk tolerance to ensure consistency in all risk management practices throughout the organization as well as complete alignment with our business strategy.
Strategy and Investment Area
- GPSC will invest in research and development (R&D) which aims to focus on long-term profitability
- GPSC's business expansion will be prioritized in target countries
- Clean energy is one of the significant sources for GPSC’s investment
- The impact of all stakeholders will cautiously be taken into account in GPSC’s investment process
- GPSC will collaborate only with reliable and potential financial partners
- Employee satisfaction and welfare will be retained at a level not lower than at other companies in the industry.
- Employee capability development is the GPSC’s capital investment to support future business growth
Business and Operational Area
- GPSC will not take any risks of non-complied or misconducted rules and regulations.
- GPSC refuses to accept any risks of fraudulent activities.
- All of GPSC’s operations will be performed with consideration for the impact on customer satisfaction.
- GPSC refuses to accept any exposure which will cause Rayong Power Plant’s reliability to be lower than 99.98%.
- GPSC strongly refuses to deliver any nonqualified products or services to our customers.
- GPSC aims to achieve Zero Incidents in operations.
- GPSC will not perform any activities which expose the environment and the surrounding communities to risk.
- GPSC will encourage effective and standardized employment, and will not take any risks associated with harm to personnel or human rights.
- GPSC will not take any risks which could damage the company's reputation.
- The company will maintain our capital structure to be comparable to other leading companies in the industry. The average target of Net Debt / Equity is lower than 1 time, and Net Debt/EBITDA is lower than 4 times
- GPSC will provide the appropriate funding source which complies with business conditions, and align with PTT Group policy
Remark: Risk appetite means the level of risks that GPSC can accept in order to drive its business and achieve the targets.
Risk Management Process
Risk issues which require comprehensive assessments and adequate risk mitigation measures are of paramount importance to GPSC. For this reason, GPSC regularly conducts risk analysis and assessment on an annual basis to ensure that its risk management remains in line with the organization’s objectives and strategic plans. Details of the corporate risk management process are as follows:
Risk Management Process
1. Risk Factor Identification
GPSC identifies risk factors by assessing future scenarios as a result of both internal and external changes that could potentially prevent the organization from achieving its targets.
2. Risk Assessment and Analysis
GPSC assesses and analyses all aspects of risk that may arise at both corporate level and functional level with the following risk assessment criteria:
- The criteria for risk impact assessment encompass finance, business and operational processes, organizational reputation, customers, and employees categorized into 4 levels of severity, from low to high.
- The criteria for likelihood assessment with 4 levels of classification from low likelihood (less than 10%) to high likelihood (more than 90%)
Assessment results are presented in the form of a risk matrix to be used for risk prioritization. Risk determined to impose high impacts on the organization will be classified as corporate-level risk while those with impacts at a functional level will be classified as functional-level risk.
- Corporate Level: Determined by impacts or damages that could prevent the company from achieving its targets, corporate level risk includes strategic risk, business risk, operational risk, and financial risk.
- Functional Level: Determined by impacts or damages that could prevent a business unit from achieving its objectives and fulfilling its duties, functional level risk mostly comes from business risk, operational risk, and financial risk.
3. Risk Management
GPSC employs appropriate management teams to limit risk and maintain risk levels within the organization’s tolerance level by implementing risk response measures to lower the likelihood of risk incidents and assigning risk owners as part of the risk mitigation planning process.
4. Monitoring, Reporting, and Communication
GPSC monitors and reports its risk management on an ongoing basis with explicit assignments of monitoring and reporting responsibilities as follows:
- The Risk Management and Internal Control Committee (RMCC) at the management level is responsible for regularly monitoring the corporate-level risk and reporting the results to the Risk Management Committee and the Board of Directors.
- GPSC requires each function to designate a risk agent whose role is to serve as a center for risk factor identification and risk assessment within each sub-division using the risk register form. The Corporate Risk Management function reports to the Risk Management and Internal Control Committee (RMCC) to monitor progress on an ongoing basis.
Moreover, the company also communicates risk issues with all executives and employees to build a strong risk management culture by offering on-going risk management training, sending out risk communication emails, and incorporating risk management into key performance indicators for all executives and employees.
5. Reviewing Risk Management Plan
GPSC regularly adjusts its risk management plan to suit current situations and to incorporate management advice with the objective of integrated risk management.
Risk issues with the highest impacts on the business are those related to the efficiency of investments, organizational capability, regulation compliance, power plant reliability, and project execution. Significant risk correlation must be factored into the company’s risk management since risk correlation causes a chain reaction that may increase or decrease the level of risk depending on the nature of the correlation.
Risk Correlation Analysis Matrix
Business Continuity Management
In the event of any uncertainties or unexpected crises, operational disruptions, such as failure to produce and deliver electricity or steam to customers, may befall the company, potentially inflicting severe damages. Therefore, GPSC takes a proactive approach to handling potential crises by developing a business continuity management (BCM) system which covers major operations at the headquarters and at the power plants in Rayong and in Sriracha. The company employs risk analysis tools to determine potential risk factors and create action plans for various scenarios to maintain operational continuity and restore normal business operations as quickly as possible. Moreover, GPSC has prepared an emergency response plan to limit the consequences of an emergency incident from getting out of control. This emergency response plan complements the company’s BCM plan and crisis communication plan.