The Company places a high importance on organizational risk management since it is essential to the organization's long-term viability. It is a tool that helps organizations in being prepared for current and future challenges. It also helps in strengthening security, reducing risks, and promoting confidence among all stakeholders.
The Company has set risk management policies for the entire organization following the enterprise risk management of the Committee of Sponsoring Organizations of the Treadway Commission (COSO ERM 2017) and the Thai Corporate Governance Code for Listed Companies - 2017. Additionally, anti-corruption measures have been implemented, with the Group Company receiving certification as a member of the Thai’s Private Sector Collective Action Against Corruption (CAC). This ensures that the Group Company manages risk effectively. The Company has developed policies and risk management manuals to guide operations as follows:
Establish a clear risk governance framework and balance system for effective risk management. The Board of Directors has assigned the Risk Management Committee to establish the framework and risk management policies, as well as the risk management plan. The Audit Committee has been assigned to oversee and ensure that risk management follows the risk management plan and policies.
The Risk Management Committee and the Audit Committee will meet at least 2 times a year to communicate significant risks, link risks with internal control, and report risk management to the Board of Directors. The Risk Management Committee met to review risks related to strategies, objectives, targets, and alignment with acceptable risks, and to provide recommendations on emerging risks on February 28, 2024, and June 7, 2024.
The risk management policy and manual will be reviewed at least once a year or when changes occur that could impact the Company’s operations. The latest review was conducted on February 1, 2024, ensuring that the policies and manual are up-to-date, aligned with current conditions, and effectively applicable to reduce the likelihood of risks and help achieve business goals.
The Company has integrated risk management into its strategy, objective, and goal-setting process, including context analysis, ESG materiality assessment, and stakeholder engagement. This ensures that strategic risks—such as expanding the business to new countries, achieving Net Zero targets by 2050, and sustainable community engagement—align with acceptable risk levels.
The Company identifies risks linked to its goals in various areas to evaluate their severity and prioritize them. Risk response measures are then established, such as investing in clean technologies, raising awareness through leadership and employee training, and collaborating with stakeholders.
The Company places great importance on transparent communication and reporting of risk management results to build confidence and trust among stakeholders. This includes comprehensive risk management reports covering critical information, such as risk factors that may impact operations and risk management practices, ensuring stakeholders can clearly and fully understand the information. This approach integrates risk communication into promoting understanding, knowledge, and awareness among allinvolved parties.
For example, in 2024, workshops on COSO ERM 2017 & ESG were conducted to enhance understanding of risk management and ESG management processes effectively, using tools like Key Risk Indicators (KRIs) for monitoring and evaluation, and adapting operational plans to current situations.
In 2024, the Company organized risk management activities and training for executives, employees, and partners, such as the Enterprise Risk Management and ESG Risk courses on October 16 and November 7, 2024, and the Sustainability and ESMS Training course on August 28, 2024.
The Company engages in the production and distribution of electricity from renewable energy sources, such as solar, wind, biomass, and other renewable energies, both domestically and internationally. These activities involve various risks that could impact the business. This document outlines risk factors based on current information and forecasts; however, there may be other risks beyond the Company’s control that could affect future performance. Therefore, the Company places importance on identifying, assessing, controlling, and regularly reviewing risk management measures.
The following risk information highlights some significant risks that could negatively impact the business. The Company may not be aware of other risks not listed or may consider certain risks currently insignificant but could become materially impactful. These risks could adversely affect the business, cash flow, operating results, financial status, and business opportunities of the Company and its subsidiaries.
For information referencing or related to the government or the overall economy of markets in Thailand and globally, the Company relies on disclosed data or copies of official documents or other credible sources. However, the Company does not verify or guarantee the accuracy of such information or the methods by which it was obtained.
The Company recognizes and prioritizes business continuity management to handle unexpected emergencies or crises that may impact operations, such as fires, natural disasters, or cyber-attacks. The Business Continuity Plan (BCP) is designed to guide executives and employees in responding to future crises, ensuring the Company’s operations remain continuous, protecting stakeholder interests, maintaining the organization’s reputation and credibility, and sustaining business continuity.
2.1 Policies and Organizational Structure
The Board of Directors approved the Business Continuity Management Policy on July 10, 2024, to set management guidelines and raise awareness among all levels of personnel. The policy appoints a Business Continuity Management (BCP) Team, comprising members from various departments, such as Strategy, Finance, Engineering, Accounting, Operations, Human Resources, and Business Development, to take on specialized responsibilities while maintaining coordination.
2.2 Planning and Impact Assessment
The Company has analyzed business impacts to assess the risks of various events, considering both the potential impact and the likelihood of occurrence. These events include natural disasters, pandemics, security and reputation events, and personnel-related incidents. Timelines for recovery and restoration have been established to ensure a swift return to normal operations.
2.3 Crisis Response and Preparedness Approaches
The Company has established procedures for handling crises before they occur, during the event, and after returning to normal conditions. This includes an emergency call tree and detailed key business recovery strategies, along with designated responsible parties. Additionally, to ensure the BCP team can effectively handle crises, the plan mandates at least annual drills to monitor, share lessons learned, and improve responses to various threats.
For business continuity plan drills, the Company had scheduled drills for each site and each scenario, conducting them alternately. For example, in October 2024, the SPN Solar Power project in Lopburi conducted a fire drill and evacuation exercise according to the plan. This training includes inspecting fire prevention systems and coordinating with the BCP team as specified in the procedures, or drills by primary service providers.