Corporate Risk Management Policy and Process^GRI102-16

PTT has recognized the importance of risk management amidst changes influenced by internal and external factors that may affect business sustainability. It thus employs an international standard issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO - ERM 2017) in a consistent manner to ensure effective risk management, which is also considered a key component for all PTT business processes that need to be connected vertically. As a result, there is an integration of Governance, Risk and Compliance (GRC) to support executives’ decision-making and safeguard, or systematically and effectively create added value for the organization based on potential risk factors.

PTT has developed a risk management policy, signed by the Chairman of the Enterprise Risk Management Committee, with which all employees must comply. In addition, a Governance, Risk and Compliance Committee (GRCMC), an Enterprise Risk Management Committee (ERMC) and a Corporate Plan and Risk Management Committee (CPRC) were established to monitor the overall risk management. The progress of risk management plans, as well as risk indicators, has been reported and proposed to the respective committee for further review of efficiency and effectiveness on a quarterly basis.

The department responsible for the enterprise risk management process has prepared a written PTT Enterprise Risk Management Manual (ERM) as a standard guideline applied throughout the organization. This consists of integrated enterprise-wide risk management, definitions of PTT's enterprise-wide risk management framework and risk management processes, etc.

Risk Management Structure

PTT ensures planned risk management through management committees and integrates risk management when developing an enterprise plan so that the risk management plan can be efficient and effective, and aligned with corporate goals and strategies. It is a responsibility of all departments to address operational risks under supervision of the management team in order to manage and limit the risks to an acceptable level. This responsibility is clearly stated in the job description of every department.

Risk Management Tools

PTT studies and employs risk management tools of various forms; for example, determination of risk appetite,  assessment and prioritization of risk factors using Risk Map, monitoring of risk management through risk mitigation plans, key risk indicators (KRIs), and the use of Monte Carlo Simulation techniques to identify impacts on the performance in the value at risk (VaR) form. In addition, PTT also monitors changes in key external factors, including emerging risks, to ensure that it can prepare proactive risk management measures before such risks affect PTT's business operations.

Read more about 2022 risk factors of the Company's business at 

Enterprise Risk Management and Emerging Risks ^CSA1.3.3

Challenges from the energy transition situation

Disruptive innovation or technology has brought about changes to business models while environmental awareness has shaped the concept of energy transition, that is, from traditional energy to clean energy of new forms. This greatly affects the needs of customers and PTT's business operation. In order to accommodate economic, social, energy, technological, and consumer behavior changes as influenced by the global mega trend, PTT thus sets business strategies and constantly identifies opportunities and develop new business models, namely an integrated LNG business, to create a New S-Curve business, e.g., investment in electric vehicles, renewable energy, life sciences business, logistics and infrastructure, and AI, Robotics & Digitalization, including personnel preparedness to effectively accommodate business expansion. The Company’s vision, direction, and strategy of future business, integration of risk management and business plans, and business performance monitoring have been regularly reviewed to ensure that the revenue generated shall meet the target.

Reinforcing the corporate risk culture

PTT cultivates awareness, creates an atmosphere and culture of risk management for all employees, focusing on resource allocation and appropriate support to different areas to promote effective risk management. An enterprise-wide risk management manual is published on a website accessible by all employees with relevant email being sent out to educate and strengthen understanding about risk management throughout the organization. Risk management communications and training are provided. There are surveys to collect feedback and identify the understanding of personnel regarding corporate risk management conducted on an annual basis to continuously improve the efficiency of corporate risk management. In 2022, there were culture-reinforcing activities; for example, GRC Talk in monthly PTTMC’s meetings, which is also defined as a regular agenda for every meeting of the department, GRC Camp that is focused on strengthening the GRC culture among employees by cascading experiences of the executives and guest speakers and communicating about GRC policies, GRC knowledge, and risk management. Moreover, the Company also encourages participation in training on GRC and risk management and rolls out reinforcement activities to promote understanding of employees and encourage behavior momentum toward GRC through communications and online activities. 

Risk management process improvement based on the reviews of the Enterprise Risk Management Committee.

PTT nurtures all employees with the awareness of risk management while also creating a risk management atmosphere and culture. It focuses on appropriate resource allocation and provision of support in different areas by integrating it with PTT's key work processes to promote effective risk management. 

1. Improve the “Risk Appetite Statement” to align with changing situations.
2. Take into account impacts of business plans on stakeholders to obtain work plans to mitigate impacts with an appropriate management model.
3. Supervise organizational innovation management to ensure its completeness and competency to enhance innovation effectiveness in line with PTT's strategic objectives and key goals.
4. Consider and comment on the agenda of major investment projects and contracts with long-term obligations, business complexity, and risks that have a significant impact on PTT before proposing them to the PTT Board of Directors for approval.
5. Contemplate the annual list of corporate risks before proposing it to the PTT Board of Directors for approval along with the annual enterprise plan. Risk registers and enterprise risk management plans shall be integrated in the enterprise plan to ensure that it is clear, aligned with the goal, business strategies and applicable enterprise-wide.
6. Closely monitor risk management on a quarterly basis by determining risk indicators for surveillance and precaution, including measuring the effectiveness of risk management and providing recommendations to the management in the reviews of risk management plans to reflect business strategies and the changing business environment and report the results to the PTT Board of Directors.

Business Continuity Management

Business Continuity Management Process

Business Continuity Management

PTT has developed a business continuity management system (BCMS) based on the business continuity management standard (ISO22301:2019) and others related, covering prevention, response, support and recovery. The operations are divided into 3 phases: prevention/preparation phase, response/business continuity phase, and recovery phase. The Business Continuity Plan (BCP) has been approved by the Management Committee and the PTT Board of Directors. With the current environment that is constantly changing, it is challenging for the organization with respect to unexpected crises, natural disasters, political unrest, terrorism, epidemic, which may cause disruption to PTT's critical processes. If PTT cannot recover its operating capacity, it shall cause damage to property or life, as well as resulting in widespread impact on the nation, society, community and all groups of stakeholders. PTT recognizes the importance of getting prepared in response to crises and operating business continuously. Therefore, a business continuity management policy has been established. Executives and employees, as well as third parties working for PTT, shall take part in the implementation, support and compliance with the policy on a regular basis.

PTT has developed a safety and emergency/crisis preparedness plan divided into 4 levels according to the severity of the events. Specifically, those events are crises that PTT requires further assistance from external entities at either local, provincial, regional or national level. The emergency/crisis severity level shall be raised to 1, 2, 3, and 4 respectively. An emergency/crisis and business continuity management center has been established with responsible persons assigned and authorized to each level of management appropriately to ensure that the solution process is timely, effective and responsive to the needs of both public and private entities and surrounding communities. In addition, PTT has appointed a coordinator to disseminate important information; for instance, what employees must do, important contacts, alternate work sites, and significant changes in each year, etc. An Emergency & Business Continuity Management Web Portal was also developed to be used as a communication channel and for managing emergency/crisis situations and business continuity.