Risk management is an important component in the Company’s business operations. The Company has a policy to manage both internal and external risk factors that affect the Group to the level that is appropriate, acceptable and no impact on the good corporate governance principles.
BTS Group acknowledges the key to efficiency of risk management is cooperation from all employees. Therefore, the Committee of the Sponsoring Organisations of the Treadway Commission (COSO) is implemented in each of Business Unit.
In addition, the awareness of risk which could arise in your department and risk continuity management has been encouraged to all employees. We always invite risk management professional to train all employees throughout the Group. Also, all employees including staff, management and director have been promoted to participant in risk management related-training programme in order to aware risk, how to mitigate risks as well as emerging risk which may occur in the future.
Types of risks are divided into 5 categories, namely, strategic risk, operational risk, financial risk, legal and compliance risk, and fraud risk. Risk management is a part of the annual business plan in order to ensure that the risk management measures are in accordance with the Group’s objectives, strategy, direction, and goals.
The Company determines that all executives and employees of the Group are owners of the risks and have a duty to assess the risk of their units and the efficiency of the existing control policy, as well as presenting plans and procedures to mitigate the risks. Risk Management Working Group, which is comprised of the representatives from all business units of the Group, is responsible for consolidating risks of all business units and conducting a risk assessment of the Group, including supporting the implementation of the risk management framework and reporting to the Executive Committee on a quarterly basis and to the Board of Directors on an annual basis. The Risk Management Framework consists of 5 procedures, namely, risk identification, risk evaluation, risk reporting, risk control, and risk monitoring. The Executive Committee is the core of the Group’s risk management structure which is responsible for monitoring and controlling key risks and factors that may have a material impact on the Group. The Board of Directors provides top-down oversight and supervision of risks and has the responsibilities of 1) setting out the risk management policy and framework, 2) reviewing the appropriateness of the policy and framework on an ongoing basis, and 3) ensuring that enterprise risk management and internal control are implemented. In order to achieve this, the Audit Committee is tasked with evaluating the sufficiency of the enterprise risk management policy and providing advice to both the Board of Directors and the Management. The Internal Audit Office is responsible for reviewing the risk management process and independently evaluating the efficiency of the internal control system.
For more details about key risks, please refer to FY 2017/18 Annual Report section 4.2: Risk Management Review