Importance and Mission

Risk Management

Risk Management Structure

Risk management operates under the oversight of the Board of Directors, supported by the Corporate Governance and Risk Management Committee, comprising five directors and executives, with an independent director serving as Committee Chairman. The roles and responsibilities of the Corporate Governance and Risk Management Committee are detailed under the SPI Sustainability Development Structure section

Risk Management Policy

Risk Management

The Company places strong emphasis on risk management and has established a Risk Management Policy along with preparedness and response plans to address risks that may affect business operations. To respond to rapidly changing global conditions, support sustainable organizational growth, and minimize the likelihood and negative impact of risks while creating business opportunities, the Company has adopted The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management Framework (COSO-ERM), with the following management process:

Governance and Organizational Culture

The Board of Directors and sub-committees are responsible for establishing organizational-level risk management policies and guidelines, defining strategies, objectives, and corporate values, including ESG-related risks.

Strategy and Organizational Objectives

Management analyzes the business context, defines risk appetite, establishes risk management approaches, and conducts risk assessments, with objectives subject to Board approval.

Performance Targets

Management reviews the organization's risk responses and overall risk profile for presentation to the Corporate Governance and Risk Management Committee and the Board of Directors.

Review and Improvement

Management assesses changes and improves the enterprise risk management system annually.

Information, Communication, and Reporting

The Planning and Systems Development unit reports operational performance to the Corporate Governance and Risk Management Committee on a regular basis, and discloses performance results through the annual sustainability report.

The Company has identified risk factors that may affect its strategy, operations, financial performance, and regulatory compliance across 9 risk categories:

  1. Strategic Risk
  2. Operation Risk
  3. Financial Risk
  4. Regulation Risk
  5. Corruption Risk
  6. Data Privacy and Cyber Security Risk
  7. Human Right Risks
  8. ESG Risk
  9. Emerging Risk

Risk Management Tools

The Company places strong emphasis on risk management as a key mechanism for supporting good corporate governance and ensuring long-term business stability. The Corporate Governance and Risk Management Committee is responsible for defining the organization's Risk Appetite as a framework for strategic decision-making, and for ensuring that all business units operate in a consistent direction aligned with the organization's sustainability objectives. The Company conducts systematic risk assessments on key issues across all departments to enable appropriate and effective risk management and control, utilizing the following tools:

Risk Matrix

An analytical tool used to assess the risk level of each event or factor that may impact the organization, evaluated by considering both the likelihood of occurrence and the potential consequences.

Key Risk Indicator (KRI)

Key risk indicators are used to monitor significant strategic and operational risks, enabling the organization to effectively identify and track material risks on an ongoing basis.

Risk Map

A risk mapping tool that prioritizes risk factors by providing a visual overview of the risks with the greatest impact and those requiring the most urgent attention.

The Risk Management Working Group presents risk management plans aligned with the guidelines and framework established by the Corporate Governance and Risk Management Committee for each period, to serve as the basis for organization-wide risk management. To ensure effective risk management, the Working Group continuously monitors performance and reports on progress on a regular basis.

Emerging Risks

Emerging risks are new or previously unencountered risks characterized by high levels of uncertainty that may have significant impacts on the Company's business operations in the short, medium, and long term. Such risks typically arise from rapid change and cannot be effectively managed through conventional approaches or existing measures. The Company therefore places strong emphasis on continuously analyzing, monitoring, and evaluating emerging risk trends as an Early Warning System, assessing risk factors comprehensively through the PESTEL framework (Political, Economic, Social, Technological, Environmental, and Legal) to enable proactive risk management plans, timely adaptation to change, and maintenance of Business Continuity. Details are as follows:

Emerging Risk Risk Impact Risk Management
Climate Change Intensifying climate change risks may affect business operations in terms of operating costs, project development continuity, and the ability to complete projects on schedule and deliver services to customers in the Saha Group Industrial Parks. Physical climate risk assessments were conducted for each operating area using Scenario Analysis for 2030 (short-term) and 2050 (long-term), identifying flooding and water scarcity as high to very high risk issues. Appropriate preventive and mitigation measures have been established, including the development of drainage system layouts for each industrial park to manage various scenarios and reduce business disruption effectively and sustainably. Green areas are continuously expanded through tree planting and maintenance within and around industrial park areas, complemented by annual emergency response action plans and natural disaster drills.
Rapid Digital Technology Transformation and Evolving Business Models The Company operates industrial parks within the Eastern Economic Corridor (EEC), a national strategic development initiative targeting the elevation of the area into a World-Class Economic Zone to attract investment in advanced technology and future industries (Super Cluster). Rapid technological change is driving industrial production development, altering the land, utility, and technology support requirements of target customers. This creates risk around the Company's readiness to meet target customer needs and remain competitive. The Company has developed a plan to transform Saha Group Industrial Parks into Smart Cities, including upgrades to utility systems and 5G internet network infrastructure to support Smart Factory development, enhancing management efficiency and competitive capabilities. Studies are also underway on emerging technologies, including Artificial Intelligence (AI), to improve operational efficiency and effectiveness. Digital systems have been implemented for real-time environmental and water resource data collection and management, with Data Visualization for effective planning and monitoring. Flood monitoring systems equipped with water level sensors, CCTV cameras, and Line Application alert notifications have been installed to support emergency response. Digital technology plans are in place to enhance operational speed and efficiency, and the Company has implemented a smart office system.

Internal Control

Internal Control Structure

The Company has established an internal control system by structuring responsibilities to oversee and monitor internal audits within the organization through the Audit Committee, along with establishing an Internal Audit Department.

The Company’s Internal Audit Department has the responsibility to conduct internal audits independently and present directly to the Audit Committee while also supporting the committee’s responsibilities to operate the system efficiently.

Internal Control Management

The Company has established an internal control system in accordance with the internationally recognized COSO 2013 framework to strengthen transparency, accountability, and management efficiency, covering operational, reporting, and legal and regulatory compliance dimensions. The Internal Audit Department independently evaluates the adequacy of the internal control system and reports findings to the Audit Committee and the Board of Directors, to ensure that organizational processes are conducted appropriately, transparently, and in alignment with good corporate governance principles, while supporting long-term organizational sustainability. The Internal Audit Department conducts annual assessments of the adequacy and appropriateness of the internal control system in collaboration with relevant departments and reports to the Audit Committee and the Board of Directors. The Internal Audit Manager reports directly to the Audit Committee to ensure operational compliance with applicable laws, policies, and organizational standards, and to support comprehensive risk management. The roles, responsibilities, and authority of the Internal Audit Department are clearly defined in the Company's directives, covering its mandate, audit scope, and rights of access to information necessary for effective performance, as well as additional tasks assigned by the Audit Committee, with the objective of enhancing transparency, credibility, and long-term sustainable business operations.

In fiscal year 2025, the Company evaluated the effectiveness of its internal control system in accordance with the five components prescribed by the Securities and Exchange Commission (SEC): control environment, risk assessment, control activities, information and communication, and monitoring. The Internal Audit Department conducted an independent assessment and reported the results transparently to the Audit Committee and the Board of Directors. The evaluation concluded that the Company's internal control system is adequate, appropriate, and free from material deficiencies. The organization has sufficient personnel and resources to perform internal control functions effectively, with mechanisms in place to monitor, control, and oversee the operations of the Company and its subsidiaries to prevent fraud and misuse of assets.

Components of the Internal Control System

Components of the Internal Control System

Summary of Audit Committee Opinion 2025

The Audit Committee has fulfilled its duties within the scope and responsibilities delegated by the Board of Directors and in accordance with the Audit Committee Charter, having reviewed and examined the following:

  • Review of quarterly and annual financial statements
  • Meeting with the external auditor without management present, and consideration of the selection, nomination, and appointment of the external auditor and annual audit fees
  • Review of the internal control and internal audit systems
  • Review of good corporate governance practices
  • Consideration of connected transactions or transactions that may involve conflicts of interest
  • Review of the Audit Committee Charter

In fiscal year 2025, the Audit Committee concluded that the Company has adhered to good corporate governance principles, with appropriate and adequate risk management and internal controls in place. Financial reports are accurate and prepared in accordance with generally accepted accounting standards. The Company has complied with all applicable laws and regulations governing its business operations, in alignment with good corporate governance principles. The Audit Committee identified no material deficiencies or irregularities.

Supporting the SDGs

Peace, Justice and Strong Institutions

Partnerships for the Goals

Stakeholders Directly Impacted

Employee/ Executive
  • Supervise risk management and internal control operations to ensure effectiveness.
  • Be responsible for implementing operations in accordance with the established risk management framework.
  • Perform duties in line with defined standards and guidelines to minimize operational risks.
Shareholders

Review and provide recommendations regarding the organization’s risk management practices.

Government Sectors

Monitor and evaluate the performance of risk management and internal control activities.

Related Documents