Risk management constitutes a critical element in all of PTT's business operations and is connected to all business levels. PTT therefore established the Enterprise Risk Management Policy for all PTT employees to adhere to, and appointed the Enterprise Risk Management Committee (ERMC) to formulate policy and implement the risk management framework. In addition to governing and supporting organizational risk management to ensure alignment with business strategy and goals taking into account internal and external factors posing impacts to the business and corporate goals. PTT conducts the Environmental Scanning, taking into consideration the uncertainty of political uncertainty, fluctuation of the supply and demand in petroleum and petrochemical industries, stakeholders' expectations, changes in regulations and laws, advancement of technology, and environmental impacts from business operations. The Committee also serves to provide guidance, monitor performance, and report risk assessment results to the Corporate Plan and Risk Management Committee (CPRC) in order to ensure maximum effectiveness and progress in accordance with the principle and management approach of the PTT Way of Conduct. Issues are also reported to the CPRC, the Risk Management Committee, the Audit Committee, and the Board of Directors for reviews and suggestions for continuous improvement. Thus, PTT is able to respond to all corporate risks in timely manner.
PTT's risk management framework and risk management procedures correspond with the criteria of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Management (ERM), and ISO 31000 Risk Management – Principles and Guidelines, all of which are international standards for relevant parties to understand the risk management principles and to apply them appropriately. Corporate risks are systematically managed through committees within specified scopes and responsibilities. All business functions have the responsibility to manage and maintain risks at a manageable level.
Corporate Risk Profile
PTT's risk management process is designed to be integrated with components from each step of the organization's strategic planning process. Every year, PTT analyzes and assesses risks to develop the Corporate Risk Profile, which corresponds to corporate targets and strategic plans and incorporates expectations from different stakeholder groups, economic trends, political conditions, as well as significant socioeconomic and environmental factors. These risks can be categorized as strategic risk, business risk, operational risk and financial risk – all of which pose potential impacts to PTT's performance, employees, customers, suppliers, organizational reputation, the general public and the environment. In addition, PTT takes into consideration event risks, emerging risks, and PTT Group Black Swan Events. Risk owners have the responsibility of formulating risk management plans for such risks, defining Key Risk Indicators (KRIs), and monitoring and reporting results to the Corporate Plan and Risk Management Committee, the Risk Management and Internal Control Committee, and the Audit Committee in accordance with PTT's defined procedures.
Cooperation of all employees is the key to effective organizational risk management and system. Therefore, an awareness program on risk management and business continuity management system has been implemented. The program consists of selecting employees with knowledge of risk management, building risk culture for all level of employees about their roles and responsibilities, and encouraging relevant employees to participate in the risk management plan. Furthermore, key performance indicators of executive management are set to measure efficiency and effectiveness of the performance.
Business Continuity Management
With PTT's commitment to securing energy for Thailand, protecting business operations, and maintaining trust, safety and security of all its stakeholders, PTT has developed the Business Continuity Management System (BCMS) according to the PTT Group Business Continuity Management System Standard, based on the ISO 22301 and other relevant standards. The system, governed by the Corporate Plan and Risk Management Committee, covers protection, response, management, and recovery, and is divided into 3 phases: prevent/prepare; response/resume; and recovery/restore. Continuously changing conditions poses a challenge on PTT, where unexpected events such as natural disasters, terrorism, and various threats could affect PTT's ability to meet its business objectives and disrupt operations, resulting in the loss of assets or lives and extensive impacts on stakeholders. Without the capacity to restore business to normal operations, the corporation may not survive. In such circumstances, PTT gives priority to setting coordinated corporate management strategies that include mitigation measures, preparedness, and the promotion of awareness and responsibility in accordance with the BCMS.
PTT has formulated a safety and emergency response plan, broken down into 4 levels based on extremity of the event. Level 1 refers to an event that PTT can respond to on its own, and which will be managed by the Emergency Command Center (ECC) set up to resolve emergency events. In case of events where PTT requires help from external parties at the local, provincial, or national levels, the emergency event will be upgraded to Levels 2, 3 and 4, respectively, and the Emergency Management Center (EMC) or Crisis Management Center (CMC) will be set up to handle conditions as appropriate. A responsible person is identified and authorized to manage events at each level. This ensures effective resolution and efficient response to both public and private agencies and neighboring communities. PTT believes that by implementing such protective measures and developing mechanisms to help manage operations and ensure continuity in times of crisis, the organization will be able to continue building confidence among stakeholders and create a competitive advantage over the long-term.
In readiness of crisis response, PTT has established business continuity management coordinator in each department to communicate critical information, including good practices, emergency phone numbers, temporary working sites, and yearly significant changes. Moreover, Emergency & Business Continuity Management Web Portal is used as a communicating channel on risk-related facts, emergency and crisis management, business continuity management, and internal and external factors for employees to build on knowledge capability. This channel also opens to public access serving as a knowledge database.
- Human Rights Management
- Sustainable Human Resource Management
- Security, Safety and Occupational Health
- Corporate Citizenship