Risk Management

The company recognizes the importance of enterprise risk management as a key factor in achieving its defined objectives and goals. It also supports good corporate governance and promotes stable and sustainable growth.

Accordingly, the company has established risk management policies, structures, and procedures to serve as guidelines and a framework for all departments, ensuring efficient and consistent implementation across the organization.

Goal and Performance Highlights

to implement risk management in accordance with the COSO ERM framework across all processes throughout the Company’s value chain.

the Company fully implemented risk management processes in line with the COSO framework across all processes within the value chain, achieving

% coverage.

ESG Performance Data

Challenges and Opportunities

The Company places significant importance on risk management to ensure the achievement of its strategic objectives. A Risk Management Committee has been appointed to establish the Company’s risk management policy and to ensure that an effective risk management system is implemented across the organization. This enables the Company to adequately and appropriately assess and manage risks that may impact its business operations.

The Risk Management Committee is responsible for overseeing and managing enterprise-wide risks. The Company conducts comprehensive risk identification and analysis covering both current operations and new investments, taking into account economic, social, and environmental factors in alignment with sustainable development principles.

Furthermore, the Company has established processes for risk assessment, monitoring, control, and reporting. Risk reports are submitted to the Risk Management Committee on a quarterly basis, while emerging risks are continuously monitored to minimize potential impacts and ensure that risks are maintained within acceptable levels.

In addition, the Company conducts an annual review of its risk management framework, key risk factors, risk appetite, and key risk indicators (KRIs), as well as related risk mitigation plans. These are proposed to the Risk Management Committee for consideration and subsequently submitted to the Board of Directors for approval.

In the event of significant or urgent changes, the Company will convene meetings with the Risk Management Committee to review and reassess risks, determine appropriate risk control measures, and promptly report to the Board of Directors.

Management Approach and Value Creation

The Company is committed to conducting business under the policy of good corporate governance. The Company adopts the Enterprise Risk Management (ERM) principle in accordance with the risk management framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), a universal standard of risk management, as a guideline in the Company’s risk management.

The Company has also implemented risk management, conducting risk management in regard to the organization as a whole. Risks are identified from analysis and assessment of external factors such as business environment analysis as well as analysis of industrial competition conditions from various factors related to the real estate business.

Moreover, risks are also identified from internal factors, from business strategies, objectives, and procedural operations to the various supporting units within the organization. All directors, executives, and employees in all levels appropriately apply risk management as well as are aware of the responsibilities in accordance with risk management policy, so as to achieve effective risk management to the maximum extent.

The Company applies the universally accepted COSO ERM Framework in the following 6 risk management steps.

Click to Enlarge

1. Objective Setting

Setting a clear business objective or work objective which is coherent with policy, goals, strategies, and acceptable risks. Risk management is within the bounds of the acceptable level of risk (Risk Appetite) and the level of deviation from the acceptable level of risk (Risk Tolerance).

2. Event Identification

The Risk Management Working Group considers and identifies various positive and negative possible events that will have an impact on the objectives of the Group. This includes the consideration of both internal and external factors including economic, social, environmental and good governance dimensions that affects the goals of the Company to understand the event and situation; and to let stakeholders determine guidelines and policies to manage potential risks properly.

3. Risk Assessment

The Risk Management Working Group conducts risk management by classifying and deliberating the order of priority of risks in 5 levels, ranging from very high, high, medium, low, and very low, from 2 aspects, which are the likelihood of an occurrence that will adversely impact the fulfilment of an objective, and the severity of impact from the occurrence.

4. Risk Response

The relevant Risk Management Working Group in respect of each risk deliberates on the measures to effectively and efficiently address risks, taking into account the acceptable level of risk, costs incurred, and benefits expected. Risk response may comprise of one or many combined measures to decrease the likelihood or lessen the severity of an event.

5. Control Activities

Once the risk has been identified, the relevant Risk Management Working Group to each risk determines the measures to address the risk or control activities by establishing policy and operational procedures to apply, to ensure that the Company has managed the risk in accordance with internal environment of business characteristic, structure, and culture.

6. Monitoring

The Risk management Committee ensures that there is monitoring, review, and assessment of the results of risk management, and reports to supervisors. The Committee also determines Key Risk Indicators (KRIs) in respect of each risk, and continuously monitors to ensure that risk management is applied in every Company level in an appropriate manner, and that the risk with significant impact on achievement of Company objectives are reported to the responsible person to prepare to address the risk that is likely to happen.

Risk Management Structure

The Board of Directors is responsible for overseeing enterprise-wide risk management, including sustainability-related risks (Environmental, Social, and Governance: ESG), in alignment with the Company’s vision, mission, and sustainable business strategy. The Board establishes the risk management framework and regularly reviews the effectiveness of the risk management processes.

The Board of Directors has approved the establishment of a Risk Management Committee, comprising three directors, including two independent directors, to specifically oversee the Company’s risk management. The Committee is responsible for monitoring the implementation of the risk management system, as well as reviewing the Company’s risk management plans and performance to ensure that risks are maintained at an appropriate and acceptable level.

Operational units are directly responsible for managing risks. This includes employees performing duties across each process within the Company’s value chain. In particular, supervisors are responsible for overseeing and appropriately managing risks within their respective operational processes.

The Risk Management function serves as the second line of defense, with the Company Secretary acting as the highest operational authority responsible for enterprise risk management, reporting directly to the Chief Executive Officer. This function is responsible for implementing the enterprise risk management framework and policies in alignment with the Company’s business strategies and objectives, identifying and analyzing key risks, ensuring the effectiveness of risk management processes across the organization, and monitoring and reporting risk events and risk management performance to the Risk Management Committee on a quarterly basis.

The Internal Audit function serves as an independent assurance provider, reporting directly to the Audit Committee. It is responsible for reviewing the operations of all business units to ensure that internal control systems are adequate and effective in mitigating risks and reducing the likelihood of undesirable events.

In addition, the Company’s Risk Management function operates independently from the Internal Audit function, and the Risk Management Committee is clearly segregated from the Audit Committee to ensure appropriate governance and oversight.