Corporate Risk Management

The Company conducts a corruption risk assessment in all departments of the Company and its subsidiaries. Each department identifies risks possibly arising from corruption, score level of opportunity and impact of risks, including approaches to minimize risks and measures on corruption prevention or anti-corruption. The risk assessor considers risks from the nature of business activities, operational processes, situations of the industry, business terms, including policies relating to anti-corruption measures and a manual on policies relating to anti-corruption measures that identifies the specific procedures of each policy, such as receiving or offering gifts, providing subsidy or political actions. All directors, executives, supervisors and employees of the Company and its subsidiaries must strictly comply with these rules and policies communicated by the Company and trained to employees.

The Company’s risk assessment comprises the following procedures.

  1. Risk Identification Supervisors identifies the potential corruption risks by taking the results into action

    • When planning an internal audit plan
    • When there is an Audit Checklist in the system audit process.
  2. Risk Assessment The assessor identifies the risk and specifies how it affects the achievement of purposes. The degree of opportunity and the degree of potential impact from the risk must be taken into account.

  3. Risk Management Strategies or activities are established to manage risks in accordance with the acceptable risk level of the Company.

  4. Control Activities A policy or practice is applied to implement a control, such as approval, review, reconciliation, separation of duties, to ensure that the risk management has been performed appropriately and timely.

  5. Monitoring and Reporting of Risks Various risk management activities are monitored and improved to continue the operations by collecting and presenting the corruption risk information to the Risk Management Committee, the Audit Committee, and the Board of Directors for consideration and approval.

  6. Communication Risk management is communicated according to the opinions of the Audit Committee and the Board of Directors and then notified to the relevant department.
    Issues / findings are communicated to each department as follows:

    • Internal Audit and Corporate Governance Department
    • Risk Management Department
    • Quality System Department
  7. Follow-up Following up opinions of the Audit Committee and the Board of Directors, including the compliance with the Code of Conduct annually at least once a year

  8. Reporting When there are issues / findings, report them to the Audit Committee, the Corporate Governance Committee and the Risk Management Committee.

Implementation

The Chief Executive Officer is a model organization leader in implementing an anti-corruption policy strictly as follows:

  • In 2021, the Company was recently certificate of Membership by Thai Private Sector Collective Action Against Corruption (CAC) as a member from Certification Committee and CAC Council.
  • Signing to join the Thai Private Sector Action Coalition against Corruption for Small and Medium-sized State-Enterprises (CAC Change Agent)
  • Demonstrating commitment to anti-corruption through messages from the Chief Executive Officer on anti-corruption measures to notify all groups of stakeholders.
  • Being appointed to the anti-corruption Cooperation Subcommittee in order to consider the approach on anti-corruption cooperation and the enhancement of transparency in procurement of the Ministry of Finance
  • The Chief Executive Officer signed and became a member of the Partnership against Corruption for Thailand (PACT Network).
  • Executives provide cooperation in replying surveys for private companies regarding corruption problems prepared by IOD.
  • The Chief Executive Officer supports the Company's online knowledge test on anti-corruption measures and offers rewards to employees who obtain the highest score.
  • Executives and supervisors discuss on the risk from corruption at every meeting.

This model practice of organizational leaders is to build the confidence to all employees to provide cooperation on anti-corruption. All employees strictly adhere to the anti-corruption policy. The Company prepares the procedures on compliance with anti-corruption policy in order to control, prevent and monitor risks from corruption. The Company discloses such procedures on its intranet and also communicates knowledge on the anti-corruption policy and practices on a quarterly basis has been communicated to all employees of the Company and its subsidiaries via channels of e-mail, Line Group, public relations boards at various areas within the headquarters, and all project offices of the Company, including its subsidiaries. New employees will be informed of the anti-corruption policies and procedures as soon as they start working. Trainings are always provided to employees at the orientation of new employees, including public relations to third parties and all business partners of the Company.

Furthermore, it also establishes the procedures for recording and collecting statistical data on the number of whistleblowing, type of whistleblowing, number of whistleblowing being investigated and implemented, summary of investigation results of each complaint, including annual statistical reports on whistleblowing or complaints to the Audit Committee and the Board of Directors in writing. This is for the benefits of monitoring progresses and improvement of the Company's operational processes that may cause all forms of corruption.

According the Company’s process of the assessment of the risk from corruption, the assessment results are applied to establish policies and procedures in order to prevent corruption, whether it is in the form of a bribe, return, gift or conflict of interest, etc. A responsible is assigned to supervise the established procedures in order to control, prevent, and monitor implementations that may cause risks from corruption under the supervision of the Management. The Management conveys its intentions to business partners and business alliances, for example, conveying the intention to encourage employees of the Company and communicating to contractors about the commitment to corruption prevention which contractors can express comments / inform issues that are not treated fairly to the senior executives directly or via email: esg@supalai.com.

In 2021, the policies, practices, measures and penalties, monitoring and reviewing of appropriateness of policies were included in the Business Ethics and Code of Conduct, which were communicated to all directors, executives and employees via the Company's intranet and e-mail so that they would acknowledge and strictly comply with. In addition, they must sign to acknowledge the Company's policy in writing every year.