SUTHAKAN :: บริษัท สุธากัญจน์ จำกัด (มหาชน) :: Golden Lime Public Company Limited

Risk Business Continuity and Crisis Management

Risk Management Policy

Under a fluctuating, complicated and constantly changing business operational environment, the risk management system is considered an important device for SUTHA in setting its directions, strategizing and operating its business, leading to continuing enhancement of capability, increase of business opportunities and improvement of operation procedures. It will also enable SUTHA to achieve its overall goal and create additional values for the shareholders and related parties. The Company defines risk management as part of the organization culture in its operation and requires its staff at all levels to take shared responsibility in the Company’s risk management.

1. Objective of Risk Management

To adhere to international standards of risk management and consider it as part of SUTHA’s processes for decision making, strategizing, planning and operating
To define measures and directions for risk management within the organization’s acceptable level by considering measures to reduce the probability and/or the impact of such risks, leading to achievement of the organization’s defined objectives on the organization level and the unit level
To enable the Company to identify unexpected risks or crisis and instantly and appropriately react to such situations to reduce damage to the organization
To inform the Executive Committee, the Audit Committee or delegated risk managers, and the Board of Directors of significant risks, risk trends and overall risk situation, in order to enable efficient and effective management of SUTHA’s risks
To urge all concerned to identify, evaluate and regularly operate risk management particularly in all events, activities and duress or any important projects which procedures have never been carried out or important internal changes based on risk appetite and the practice ability under appropriate capital
To communicate and educate employees to develop understanding and sense of responsibility of risk management

2. Scope

The Risk Management Policy will take effect in all operational processes of the Company and all levels of the employee including Executives shall operate in accordance with this policy and framework of the Risk Management of SUTHA

The structure of Enterprise risk management brings together executive-level risk owners to manage the entire scope of an organization's risks more effectively by cooperatively identifying and managing business risks and their cross-functional impacts. SUTHA Risk Management structure starts with the Board of directors approving risk management framework, appointing relevant subcommittee to supervise and perform their duty prescribed in its charter. The Risk Management Committee: RMC is also appointed by the Board of directors to supervise, control, and monitor implementations of the organizational risk management plan and supervise all business unit to carry out their responsibilities in accordance with requirements, manuals, standards of practices, including compliance with the law.

3. Risk Management Policy

The Board of Directors appointed the Risk Management Committee, which consists of the Board members and Executives, to manage the enterprise risks threatening ESG sustainability development, crisis management for business continuity. The Risk Management Committee will regularly meet with the Executives and head of departments, including setting up the sub-meeting to supervise the related matters that affect the continuity of the Company’s business operation. The Risk Management Committee realizes the importance and necessity to adopt the risk management system under international standards for its administration when the risks or problems are identified. To achieve that goal, the Company set-up the Risk Management Policy under the framework as follows;

Define risk management as a responsibility for all employees at all levels to be aware of operational risks including sufficient and appropriate risk management in sustainability development, crisis management for business continuity.
Encourage employees at all levels to embrace risk assessment and management in all critical operations and investment projects as well as continuously develop to create a risk management culture throughout the organization for confidence among the shareholders and SUTHA’s stakeholder.
Support the corporate use of technology for corporate and sustainability risk management and report on the risk management to be examined by the committee or those appointed to ensure efficient risk management.
All risk that impacts corporate achievement and business continuity shall be
4.1) Identified in a timely manner
4.2) Assessed with regard to likelihood of occurrence and the its impact
4.3) Treated such risk in a manner that is in line with the Company’s Risk Management Framework with regards to costs and benefits of the treatment
4.4) Monitored to ensure that they are appropriately managed
4.5) Reported all high-possible risks which may affect the Company’s business sustainability plan and financial corporate strategies to the Risk Management Committee or Audit Committee or Board of Directors
For more details of the guidelines and Risk Management Framework, please go to the Company’s website and click Good Corporate Governance for Sustainability and see in topic Risk and Crisis Management.

4. Scope of Duties and Responsibilities

Related Persons	Duties and Responsibilities
Board of Directors (BOD)	Approve the Risk Management Policy / Charter / Report including understanding all possible risks that may affect the business operations in various terms and ensure that there are effective measures to manage such risks
Audit Committee (AC)	Ensure that there is a sufficient internal control system to manage the risks entire the organization Supervise and monitor the risk management independently Follow-up the effectiveness of the Internal Control Auditor’s operation Report to the Board of Directors and Shareholders for the internal control audit result Give opinions or communicate with the Risk management Committee in order to understand the potential risks that related to the internal control system
COMEX	Ensure efficient operating performance to attain corporate goals. Verify and assess risk management performance
Risk Management Committee (RMC)	Establish and review the Risk Management Policy and the guidelines to manage the Company’s business crises. Drive all risk management implementation practices; risk assessment, risk treatment, identifying emerging risks Determine Risk Appetite aligned with corporate strategy and value. Supervise and support the implementation of enterprise risk management to be in line with the sustainability business strategy, internal controls, ESG risks including the crises and changes that may affect the business operations Suggest and follow-up to evaluate the potential risk management including the guidelines or the measure of prevention, control or mitigation (Mitigation Plan) for the development of risk management system continuously. Supervise to assign the Management to implement the ESG risk and enterprise risk management plan to minimize the impact including follow-up, review to ensure sufficient and appropriate organizational risk management plan. Support and develop ESG risk and enterprise risk management to cover all levels both internal and external as well as to build relationships with relevant Stakeholders to jointly to mitigate risk impacts that may affect the business. In the case of any significant strategic risks, financial risks, critical operational risks , the Risk Committee shall report to the Board of Directors and the management. For example, if there is an urgent matter it can be reported via email
Managing Director	Allocate needful budget in implementing risk management. Monitor enterprise risks to ensure effective and appropriate measures. Monitor strategic risks, ESG risks, financial risks, core operational risks, emerging risks affecting the sustainability development. Promote the Risk Management Policy and ensure that the policy is being implemented and followed in every unit
Deputy Managing Directors	Follow-up the potential risk for strategy and operation and ensure that there are effective and appropriate measures to manage such risks Promote a culture of risk management and ensure that all managers are aware of risk management to assess risk issues in their area of responsibility and create such risk treatment to protect both internal and external stakeholders.
HR Department	Establish practical communication in building a risk-aware culture to all employees by providing them knowledge and clear practices to apply risk management practices into the everyday routines of all employees.
Manager or Head of Department	Study the enterprise risk management manual to be able to guide and monitor subordinates to implement correctly. Ensure efficient risk assessment, risk treatment, risk mitigation to prevent impact to the business. Report and regularly assess risk issues in complete, on time manner. Promote and raise awareness of ESG risk and enterprise risk
Management	Departmental chiefs appointed by the AC to assess internal controls efficiency, identify and annually asses enterprise risk
Supervisor and Employees	Identify and report the risk to the supervisor and actively involve in the formulation of a risk management plan and implementing
Internal controls representative	Prepare the internal control system audit plan and coordinate with external auditors. Report the results of the internal control system audit to the Audit Committee.
Internal Audit	Review the effectiveness of internal controls by an annual internal controls system audit of key business processes and monitoring the rectification of any deficiencies
Auditor	Review, verify, prepare financial report
Risk Owner	Follow the risk management procedure to ensure that risks are properly managed
Employees	Follow risk management policy and practices to manage risks related to duties and responsibilities and evaluate both internal and external factors to assess risks to establish timely risk treatment

5. Definition of Risks

RISK	:	is defined as various uncertain circumstances that result in negative impact to the operation and obstruct the defined objectives of SUTHA
RISK MANAGEMENT	:	is defined as the process of identifying, evaluating and managing risk within an acceptable level and within the boundary as defined by SUTHA, in order to ensure the achievement of defined objectives and strategic goals, as well as creating business opportunities for SUTHA
SUTHA RISK MANAGEMENT SYSTEM (RMS)	:	A system designed to aid in the identification and appropriate management of risks in business operation for SUTHA
CORE COMPETENCE LEVEL	:	A level of understanding where compliance and ethics requirements are understood and an individual’s key risks and controls are identified and managed. This level of understanding also includes recognition of an individual’s High Consequence Risks and placing priority on managing them first
ASSURANCE PLAN	:	Activities or plans as needed to ensure continuous improvement of risk assessments and analysis systematically
CONTROL RISK	:	Measures, process, procedure or any action taken by the Company to enhance management of risks to increase the effectiveness of risk management including increasing the chance to implement follow the risk management framework
INHERENT RISK	:	The risks presented before a control or risk management is applied
MUST	:	Mandatory requirements for the Company in compliance with laws and regulations
HIGH CONSEQUENCE RISK	:	Risks that if left unmanaged or ineffectively managed could significantly impact or threaten the continued operation of a business, facility, or strategic platformer have serious harm to people, a significant environmental event, criminal prosecution, or significant reputational damage
REPUTATIONAL RISK	:	Potential negative impact on a business or brand resulting from adverse publicity as a consequence of unsolicited publicity in the event of a violation of the law or a legal dispute
RESIDUAL RISK	:	The risk that remains after a control is applied

Download

Name	:	Business Risk Factors
Size	:	725 KB
Type	:	pdf

Download

Other

Previous Year's Risk Report.

Information Security Policy

Financial Policy

Credit Term Policy

The Anti Money Laundering Policy

BCP and Crisis Management Policy

Business Continuity Policy

SUTHA aligns its corporate governance with the sustainability framework by establishing management processes that support ongoing business operations. The Company implements risk management and emergency preparedness measures, as well as plans to mitigate potential impacts on property, equipment, and information systems. Additionally, SUTHA safeguards stakeholder interests by protecting technological systems and maintaining a strong reputation to foster trust in its corporate governance system for sustainable business development.

The Company has also implemented a Business Continuity Policy (BCP) that outlines specific guidelines for ensuring business continuity.

Develop and implement a systematic process to determine and evaluate the potential effects of an interruption to critical business operations
Plan and prepare strategies to effectively manage crises and emergencies.
Establish a robust business management structure to ensure the continuity of various processes. This includes overseeing the development of crisis management plans and emergency response protocols. These plans should be systematically prepared, reviewed, and readily available for implementation. Regularly assess operations to ensure uninterrupted functioning.
Foster a culture of continuous learning and support for personnel at all levels. Empower them with knowledge, understanding, and awareness of effective business management practices to achieve organizational goals.
Encourage all departments to consistently adhere to business management guidelines. Emphasize the importance of regularly reviewing and enhancing plans, and actively practicing them until they become ingrained in the organizational culture.
Foster collaboration and participation among executives, employees, and staff at all levels to collectively execute various processes and activities. This collaborative approach promotes the attainment of business objectives and facilitates sustainable growth.

Business Continuity Policy

Download

Name	:	Business Continuity and Crisis Management Policy
Size	:	967 KB
Type	:	pdf

Download

Risk Management Plan and Report

Economy	Environment	Social
Corporate Governance Code of Conduct and Anti-Corruption Risk Business Continuity and Crisis Management Corporate Compliance Governance Policy Identification of important business issues (Materiality) Customer relationship management Supply chain management Tax action Business and social innovation	Environmental disclosure and management Energy Management and effective utilization of resources Water resources management Waste and sewage disposal management Climate management Biodiversity Management Product responsibility	Social disclosure Human Rights Operations Treatment of labor fairly And respect human rights Employees' potential development Motivation and retention Health and safety in the work environment Participation with communities and society Stakeholders Engagement