Risk Management Approach
The company recognizes the importance of risk management and promotes the management of risks throughout the value chain of all its businesses across all dimensions to acceptable levels. This enables the company to operate according to the established strategic plan. In addition to operational risks, the company also emphasizes environmental, social, and governance (ESG-related) risks that could potentially harm the achievement of the company’s long-term objectives and goals.
The company has established a 'Risk Management Policy' and a risk management manual that are reviewed and updated annually to align with current circumstances. In terms of enterprise risk management, the company utilizes the risk management framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO), incorporating both the COSO ERM 2017 (Enterprise Risk Management Integrating with Strategy and Performance) and COSO ESG 2018 (Enterprise Risk Management – Applying Enterprise Risk Management to Environmental, Social, and Governance-related Risks) as guidance for its corporate risk management practices, tailored to fit the company’s operations to ensure risk management at all levels and connection throughout the organization.
Additionally, the company conducts regular audits of internal control systems and the effectiveness of the risk management system, identifying risks within internal processes through an external third-party internal auditor. Ms. Pirada Tonhangsa, Assistant Deputy Chief Executive Officer of Organizational Development, is responsible for coordination, and internal control system audits are conducted quarterly.
Risk Management Process
The company manages organizational risks by establishing a process aligned with the international standards of COSO ERM 2017 and COSO ESG 2018. The focus is on comprehensive risk management that covers the four main types of risks: strategic, operational, financial, and compliance with regulations and anti-corruption, while also expanding the scope of risk management to include environmental, social, and governance (ESG-related risks) as well as emerging risks that could impact the achievement of the company’s objectives and goals in the short, medium, and long term. The risk management process includes the following steps:
The company conducts a review of significant organizational risks at least once a year to consider emerging risks or changes to existing risks that may arise due to shifts in the economic environment, regulations, or technology. This review provides management with sufficient information to formulate strategies and make informed decisions. The assessment of risk management effectiveness and monitoring of risk management across all departments ensures that risk management is conducted efficiently and effectively, supporting the company in achieving its defined objectives and goals.
Learn more about the Risk Management Policy at: www.nerubber.com or scan QR Code
2024 Performance
In 2024, the company conducted a comprehensive risk assessment across the entire organization, covering all departments (100%). The risk prioritization revealed several significant organizational risks that may impact the company's operations, as follows:
| Type of Risk | Economic Risk | Environmental Risk | Social Risk | Governance Risk |
|---|---|---|---|---|
| Strategic Risk |
|
|
||
| Operational Risk |
|
|
|
|
| Financial Risk |
|
|||
| Compliance Risk |
|
|
Business Continuity Management
The production process at each stage is crucial for the operations of the rubber industry. Disruptions or malfunctions in any one of these processes can significantly impact the overall production line of the company. Factors that may lead to disruptions can arise from external sources, such as natural disasters or emerging diseases, or internal factors, such as machinery breakdowns, infrastructure issues like electricity and water supply, labor shortages, and various emergencies such as fires or accidents in the factory. All of these constitute risks that could lead to business interruptions.
To manage these risks, the company has implemented Business Continuity Management (BCM), which includes an Emergency Response Plan (ERP) and a Business Continuity Plan (BCP). These plans focus on preparedness in terms of strategies, processes, and resources, while also establishing systems to support potential crises, such as emergencies from fires or accidents in the factory. This includes the provision of firefighting equipment and personnel evacuation plans. Additionally, the company coordinates with the provincial electricity authority to receive prior notification of any power outages, which helps in planning and managing operations effectively. Furthermore, maintenance of machinery and equipment is scheduled regularly, with spare parts kept on hand for any damages that may occur, ensuring that the production process can continue without interruption.
Promoting a Risk Management Culture
The company focuses on enhancing the capabilities of employees across the organization by providing knowledge and understanding of risk management as part of the employee development plan. This includes conducting training on risk management that encompasses risks related to the environment, society, and governance (ESG). This training aims to ensure that employees at all levels within the company are aware of, recognize, and understand the various risks facing the organization so they can apply this knowledge in their daily operations. In 2024, the company implemented initiatives to promote a risk management culture within the organization as follows:
- On May 10, 2024, the company conducted a training course on risk management according to international standards (ISO 31000:2018) for the risk management working group, executives, and employees from all departments. The training was led by an expert instructor from the Accounting Professionals Association.
- The company integrated risk management as part of its strategic planning, project development, and operational activities to achieve the defined objectives, goals, and strategies. It was also a critical component in decision-making for investments in various projects, such as major capital-intensive projects.
- The company managed organizational risks by holding meetings of the Risk Management Working Group, which includes senior executives, departmental managers, and operational staff, to monitor organizational risk management. Additionally, specific risk indicators and risk appetite were established, along with a Risk Mitigation Plan, which includes setting targets and performance indicators. Continuous monitoring and evaluation of the risk level after implementation were conducted to closely identify control measures. The outcomes were reported to the Risk Management Committee monthly.
- The company set performance indicators for the organization and the operational results of senior executives to align with organizational risks or risk indicators, linking them with the performance indicators of the responsible risk management units. This ensured effective monitoring and evaluation of control measures and risk management plans in accordance with the organization’s core strategies.