EN
TH
Risk and Crisis Management Risk and Crisis Management

Risk and Crisis Management

Commitment, Challenge and Opportunity

In today’s rapidly changing world, businesses face a wide range of risks, including technological advancements, heightened competition from both industry rivals and multinational corporations, and political uncertainties that impact operations both directly and indirectly.

As a result, risk management has become an essential tool for corporate governance, ensuring that organizations can achieve their economic objectives while maintaining strong relationships and meeting stakeholder expectations. In response to these challenges, the company has reassessed its current business strategies and processes to enhance its ability to adapt to evolving conditions by evaluating present circumstances and anticipating future risks.

Supporting the SDGs Goals

Goal 8:
Decent Work and Economic Growth

Stakeholders Directly Impacted

Employees
A well-structured and effective risk management system enhances employment stability, financial security, and occupational safety, particularly in high-risk construction zones. Furthermore, it fosters ongoing professional development and career progression for employees. By mitigating workplace uncertainties, the system also contributes to reducing occupational stress and pressure, thereby promoting a more sustainable and resilient workforce.
Shareholders, Investors, and Analysts
An organization's ability to effectively identify, assess, and manage risks plays a crucial role in mitigating potential operational impacts. Robust risk management not only safeguards against financial losses but also reinforces corporate confidence and stability, fostering sustainable long-term growth and success.
Business Partners and Contractors
Effective risk management enhances business continuity, facilitates strategic planning and cost control, increases opportunities for securing new projects through compliance with established risk management standards, and mitigates the risk of shared liability in the event of unforeseen incidents that may impact project outcomes.

Management and Operational Approach

The company has implemented a comprehensive risk management policy, underscoring its commitment to operating as a responsible construction contractor that generates positive societal and national impacts. This policy is founded on core business principles of integrity, fairness, and stakeholder value maximization, ensuring alignment with social and environmental responsibilities.

In its operations, the company has established a risk management framework that aligns with recognized standards, following the international guidelines of COSO ERM 2017: Enterprise Risk Management Integrating with Strategy and Performance. This framework emphasizes a comprehensive approach to risk management across the organization, at both the corporate and departmental levels. It outlines the structure, roles, responsibilities, and duties associated with risk management, alongside a risk management process that empowers risk owners to achieve their objectives and goals. This process supports the efficient execution of operations, driving value creation and fostering sustainable growth for the organization.

In addition, the company has established a Governance and Risk Management Committee responsible for formulating policies and the operational framework for managing risks. The Committee provides guidance to the Board of Directors and senior management on effective risk management strategies, oversees the implementation of risk management processes, and ensures the achievement of risk management objectives. The Committee also evaluates significant risks in alignment with the company’s business objectives, considering both internal and external factors that may impact operations, including investment, financial, safety, legal and regulatory concerns, as well as ESG-related risks. Furthermore, the Committee is tasked with recommending strategies for risk prevention and mitigation, ensuring that risks are reduced to acceptable levels. The Committee monitors and evaluates the effectiveness of risk management efforts and regularly reports on risk assessments and mitigation activities to the Board. In the event of significant risks that could materially affect the company, these are promptly reported to the Board for timely decision-making and the preparation of a Business Continuity Plan (BCP) to address potential disruptions and ensure the company can resume operations within a reasonable timeframe. These activities are governed within the framework of the company’s risk management strategy, ensuring continuous improvement in line with sustainable development objectives.

Risk Management Policy
Download

Risk Management Structure of CH. Karnchang

The Corporate Governance and Risk Management Committee is responsible for establishing and reviewing policies related to risk management. The executive team plays a key role in overseeing and approving the organization's overall risk management processes. Each department is tasked with monitoring, assessing, and preparing quarterly risk management reports, which are submitted to the executive team for approval. Upon approval, the reports are presented to the Corporate Governance and Risk Management Committee for final approval and subsequently reported to the Board of Directors for acknowledgment.

Note: In order to maintain independence, the Corporate Governance and Risk Management Committee reports directly to the Board of Directors and is not part of the business operations.

Risk Management Structure
Risk Management Structure
Click to Enlarge
Position Key Roles and Core Responsibilities
Board of Directors
  • Establish the organization’s strategic direction and objectives in alignment with its mission, vision, and core values, ensuring they support sustainable development goals (SDGs).
  • Supervise the integration of risk management practices across the organization, ensuring executives and employees effectively implement and manage risk mitigation strategies in line with environmental, social, and governance (ESG) principles.
  • Hold quarterly discussions with the Corporate Governance and Risk Management Committee to evaluate the performance of risk management strategies, ensuring transparency and accountability.
  • Conduct an annual review of the risk management policy and compliance with the Code of Conduct, as presented by the Corporate Governance and Risk Management Committee, to ensure continued alignment with SDG and ESG objectives and approve modifications as necessary.
Corporate Governance and Risk Management Committee
  • Develop and establish key policies and strategies for effective risk management, aligning with organizational objectives and sustainable development goals.
  • Actively promote and oversee the integration of risk management practices throughout the organization, reviewing the effectiveness of the process and ensuring adherence to established guidelines.
  • Conduct ongoing reviews and monitoring of critical risks across all operational areas, ensuring the implementation of comprehensive risk management plans, and evaluating the overall effectiveness of risk mitigation strategies.
  • Maintain a thorough understanding of potential risks that could substantially impact the organization's sustainability and ensure that appropriate actions are taken to mitigate these risks.
  • Provide well-informed recommendations and approve risk management approaches, ensuring alignment with code of conduct, sustainable development goals and environmental, social, and governance (ESG risks) standards.
The Executive Management Team for Project Risk Management.
  • Consider setting an acceptable level of risk and establishing a comprehensive risk management framework in alignment with sustainable development objectives.
  • Implement an organization-wide risk management plan to reasonably ensure that the organization will achieve its goals with quality, in accordance with the principles of enterprise-wide risk management.
  • Encourage organizational leadership and staff to recognize the critical importance of effective risk management.
  • Evaluate the interrelationships of various risks, monitor the progress of the implementation of the risk management strategy, assess its alignment with the plan's objectives, and provide strategic recommendations to enhance and refine risk management practices.
  • A quarterly report on risk management and governance is presented to the Governance and Risk Management Committee to ensure that the company’s key risks are consistently monitored and managed within acceptable thresholds. This process is integral to supporting the company’s operational activities, ensuring alignment with its strategic goals and contributing to the achievement of predefined objectives.
Secretary of the Corporate Governance and Risk Management Committee
  • Coordinate and organize meetings for the Corporate Governance and Risk Management Committee, the Executive Meeting for the Risk Management Project, and the Working Group for the Risk Management Project.
  • Collect and analyze risk assessment data for each operational unit, prepare relevant materials for discussions, and continuously assess the adequacy of the risk management system in coordination with the Office of the CEO, ensuring alignment with sustainable development goals and governance standards.
  • Collaborate with the Office of the CEO to develop the company's risk management plan and present it to the Corporate Governance and Risk Management Committee.
  • Collaborate with the Managing Director's Office to develop and report the company's risk management outcomes, and present these to the Corporate Governance and Risk Management Committee.
Risk Management Department
  • Develop and/or review risk management policies, frameworks, and acceptable risk levels, as well as the key risk management processes for the organization.
  • Provide support and expert advice on identifying the critical risk factors for each department, aligning with sustainable risk management practices
  • Monitor the risk assessment process and the implementation of risk management measures by each department or risk-owning unit, to aggregate them into organization-wide risk (Corporate Risk).
  • Developed a Corporate Key Risk Indicator (KRI) to track risk trends and monitor potential threats.
  • Prepare the organization's risk management report as scheduled and present it to the Corporate Governance and Risk Management Committee.
  • Monitor the risk management report to ensure that the risk management process is consistently applied across the organization and is aligned with the strategic plan.
  • Coordinate to integrate the risk management process with strategic planning.
  • Provide guidance to executives and staff on the proper implementation of risk management processes in accordance with the established framework.
Risk Management Working Group
  • Conduct a thorough risk analysis within the department, assess potential opportunities and the impacts of identified risks, and submit the findings to the Assistant Managing Director for approval. Upon approval, the findings will be forwarded to the Secretary of the Corporate Governance and Risk Management Committee for further consideration.
  • Attend quarterly meetings to review and approve the risk assessment results for all departments, prior to presenting them to the Risk Management Program Executive Committee for final deliberation
Business Unit
  • Identify and report risks associated with operations, contribute to the development of risk management plans, and ensure their implementation.
Corporate Governance and Risk Management Committee
List of Names Position Independent Director / Executive
1. Mr. Patarut Dardarananda Chairman of the Corporate Governance and Risk Management Committee Independent Director
2. Mr. Vitoon Tejatussanasoontorn Corporate Governance and Risk Management Committee Member Independent Director
3. Mr. Plew Trivisvavet Corporate Governance and Risk Management Committee Member Executive Director
4. Mr. Narong Sangsuriya Corporate Governance and Risk Management Committee Member Executive Director
5. Ms. Supamas Trivisvavet Corporate Governance and Risk Management Committee Member Executive Director

The company has established a Corporate Governance and Risk Committee to oversee the creation of policies, operational guidelines, and risk management strategies. This committee is responsible for proposing methods to mitigate and reduce risks to acceptable levels, as well as monitoring, evaluating, and continuously enhancing risk management plans to ensure they remain suitable and effective. The committee will regularly report the results of risk assessments and the progress of risk reduction efforts to the Board of Directors. In the event of significant issues that could substantially impact the company, the committee must promptly inform the Board for consideration, enabling the preparation of a Business Continuity Plan (BCP) to manage situations that may disrupt operations. This plan ensures that the organization can resume normal operations within an appropriate timeframe. The operations described above will be incorporated into the company’s risk management structure as outlined below:

Corporate Governance and Risk Management Committee Click to Enlarge

Systematic implementation of risk management practices

The company employs Enterprise Risk Management (ERM), a systematic process that is applicable across all organizations and industries. It identifies key risk indicators (KRIs), assesses risks, prioritizes them through a Risk Matrix, and manages them effectively. This approach allows the company to evaluate its risk appetite (the level of risk it is willing to accept) or risk tolerance (the level of risk it can endure) in order to create value for shareholders. The risk management framework provides the organization with the tools to manage uncertainty, risks, and business opportunities efficiently. The Risk Matrix helps assess the likelihood and potential impact of critical risks, and the company continuously monitors and evaluates its risk management strategies to ensure effectiveness.

Risk management is an ongoing process that begins with the management team establishing clear policies or objectives. This process is carried out through the organization’s defined risk management mechanisms, complemented by internal auditing and control systems, until the success of the objectives can be evaluated. This evaluation drives continuous improvements in the risk management process to increase its efficiency. The organization’s risk management process is therefore divided into six steps, as follows:

Risk Management Process
Systematic implementation of risk management practices Click to Enlarge
Step Provide a summary of the details
1. Defining Objectives The risk management department should have a clear understanding of the company’s business strategies and objectives in order to effectively identify and manage risks. Objectives at both the organizational and departmental levels will be defined to ensure that each level has appropriate goals or missions that align with the company’s overall objectives.
2. Risk Identification

The department responsible for managing risk will assess both internal and external risk factors. This may involve methods such as workshops, interviews, or brainstorming sessions to identify potential risks and the underlying causes that could impact the achievement of objectives, both at the organizational and departmental levels. The key approaches for risk identification are outlined.

  • Limitations or issues that have already occurred should not be classified as risks.
  • Framework for identifying and assessing risks.
  • Categories of risks that the company may encounter.
3. Risk Assessment

The designated risk management entity will assess the severity of risks by evaluating both the potential impacts and the likelihood of events that may hinder the achievement of business objectives, at both the organizational and departmental levels.

  • The risk levels for assessing the impact and likelihood of risks are categorized into five levels: Very Low (1), Low (2), Medium (3), High (4), and Very High (5).
  • The overall risk level is determined through an evaluation of both the potential impacts and the likelihood of occurrence, which are categorized into five levels: very high, high, medium, low, and very low. This classification is visually represented in a risk heatmap.
  • In accordance with sustainable development protocols, the method for evaluating risk severity should align with the table of criteria used to assess both the impact level and the probability of risk occurrence.
  • In instances where more than one criterion is employed to assess the impact level, the highest score attained should be adopted as the final conclusion.
4. Risk Prioritization The risk management entity prioritizes risks based on key factors, including adaptability to risk, complexity, speed of onset, duration, and the effectiveness of risk mitigation measures.
5. Risk Mitigation Response The agency responsible for managing risks determines the appropriate responses or risk management strategies by evaluating the significance of the risks, their acceptable levels, severity, and the associated costs and benefits. Risks deemed unacceptable are those at a moderate level or higher. In such cases, the agency must develop a risk management plan, establish risk response strategies, and implement control activities.
  • Risk responses are classified into five types: acceptance, avoidance, reduction, transfer, and pursuit. The risk owner agency is tasked with determining and executing control activities to ensure that the risk response follows the established plan. They are also responsible for monitoring and reporting the effectiveness of these controls. Furthermore, the risk owner agency must ensure that the control information in the risk register is kept up-to-date.
  • Control activities are categorized into three approaches: preventive, detective, and corrective.
6. Monitoring and Evaluation The risk-owning department is responsible for monitoring the status of identified risks and ensuring the risk register is kept up to date. This includes tasks such as risk identification, existing controls, risk assessment, risk management, and setting completion dates. After preparing the risk register, the risk-owning department must report to management. The register must then be reviewed and approved by a supervisor who holds a higher management level than the risk owner. The department should also define Key Risk Indicators (KRIs) by analyzing risk events and their root causes. The KRI results and monitoring can be effectively presented using a KRI Dashboard.

Risk Identification

Risk identification is a critical step in identifying potential risks and their underlying causes or contributing factors, considering both internal and external elements that may affect the organization’s objectives and outcomes. According to the established risk management framework, the identification process must accurately determine the root causes of risks, allowing management to develop targeted risk mitigation strategies. These strategies aim to address the identified causes of risks and reduce their impact in an effective and efficient manner. The sources of risk factors are divided into two categories, as outlined below.

Internal organizational factors
include objectives, policies and strategies, work processes, professional experience, organizational structure, and management systems.
External organizational factors
encompass government policies, economic conditions, actions of relevant agencies, external regulations, natural events, social conditions, and political factors.

Risk identification can be conducted by individuals or groups, such as management teams or relevant personnel, utilizing experience, brainstorming sessions, or questionnaires. It is crucial for the identification, description, causes, and potential impacts of risks to be clearly articulated.

The company has classified risks into five categories, considering the shared characteristics of each risk, including those resulting from interconnected risk factors or those that impact objectives in a comparable manner.

Risk Nature of Risk
Strategic Risk
 This represents a risk associated with the development and ineffective implementation of strategic plans, compounded by the misalignment between policies, objectives, strategies, organizational structure, competitive landscape, resources, and external factors. Such misalignment can negatively affect the achievement of an organization's strategic objectives or goals.
Operation Risk
 This risk arises from internal operations within the organization, including factors such as employees, work processes, infrastructure, and the potential for corruption, which could significantly affect organizational performance and alignment with sustainability goals.
Financial Risk
 This pertains to risks associated with financial liquidity, management, and financial reporting, encompassing market risks linked to fluctuations in economic factors, credit risks arising from counterparties' non-compliance with contractual obligations, as well as risks stemming from interest rate volatility and exchange rate fluctuations
Compliance Risk
 This represents a risk associated with non-compliance with applicable laws, regulations, and rules, encompassing both internal and external entities responsible for overseeing the organization's operations.
Environmental, Social and Governance Risk: ESG
 This represents a risk with potential impacts across all three domains: environmental, social, and governance, driven by the organization's activities, which are shaped by both internal and external factors.

Risk Assessment

The risks identified and recorded in the organization's risk register will be assessed to understand how the severity of each risk impacts the achievement of the company's strategic goals and business objectives. The results of the risk assessment will influence the selection of appropriate risk response strategies. Once the severity of the risks is understood, senior management will make decisions regarding the necessary resources and expertise to ensure that the risks are maintained at an acceptable level.

Benefits of Risk Assessment
  • Serves as critical data for evaluating risks in relation to risk management strategies and policies.
  • Pinpoints risks deemed unacceptable by the company.
  • Provides foundational information to inform the selection and prioritization of risk mitigation actions in alignment with strategic objectives.
Risk Assessment Using a Risk Matrix

This is the process of evaluating both the likelihood of a risk occurring and the severity of its impact in order to determine the overall risk level for each event according to established criteria. Management should prioritize risks with both high impact and a high likelihood of occurrence, addressing these first. The risk level is calculated by multiplying the scores in both categories.

Risk Assessment Using a Risk Matrix Click to Enlarge
Likelihood Impact
  • Establish a time frame for assessing potential risks. It is crucial not to overlook risks that could arise over the long term.
  • The potential for this can be demonstrated through multiple approaches, including

    o Qualitative/Frequency: "The likelihood of an event or situation arising that may impact business objectives [within a defined timeframe, such as 12 months] is estimated to occur once every 12 months."

    o Quantitative: "The probability of an event or situation occurring that could impact business objectives [within a specified timeframe, such as 12 months] is 25%."

  • Provide an explanation of the potential risks, categorized from level 1 to level 5, with an emphasis on their likelihood and impact.
 Select the criteria to be used by considering both financial and non-financial factors, ensuring alignment with the organization's objectives and performance evaluation.
The likelihood and impact of potential risks will be evaluated and categorized on a scale from 1 to 5, as detailed below
The likelihood and impact of potential risks Click to Enlarge
Enterprise Matrix Click to Enlarge
Overall Risk Assessment
Risk Evaluation Score Score Strategic Risk Management
Very High 20-25 The company must promptly evaluate and implement appropriate risk management strategies or enhance internal control mechanisms to ensure robust governance and operational resilience.
High 13-19 The company must promptly assess and implement appropriate risk management strategies or enhance internal controls with urgency, ensuring these measures are prioritized immediately below the highest risk category.
Medium 7-12 The company is required to evaluate and implement additional risk management measures as deemed appropriate, ensuring that these measures are prioritized after addressing high-risk factors. Furthermore, strict adherence to existing internal control frameworks is essential to mitigate potential financial, operational, or environmental risks that may
Low 4-6 The company does not presently require the implementation of additional risk management measures. However, it is essential to ensure continuous monitoring and reinforcement of internal control systems to uphold corporate governance standards and
Very Low 1-3 The company does not presently require the implementation of additional risk management measures. However, it is essential to ensure continuous monitoring and reinforcement of internal control systems to uphold corporate governance standards and

The risk management division should collaborate with senior executives to develop standardized criteria for risk classification and propose assessment methodologies for evaluating risk probability and impact. These criteria should be submitted to the Corporate Governance and Risk Management Committee for review and approval. Additionally, overall risk exposure should undergo periodic reassessment to ensure continuous alignment with dynamic business conditions and regulatory expectations.

Risk prioritization

Risk prioritization is essential for organizations to make informed decisions regarding risk response strategies and the optimal allocation of resources. This process typically involves both quantitative and qualitative assessments, including factors such as the probability of risk occurrence, potential impact, the uncertainty surrounding the risk, and the organization’s risk tolerance. The severity of risks is compared with the organization’s predefined acceptable risk level, with risks nearing this threshold being deemed more critical. Various relevant factors determine the prioritization of risks, such as:

  • The organization's capacity to adapt to and manage risks effectively, ensuring long-term sustainability in the face of challenges : The organization's ability to effectively adapt to and respond to risks, incorporating strategic planning and resilience measures aligned with sustainability goals.
  • Complexity : The scope and nature of risks impacting an organization's success, particularly the risks associated with dependence on external organizations for business operations, often contribute to an increase in operational complexity.
  • Speed : The rapid emergence of risks can have a significant impact on an organization. Such speed may cause deviations in the organization's performance from the accepted standards of operational efficiency, affecting its alignment with sustainability goals and ESG criteria.
  • Duration of Risk Impact on the Organization : Describes the period during which risks (such as environmental, financial, or social) influence the organization’s performance and sustainability goals, often analyzed in ESG-related assessments.
Risk Response Strategy

Management is responsible for selecting and implementing risk response strategies that are appropriate for all identified risks. The evaluation of risks will consider their severity and prioritization, as well as the business context and objectives of the organization. Furthermore, the risk response approach will be aligned with the operational goals of the organization. This process adheres to the COSO ERM 2017 framework, ensuring a structured and comprehensive approach to risk management.

The process of determining risk response strategies is initiated after the organization has identified and assessed its risks. It is essential that these risks be managed to minimize their likelihood of occurrence and mitigate their potential impact to levels deemed acceptable by the organization. This should be achieved through the implementation of the most appropriate and cost-effective risk management strategies. The reduction of residual risks can be accomplished by developing additional risk management plans or by avoiding activities that give rise to these risks, ensuring alignment with sustainable development goals (SDGs) and environmental, social, and governance (ESG) objectives.

In evaluating the inherent risk and existing control measures, residual risk persists. Consequently, it is imperative to manage the residual risk to ensure it remains within an acceptable threshold, aligning with established risk management frameworks

Assessment of strategies for mitigating risks
Assessment of strategies for mitigating risks Click to Enlarge
Risk Appetite

The company establishes a clear risk appetite, defining both the types and overall level of risk it is prepared to assume in alignment with its strategic objectives, mission, and business vision. This approach aims to create long-term sustainable value while ensuring responsible corporate governance. The risk appetite is determined by the executive management team, reviewed by the board of directors, and serves as a guiding framework for strategic decision-making. By integrating risk considerations into corporate strategy, the company assesses both financial and non-financial performance objectives while implementing measures to effectively manage uncertainties, ensuring resilience and sustainable growth in line with ESG principles and SDG targets. The company has identified the following acceptable levels of risk.

Investments should be avoided in countries with political and economic instability or where there is an inadequate understanding of risk management, as this may compromise long-term sustainability and financial resilience.
The company is committed to conducting business in a manner that contributes positively to society and fosters long-term sustainability. This commitment must not disrupt business operations and requires strict adherence to all relevant laws and regulations.
The company is committed to conducting business in a manner that contributes positively to society and fosters long-term sustainability. This commitment must not disrupt business operations and requires strict adherence to all relevant laws and regulations.
We do not invest in projects where there is an insufficient understanding of risk management or where the necessary capabilities and resources for effective implementation are lacking.
The company refrains from participating in bids for projects with a low internal rate of return (IRR) or those characterized by intense price competition, ensuring sustainable investment strategies and financial viability.
The company acknowledges the value of establishing business partnerships. However, such collaborations must uphold product and service quality standards and must not negatively impact the company’s corporate reputation, ensuring alignment with sustainable business practices and stakeholder expectations.
Risk Monitoring

A structured risk monitoring and reporting framework facilitates a comprehensive understanding of the interrelationship between risk, corporate culture, and organizational performance across all levels of personnel. This process enhances strategic decision-making, strengthens corporate governance, and ensures greater integration between operational activities and overarching business objectives.

Risk Monitoring Nature of Risk
Risk Management Reporting
 The results of risk management facilitate the identification and assessment of emerging risks, enabling executives to evaluate their potential impact on strategic and operational objectives. This process ensures the effective implementation of key risk management measures and mandates the reporting of any critical incidents. Additionally, it reinforces corporate governance by providing the board of directors with assurance that the organization’s overall risk exposure aligns with its long-term strategic direction.
Risk Register
 The Risk Register is a structured document that systematically records and evaluates organizational risks. It details risk descriptions, current mitigation measures, assessed residual risk levels, designated risk owners, and strategic risk management plans. This register serves as a critical tool for risk oversight, ensuring proactive risk governance in alignment with sustainable development and ESG principles.
Risk Heat Map

The risk diagram is designed to offer a high-level overview of identified risks and their prioritization. As a key analytical tool, it is utilized for:

  • Communicating the results of qualitative risk assessments in a structured manner
  • Mapping the relative positioning of various risk factors for comparative analysis
  • Providing a rationale for the overall risk assessment, ensuring alignment with risk governance frameworks
Key Risk Indicators: KRIs

Key Risk Indicators (KRIs) are essential tools in risk management, providing early warning signals to pre-emptively address potential risks before they materialize. These indicators play a critical role in evaluating:

  • The effectiveness of risk mitigation strategies within corporate sustainability frameworks.
Reporting Risk Management to the Board of Directors

The company has established a formal process for reporting the outcomes of its risk management practices to the relevant stakeholders, as outlined below:

  • The meeting of the Corporate Governance and Risk Management Committee In accordance with the company's risk management framework, the remaining risk assessment results will be reviewed and approved quarterly. A comprehensive meeting report will be prepared for the board of directors' acknowledgment and further action.
  • The meeting of the project management team for risk management To periodically review, track, and assess the outcomes of risk evaluations on a quarterly basis, with the Secretary of the Corporate Governance and Risk Management Committee, in collaboration with the Office of the Chief Executive Officer, acting as the coordinating body to present the findings to the Corporate Governance and Risk Management Committee for approval consideration.
  • The meeting of the Risk Management Task Force To ensure the regular review, monitoring, and evaluation of risk assessment outcomes on a quarterly basis, the Secretary of the Corporate Governance and Risk Management Committee, in collaboration with the Office of the CEO, will serve as the coordinator for reporting results to the Risk Management Executive Committee and the Corporate Governance and Risk Management Committee. These committees will then provide approval and further consideration, in alignment with governance and risk management frameworks, for ongoing compliance with sustainable development goals (SDGs) and environmental, social, and governance (ESG) standards.

Emerging Risk

The construction industry is confronted with an array of emerging risks, encompassing legal, technological, climatic, economic, and supply chain-related challenges. Effective risk management necessitates a holistic approach, integrating strategic planning, the adoption of technological innovations, and ongoing capacity-building of human resources. Such an approach is essential for maintaining competitiveness and achieving long-term sustainability in business operations. The two most significant emerging risks identified by the company for 2024 are:

Economic Recession, Geopolitical and War Risk
Risk Characteristics: The ongoing global conflicts and economic slowdown, coupled with inflationary pressures and the rising interest rates, present significant challenges for sustainable development and financial stability.
Risk Impacts:
  1. Delays in the implementation of government investment plans have hindered the ability to engage in competitive bidding for new projects.
  2. The cost of construction materials and specialized machinery that must be imported has increased, driven by rising international prices.
  3. Volatility in foreign exchange rates has significantly impacted costs, particularly for imports, adding financial strain to projects reliant on foreign currency transactions.
Risk Management Strategies:
  1. Continuously track market conditions, economic developments, and relevant events to adjust strategic plans in accordance with the prevailing market trends and economic environment. This includes evaluating potential investments in emerging markets, safeguarding company liquidity, and deferring investments that do not generate meaningful economic returns.
  2. Ensure construction costs remain within budget, such as by monitoring fluctuations in the cost of construction materials, machinery, and equipment systems dependent on international suppliers. Evaluate delivery schedules, insurance costs, tax rates, and establish contingency measures for securing alternative suppliers with comparable qualifications, as well as exploring alternative transport solutions to meet project deadlines.
  3. Align foreign currency revenues and expenses (Matching Cost) and employ foreign currency forward contracts to mitigate exchange rate risks (Forward Contract).
Climate Regulation and Climate Action Risk
Risk Characteristics: Recent legal reforms aimed at advancing environmental cooperation are influencing corporate strategies and the potential economic benefits available to businesses. Failure to comply with these regulations could result in diminished access to both economic advantages and vital funding opportunities. Additionally, government policies and regulatory frameworks set by stakeholders, such as the Carbon Border Adjustment Mechanism (CBAM), may lead to increased product costs within the supply chain. It is imperative that companies remain attuned to these developments, as proactive adaptation will enable them to maintain sustainable business operations in alignment with broader sustainability goals.
Risk Impacts:
  1. The management of construction and financial costs has increased as a direct consequence of the implemented policy.
  2. Tax-related exclusionary measures.
Risk Management Strategies:
  1. Enhance the efficiency of the production process, aligning with sustainable development goals and ensuring optimal resource utilization in accordance with ESG standards
    • Minimize waste generation during the construction process by effectively managing design and production procedures. Ensure the selection of materials and appropriate quantity determination aligns with efficient inventory management, reducing unnecessary procurement or excessive stock that does not align with the project’s operational needs. This includes construction materials such as structural steel, concrete, formwork timber, PVC piping, chemicals, and surface coatings, among others
    • The machinery and vehicles employed in construction undergo regular inspections to ensure optimal performance. In addition, rental equipment is selected based on its relatively low age to reduce fuel consumption
  2. Examine the development of innovative energy technologies that can be implemented in corporate settings, including electric vehicles and other sustainable transportation solutions.
  3. Implement energy-saving initiatives at the corporate headquarters and across all associated projects
  4. The adoption of alternative energy solutions, including solar panels (solar power), serves as a complementary strategy to reduce electricity consumption within the office spaces of construction projects. Additionally, measures are implemented to minimize paper usage, ensuring optimal efficiency in resource utilization.
  5. Develop a sourcing and materials management plan by diversifying suppliers to mitigate the risk of over-reliance on a single vendor, and by securing long-term purchase agreements to lock in prices and hedge against potential future price volatility. Additionally, optimize inventory management to reduce storage costs and prevent material shortages.

Enhancing the organization’s Risk Culture

Framework for fostering a risk management culture across the organization

The company is committed to fostering a strong risk management culture throughout the organization by integrating risk considerations into its core values. To ensure alignment with these values, structured communication initiatives have been implemented to enhance collective understanding and risk awareness. A centralized knowledge management system has been established to facilitate access to information, promote knowledge sharing, and support collaboration between risk owners and the risk management function. Risk factors are embedded within the organization’s development framework, driving the continuous enhancement of risk management processes to serve as an effective mechanism for strategic decision-making. Furthermore, risk management performance is incorporated into the organization’s key performance indicators (KPIs), reinforcing accountability among both designated risk owners and the broader corporate structure.

Provide comprehensive training on risk awareness and risk management to personnel across all organizational levels

To promote organizational culture, the company has organized training on risk and risk management for directors, senior executives, and employees. The purpose is to ensure understanding of the risk management framework and individual responsibilities in managing and communicating risk-related information. Organizational training should take into account key issues, including

  1. Differences in levels of responsibility in risk management
  2. Existing knowledge of risks and risk management within the organization
  3. The need for all new employees to be trained so that they understand their responsibilities regarding risk and the risk management process.
Risk Training and Communication in 2024
Board of Directors: The Board of Directors of CH. Karnchang attended risk training sessions conducted during meetings, where external speakers provided knowledge on sustainability risks (ESG Risk) in accordance with the International Financial Reporting Standards (IFRS).
Executives: Executives of CH. Karnchang participated in risk training through a strategic project management course designed to enhance their skills in project risk management and conflict resolution within projects.
Employees: CH. Karnchang disseminated risk-related information through brochures and infographics to raise awareness among employees throughout the company. In addition, CH. Karnchang conducted specific risk training for departments directly involved with risk management.
Crisis Management and Business Continuity Framework

The company has established a Business Continuity Plan (BCP) to mitigate risks that may disrupt its operations, including those catastrophic events arising from fires, natural disasters, terrorism, and other unforeseen events. This plan also encompasses comprehensive strategies to manage public health risks, such as the spread of infectious diseases like the coronavirus disease 2019 (COVID-19), ensuring continuity in line with sustainable development goals and public health standards by creating scenario planning and having in place response plans.