Risk management
Risk Management
Thaioil Group constantly monitors processes with high risks and practices the international control standards of Committee of Sponsoring Organizations of the Treadway Commission (COSO) and ISO 31000. To date, the Thaioil’s comprehensive risk management policies of economic, social and environmental risks are communicated in a Risk Management Manual and managed by the Risk Management Information System: RMIS.
Thaioil’s risk management structure consists of the Board of Directors, Risk Management Committee, Risk Management Steering Committee, Specific Risk Management Committee, Corporate Risk management function and Risk Coordinator. The risk management system, megatrends, global risk or other risk specific training are annually educated for them through Strategic Thinking Session (STS) expert session, STS Board session and other training course from Thai Institute of Directors Association (IOD) or Thaioil team. The risk management performance is also updated quarterly to the forum as defined in risk management structure to review and revise on risks.
The framework of Thaioil risk management consists of Enterprise risk management policy, Risk management committee charter, Risk management steering committee roles and responsibilities, and Risk Management process to embed risk management in our management and decision-making process.
Risk management is also included in financial and non-financial sensitivity analysis process to verify impact and evaluate appropriate mitigations or decisions. Example of financial sensitivity analysis shows that every change of 0.1 USD/Barrel of GIM, it will impact on around 300 million THB of net profit after tax. Thaioil also conducts non-financial sensitivity analysis e.g., water related risk for assessing operational risk in various scenarios.
Thaioil’s risk category breakdown into 5 groups as follows:
• Strategic
• Commercial
• Organization
• Financial
• Operation
The key risks from 5 risk categories are evaluated likelihood and impact, identified mitigations and monitored risk exposure, mitigation progress and key risk indicator result quarterly with related parties.
Thaioil set Risk appetite statement to define threshold of impact that company can accept for various dimensions to cover all activities. The risk appetite is a key element in a risk governance framework and has a boundary of our business activities. As such Thaioil will closely monitor and promptly manage the business in accordance with this risk appetite and its matrices and enhance our resilience to the dynamic environment and any possible adverse events in helping Thaioil to achieve its strategic objectives. Thaioil Risk appetite is divided into 6 categories; strategic, commercial/marketing, financial, operation, corporate governance and construction of Clean Fuel project. Each risk appetite category has set the acceptance level to link with our company target, for example we have no tolerate for any form of corruption, and we have high risk appetite for our investment.
The risk exposure of Thaioil is specified as Risk assessment matrix dimension 5x5 in perspective of people, environment, asset, reputation, net profit and target to illustrate likelihood and impact of risk and prioritize risk to identify mitigation and manage risk.
Thaioil’s risk management process begins with understanding business scope, context and criteria. The internal and external factors, key activities, key concerns and expectation of stakeholders are gathered to identify key risk. The key risks are analyzed and evaluated the likelihood and impact to company. Mitigations for all key risks are identified to treat that risk. Thaioil also identified key risk indicator (KRI) and set the KRI risk appetite and risk tolerance to monitor status of key risk. Key risks, mitigations, likelihood and impact, and KRIs are quarterly monitored progress and communicate by Risk coordinator. The key risk of Thaioil is quarterly review and updated by risk management structure function and review or give consultant on appropriation of mitigation continuously link to environmental scanning result, level of risk exposure and key risk indicator result. Information of all key risks are monitored and recorded in Risk management information system (RMIS) which is internally access by all staff.
The key risks are divided into 3 levels of risk hierarchy: Corporate risk, Functional risk and Department and section risk. The corporate risk which is the most important risk for the company, is monitored, updated, and reported to Risk management steering committee, Risk management committee and Board quarterly while the other risk hierarchy is monitored and reported to risk owners and related forums.
To embedded risk management to our culture, the mitigation progress of key risk is converted to financial incentives of each function and subsidiaries. This also link to individual performance.
Corporate risk function is an independent line from operation function and perform as 2nd line in 3 lines of defense to ensure risk and control are effectively managed. The support tools and process are regularly reviewed, updated and reported to management. Thaioil has adopted various International Standard Requirements such as ISO (International Organization for Standardization) Management Systems, into its work Excellence processes and uses them as System tools to strengthen the Group’s performance. The ISO Management system in Thaioil has implemented as Integrated Management System which including ISO 9001, ISO 14001, ISO 45001, TIS 18001, ISO 50001, ISO/IEC 27001 , TIS 2677, ISO 20000-1, ISO 22301, ISO 31000. The risk management process and risk management compliance are annually audited by both internal auditor and external auditors (Management System Certification Institute (Thailand): MASCI) incorporated with ISO audit process of company.
