Risk and Crisis Management
Challenges and Commitments
GGC foresees the current trends of global changes which create new risks and opportunities that may impact our future business operations, such as the development of technology that affects human life and behavior, climate change, and emergence of new epidemics, etc.
Therefore, GGC places importance in a systematic risk management within the organization while continuously taking into account both internal and external business environment that may affect our operations in order to identify potential risks and problems. As a result, GGC is able to cope with challenges in a timely manner and drive the organization to achieve goals with maximum efficiency.
Key Stakeholders
Employee
Shareholder, Investor and Analyst
Goals
business goals and long-term corporate strategies.
to reduce impact to an acceptable and appropriate level.
Management Approach
Guidelines for Risk Management and Internal Control
GGC has appropriate risk management and internal control guidelines that are in line with international standards, namely COSO (The Committee of Sponsoring Organization of the Treadway Commission) 2017 and ISO 31000 standards in order to achieve the objectives of effective internal control in the area of operation, as well as accuracy and completeness of the report and compliance with the law and relevant rules for conducting business, which will help support the work of the Company and ensure accuracy, transparency, achieve the Company's objectives, and respond to the expectations of stakeholders who expect the organization to conduct business with transparency, ethics and social responsibility. The Company, therefore, attaches great importance to (Governance, Risk Management and Compliance (GRC) to promote business operations with stability and sustainability and meet the expectations of key stakeholders.
GGC has established a unit responsible for supervising and monitoring the internal control system to ensure its efficiency on a regular basis in order to operate efficiently. The generated reports are accurate, reliable, and the operations are in compliance with relevant laws and regulations. The Company is able to protect its assets from the misuse of authorized persons and those involved, including sufficient transactions with persons who may have conflicts of interest and connected persons. Furthermore, the internal audit department has reviewed the internal control system of the Company, according to the risk-based audit plan.
In addition, GGC emphasizes through risk assessment At least twice a year or more frequency so that risk management and internal control are in line with corporate governance principles and the good practices of the SEC, as well as the best practices of the Company Group, while increasing the efficiency of internal control according to international standards to achieve the objectives of internal control in all 3 aspects, namely Operation, Reporting, and Compliance. The Risk Management Committee Supported and suggested the risk and control self-assessment (RCSA) development process in order to increase the efficiency of internal control and create understanding of operators in carrying out activities. The committee can assess the key points of the internal control process and assess work process risks, as well as implement a risk culture promotion program for employees at all levels within the organization.
Risk Management Structure
First Line:
Corporate Risk Management and Internal Control and Risk Owner/ Risk and Internal Control Coordinator, which is considered as part of the Operational Level, are responsible for implementing risk management guidelines, identifying and assessing risks, following up on risk operations, and preparing a regular report to present to the management at least once every 2 months in accordance with the Corporate Strategy for Enterprise Risk Management.
Second Line:
The Internal Control, Corporate Risk Management, Corporate Governance, Corporate Compliance, and other support divisions constitute the second line of defense, responsible for managing and supporting other functions to meet established standards.
Third Line:
The Internal Audit Function of GGC operates independently of business lines and reports directly to the Audit Committee. Its primary role is to provide independent assurance of other functions to ensure proper and suitable implementation of internal controls and to strengthen corporate governance and risk management. Quarterly reports are then forwarded to the Board of Directors for review Risk Management Process.
GGC manages risks and improves internal controls along with strategic management for the business operations to meet the strategic objectives and key objectives of the organization within an acceptable risk level. This covers risk management in terms of quality, security, safety, occupational health and environment, Human Rights, Labor Rights, Compliance with relevant laws, rules and regulations and Anti-Corruption, while responding to stakeholders in a fair manner, by analyzing the business environment, covering both internal and external factors that may affect the Company's current business operations. In addition, GGC requires risk assessment along with strategic planning, investment, and business planning in order to conduct business in accordance with the annual corporate goals, both Short-Term and Long-Term goals. Furthermore, GGC implements measures to prevent the impact that has been defined to control the level of risk to an acceptable level, as well as conduct Root Cause Analysis in case of non-compliance with the plan.
Risk Management Process
The risk management process consists of three steps, which are the following steps:
1. Risk Identification and Assessment
GGC takes into account various types of risks, including corporate, operational, and emerging risks, in accordance with the COSO Standards (The Committee of Sponsoring Organizations of the Treadway Commission). GGC has employed various risk management tools to analyze, evaluate, and establish a comprehensive risk management framework. This involves conducting thorough analyses of the business environment based on internal and external factors, determining risk tolerance, carrying out risk assessments, and prioritizing risks using a risk map (based on likelihood and impact ratings).
2. Risk Mitigation
GGC has appointed the Corporate Risk Management and Internal Control and the Risk Coordinators (Risk Owners) responsible for risk identification and assessment. They have also established a plan to mitigate risks according to their risk appetite and have determined Key Risk Indicators (KRIs). Additionally, GGC has adopted Sensitivity Analysis, Scenario Planning, and Stress Testing to assess the impact of risks under different scenarios, covering potential financial and non-financial risks. Furthermore, GGC has laid out preparation measures and a process to continuously monitor situations and trends of six external factors based on the PESTEL Analysis Framework.
3. Monitoring and Review
GGC has established that risk management is overseen and tracked by the Risk Management Committee and audited by the Internal Audit, with the findings reported to the Audit Committee. The company mandates regular monitoring and reporting of risk management performance at all levels, including corporate, business groups, business lines, business units, and subsidiaries.
Risk Management Process Audit
GGC has defined that risk management audits shall be conducted by internal audits as follows:
- The Internal Audit audits key risks that affect operations, provides recommendations on internal control to management, determines corrective actions according to the recommendations, and reports the audit results to the Audit Committee on a regular basis.
- Audit and monitor the efficiency of machinery/equipment monthly by fully complying with the equipment inspection standards.
- Audit operational management results of utility system service providers to assess risks and collectively seek risk management methods.
Risk Culture
Risk Management Training
In order to improve GGC's risk management corporate culture, the company provides its employees with expert guidance on enterprise risk management. This training involves the Board, Executives, and all levels of employees, making risk management a part of everyone's job description. This approach promotes better knowledge and understanding of corporate risk management, ultimately leading to increased effectiveness. As well as encourage all employees’ awareness of risk culture by conducting the following projects:
For more about our risk and crisis management program, see the 2024 Integrated Sustainability Report at Integrated Sustainability Report 2024
- Risk Training Workshop for Non-Executive Directors through IOD (Thailand Institute of Directors) Training under a Risk Management Program for Corporate Leaders Course (RML). GGC has sent Non-Executive Director namely Mrs. Kannika Ngamsopee, the Independent Directors and Chairman of Risk Management Committee, to attend the program, which is designed for Board of Directors, Risk Committee and C-Suites to understand about their roles in overseeing different types of risks which also include risks arising from opportunity management and business crises. The program reflects through the perspectives of corporate leaders who are responsible for supervising and monitoring the work of executives who directly manage the risks.
- Risk Awareness Training for Providing Knowledge to the Board of Directors in Sustainable Business Practices to equip the Board of Directors with the knowledge to recognize and manage sustainability-related risks—including climate change, regulatory shifts, stakeholder expectations, and reputational impacts. By integrating environmental, social, and governance (ESG) considerations into risk management frameworks, borad of directors can make more informed strategic decisions that safeguard long-term value and corporate resilience. The training featured speakers with expertise and experience in capital market research and who served as an advisor to the United Nations and other organizations related to economic development in the Asia-Pacific region. 11 board members who participated in the training, of which 10 were non-executive directors.
- Risk Management Workshop for Top Management Project: to increase efficiency and understanding of risk management at both the operational and corporate levels for top management executives.
- Risk Awareness Training Refreshment to raise awareness and increase risk management efficiency of employees at all levels, as well as internal control/ to exchange risk issues arising from each department within the Company.
- Risk and Control Self-Assessment (RCSA) Project to ensure that the involved board of directors, executives and employees effectively manage risk and internal control, build confidence and credibility in financial reports, ensure property protection, and comply with relevant laws and regulations of the Company.
- Business Continuity Plan (BCP) Project to prepare for incidents, reduce the impact on business operations, and enable employees at all levels in the business continuity planning (BC Team) to understand their roles and responsibilities, according to the guidelines set forth in the business continuity plan with efficiency.
- GRC Day is a day event to train employees in corporate governance and organizational risk culture. The training on risk management include: Risk identification, Risk assessment, Risk Response and Risk Monitoring and internal Control.
Incorporation of Risk Criteria in Product Development
GGC incorporates risk criteria into its business and product development process to align with corporate strategy and business direction. This includes new projects and products (organic growth), joint investment projects (JV Organic Growth), mergers and acquisitions (M&A), and investment in product research and development. Additionally, risk assessment is an essential part of the initial business development activity. Regarding business Development involving joint ventures and organic growth, GGC conducts a comprehensive feasibility study, financial model analysis, financial investments, license agreements, and project risk assessment. As for the product development process, project risk assessment is conducted in accordance with project development guidelines. Risk Management Department is required to engage in consultations with the Business Development Department as necessary.
Incorporate Risk Management Metrics in Financial Incentives
The Corporate Key Performance Indicators (KPIs) serve to establish metrics and targets, which are subsequently integrated into risk management metrics. These metrics encompass various perspectives, including strategy, business operations, and financial targets, aiming to foster a robust risk culture across the entire organization. The Risk Management Metrics embeds in Corporate KPIs of TRIR and Process Safety Events.
Emerging Risk
GGC has focused on analyzing potential emerging risks that may affect business operations in the next three to five years, as well as establishing measures to prevent various impacts in order to control the risk level to an acceptable level.
| Biodiversity Loss from Palm Oil Plantation | |
|---|---|
| Category of Risk | Environmental |
| Sources of Risks | Macroeconomic Factor |
| Risk Description |
The global economy relies heavily on biodiversity for business operations, particularly in sectors such as agriculture, forestry, fisheries, and the food and beverage industries. Conversely, various business activities are also major contributors to biodiversity loss. For instance, the cultivation of oil palm as a monoculture crop leads to deforestation, resulting in reduced biodiversity. This, in turn, affects the environment, local communities, and other agricultural practices. As a result, biodiversity has become a globally significant issue. One of the key topics at the 16th Convention on Biological Diversity (CBD COP) in 2024 is the transition of the Biodiversity Plan into actionable measures at the national level. This has prompted many countries, including Thailand, to begin considering regulations aimed at preventing and mitigating the escalating biodiversity crisis. Examples include the EU Deforestation Regulation (EUDR), which screens imported products into the EU to ensure that they do not have deforestation-related impacts. Additionally, Thailand has promoted biodiversity conservation and restoration based on the Sufficiency Economy Philosophy through its 20-Year National Strategy, as well as related policies, plans, and legislation, especially the implementation of the BCG Model and goals aimed at restoring critical ecosystems. For the aforementioned reasons, GGC may face risks in financial performance, competitiveness, and reputation if it engages in irresponsible palm oil cultivation without effective management of a sustainable and traceable supply chain since palm oil is a key raw material in the Company’s production processes. In 2024, GGC utilized over 4 hundred thousand tons of palm oil raw materials and derivatives annually. |
| Possible Effects |
With increasingly stringent biodiversity-related regulations and standards, GGC faces significant risks if it lacks an effective supply chain management system and fails to prepare for new regulations, such as the EU Deforestation Regulation (EUDR). Potential impacts include revenue loss due to shortages of high-quality, traceable raw materials, reduced profit margins from rising palm oil raw material costs, and higher production expenses stemming from additional processes, such as supply chain traceability verification. Furthermore, the inability to comply with EUDR requirements could result in diminished competitiveness in global markets. Additionally, GGC may face reputation risks if its supply chain is linked to unsustainable palm oil cultivation or activities that harm biodiversity, such as deforestation to expand palm oil plantation areas. |
| Mitigation and Opportunities |
|
| Risk of Raw Material Shortages | |
|---|---|
| Category of Risk | Natural Resource Shortages |
| Sources of Risks | Marketing Factor |
| Risk Description |
China produces and uses a significant amount of fatty alcohol in manufacturing, leading to a global increase in palm oil prices. China imports palm oil from Indonesia and Malaysia, the world’s two largest palm oil exporters. Indonesia, however, is expected to reduce its palm oil exports due to a policy mandating an increase in the domestic biodiesel blend from 35% in 2024 to 50% in 2028. This will drive up both demand and prices for palm oil in the global market. As a result of this situation, China may seek additional palm oil supplies from Thailand. This poses a risk for companies in Thailand including GGC that use domestically sourced palm oil, as they could face raw material shortages due to increased international demand. |
| Possible Effects |
GGC may be impacted by increased palm oil demand from China, resulting in lower profits due to higher production costs from rising palm oil prices. Additionally, GGC may face raw material shortages, preventing it from meeting customer demand, leading to reduced revenue or potential penalties for breaching customer contracts. |
| Mitigation and Opportunities |
|