TH
Corporate Governance

Corporate Governance

Risk Management

1. Risk Management Policy and Plan

The Company conducts risk assessments and management in alignment with the Committee of Sponsoring Organizations of the Treadway Commission (COSO ERM-2017) international framework. This ensures that risk management is comprehensive across all dimensions and remains responsive to both internal and external dynamic shifts.

Risk management is integrated into the Company’s operating processes at all levels through the integration of good corporate governance, risk management, and compliance with laws and organizational regulations (Governance, Risk, and Compliance: GRC). This supports management decision-making, reduces the impact of risk factors, and efficiently creates added value for the organization. Risk management is also supported by clearly defined policies, regulations, and practices, as well as continuous risk assessments covering all organizational activities. In addition, performance is monitored and measured, and risk management results are regularly reported to the Risk Management and Sustainability Committee and the Audit Committee, and to the Board of Directors at least once (1) a year, with material information disclosed transparently to stakeholders.

The Company also emphasizes sustainability risk management by integrating risk management with Environmental, Social, and Governance (ESG) practices to support sustainable development goals and enhance stakeholder confidence. ESG-aligned risk management not only helps mitigate risks that may affect the organization but also creates opportunities to strengthen competitive advantage in a rapidly changing business environment.

The Company manages enterprise risks using the international COSO ERM (Enterprise Risk Management – Integrated Framework), a process integrated with corporate governance and strategic operations. It covers all organizational levels, from the Board of Directors and senior executives to employee in every department.

The risk management process is designed to identify, analyze, define risk tolerance, and manage risks within the level the organization can accept (Risk Appetite), thereby increasing the likelihood of achieving business objectives and supporting sustainability and ESG (Environmental, Social, Governance) goals.

The Company believes that effective risk management not only reduces the impact of risks but also creates value and drives the organization toward sustainable business goals, with risk culture as a key foundation for building a strong and stable organization. The risk management framework consists of:

1) Strategy Setting

The Company emphasizes effective strategy setting by clearly defining strategic objectives and risk appetite to ensure that the risk management process aligns with corporate goals and supports sustainable business operations. It also enables timely adaptation to changes in the business environment. The Company links risk management with strategic goals and KPIs to support long-term business growth across economic, social, and environmental dimensions, and uses risk assessment tools such as the COSO ERM Framework to define and monitor acceptable risk levels. Strategy setting is aligned with ESG (Environment, Social, Governance) goals.

The Company has categorized its risk structure into five key areas (The 5 Strategic Risk Pillars) to ensure comprehensive oversight of all important dimensions as follows:

1) Strategic Risk: Managing challenges that affect business direction amid changes in the economic environment and consumer behavior.
2) Financial Risk: Controlling and mitigating financial volatility, liquidity, foreign exchange, and credit risks to maintain cash flow stability and operating performance.
3) Operational Risk: Enhancing the efficiency of processes, personnel, information technology systems, and business continuity management (BCM/BCP).
4) Compliance Risk: Conducting business in compliance with domestic and international regulations, business ethics, and strict anti-corruption and anti-bribery practices.
5) ESG & Emerging Risk: Integrating environmental, social, and governance factors into risk assessments, while monitoring megatrends and emerging risks that may affect the business in the future.

2) Risk Management Structure

The Company’s risk management structure is designed as a Three Lines of Defense system, based on good corporate governance principles and international standards such as COSO ERM (Enterprise Risk Management), to ensure comprehensive and effective risk management across the organization.

The main structure is divided as follows:

  1. Board and Oversight Level
  2. Management and Risk Management Function
  3. Operating Level

2. Risk Governance and Management Structure

Board of Directors

Oversees internal risk management to align with strategy, goals, and sustainable business operations.

Audit Committee

Reviews the effectiveness of internal controls and monitors risk management to ensure adequacy and appropriateness.

Risk Management and Sustainability Committee

Responsible for supporting strategic oversight of enterprise risk management and sustainability, setting risk management policies and frameworks, monitoring and providing recommendations on significant risks and emerging risks, and supporting the Board of Directors in risk management duties by reviewing whether the risk management system is appropriate and effective.

Management Risk Committee

Prepares policies, strategies, and criteria for risk management, monitors and supervises risk management, and reports progress to the Chief Executive Officer and the 3 oversight board level committees.

Risk Management Working Group

The Risk Management Working Group plays an important role in systematically driving the organization’s risk management system. It is responsible for carrying out risk management activities according to work plans and assignments from the Management Risk Committee, including identifying risks that may affect the organization, defining control measures, and preparing approaches to reduce risks to levels acceptable to the Company, as well as conducting risk assessments based on the Company’s criteria and standards.

In addition, the Risk Management Working Group monitors and evaluates the implementation of risk control measures closely to ensure their effectiveness and appropriateness, and prepares status and progress reports on risk management for the Management Risk Committee on an ongoing basis. The Working Group also plays an important role in planning and developing business continuity plans toward international standards, strengthening the risk culture, and communicating and training executives and employees at all levels on risk management.

Details of the roles and responsibilities of the Risk Management Committee can be found at

Charter of Risk management committee

3. Enterprise Risk Management Process

The Company has established a risk management process to ensure that risk management steps and methods are systematic and implemented consistently across the organization. The key steps of the enterprise risk management process comprise 8 steps as follows:

  1. Internal Environment
  2. Objective Setting
  3. Event Identification
  4. Risk Assessment
  5. Risk Response
  6. Control Activities
  7. Information and Communication
  8. Monitoring, with quarterly review

For the internal risk management process, the committee must receive communication on risk assessments and controls, progress in risk management, monitoring of key and high-risk trends, and abnormal incidents on an ongoing basis to ensure that:

  1. Risk Owners regularly monitor, assess, analyze, and manage risks under their responsibility and have appropriate risk management plans.
  2. Responsible executives and the Management Risk Committee receive reports on risk management progress and risk trends. Internal control systems are adequate, appropriate, effective, and implemented in practice to prevent or reduce potential risks, with continuous improvements to align with changing situations or risks.
  3. The Risk Management Division coordinates with Risk Owners and responsible executives to report risk status quarterly, including the risk management process, to the Management Risk Committee meeting for acknowledgement/consideration.
  4. The Management Risk Committee analyzes and monitors changes in internal and external environments, including changes in potential risks, which may require reviews of risk management, prioritization, and the overall risk management framework.
  5. The Management Risk Committee regularly summarizes and reports risk management progress against plans to the Chief Executive Officer, the Risk Management and Sustainability Committee, and the Board of Directors on a quarterly and annual basis.

The Company has assessed key risks covering all subsidiaries in Thailand and overseas, including Cambodia, Laos, Myanmar, Vietnam, Indonesia, and Malaysia, to ensure that all subsidiaries are aware of risks and can manage them continuously.

The Company has systematically assessed key risks and high risks that are significant to business operations, and has identified management approaches and monitoring processes to support the organization’s sustainability goals and strengthen competitiveness.

Risk factors affecting the Company group have been appropriately prioritized and managed to enable response to business changes and global challenges. Risk management covers all dimensions and can be categorized by risk type as follows:

Existing Risks
  1. Strategic Risk
  2. Financial Risk
  3. Operational Risk
  4. Legal, Regulatory, and Compliance risk
Emerging Risks
  1. Climate Change Risk
  2. Climate Transition Risk
  3. Technology and Megatrends Risk

The Company has explained details of risk factors in various dimensions, risk indicators, and risk management approaches for the past year in the Annual Report (Form 56-1 One Report) under the Risk Management section.

Annual Report (Form 56-1 One report)  

4. Risk Management Culture

The Company is committed to instilling and building risk awareness at all organizational levels by emphasizing communication, training, and continuous activities for directors, executives, and employees in Thailand and overseas subsidiaries.

The Company encourages independent directors and directors to attend risk management training through director programs such as DCP (Director Certification Program) and/or DAP (Director Accreditation Program), which cover risk management and good governance (GRC).

To elevate employees from risk awareness to becoming “risk owners,” in 2024–2025 the Company implemented key projects as follows:

1) Capability development under the COSO ERM framework
In 2025, The 'COSO Enterprise Risk Management (COSO ERM)' video-based training course on the digital learning platform achieved an outstanding 99% completion rate among management-level employees both domestically and internationally.

2) Building risk culture
The Company produced an AI Animation video titled Risk Culture EP3 (ESG Adventure - Risk Hunters) to help employees understand ESG and climate change risks under the Enterprise Risk Management (ERM) framework in an easy-to-understand format, with a training participation rate of 96%.

In addition, the Company’s overseas operations organized communication activities on ESG Risk for operational-level employees.

The Company has expanded channels for employees at all levels to conveniently access risk management policies and manuals through various channels:

  • TOA Intranet, HR Cloud, posters, and continuous internal communications
  • Annual risk management training, risk assessment completion, and publication of the E-book Risk Management Handbook, which covers risk management approaches across all dimensions, including ESG Risk Management

The Company focuses on making risk management part of everyday work in every function to build understanding and risk awareness at all levels, ensuring operations align with the Company’s strategic goals. This supports effective decision-making and reduces the impact of potential risks.

These actions reflect the Company’s commitment to embedding risk culture as a core foundation of the organization and moving toward becoming an internationally sustainable organization.

5. Emerging Risk Monitoring

The Management Risk Committee collectively reviewed the Emerging Risk Management guidelines, an end-to-end process including risk identification, assessment, analysis, and formulating clear mitigation strategies. The objective is to reduce both the likelihood and severity of potential impacts while reinforcing confidence among all stakeholders. Over the past year, the Company has identified the following key emerging risks:

1. Physical and Climate Change Risks

The increasing severity of physical risks driven by natural disasters, including flooding and fire hazards—poses a direct threat to the safety of our workforce, manufacturing bases, warehousing operations, and logistics networks, which may ultimately disrupt the entire value chain.

Key Risk Indicator
  • Percentage of business units with established and reviewed business continuity plan
  • BCP drill progress rate
  • Number of near-miss incidents
  • Disaster events impacting operations
Risk Management Strategies

1. Excellence in Business Continuity Management (BCM/BCP) Develop business continuity plans in accordance with ISO 22301 to respond to force majeure events at all levels.

2. Early warning systems Monitor meteorological indicators and water levels in advance to prepare proactive preventive measures.

3. Infrastructure readiness Maintain infrastructure, backup power systems, and data to ensure 100% availability.

2. Climate Change Transition Risks

Transition risk includes changes in government policies related to net zero targets, carbon tax measures, and disclosure requirements under IFRS S2, which may increase operating costs while also creating opportunities to capture the low-carbon market.

Key Risk Indicator
  • Progress toward corporate greenhouse gas (GHG) emissions reduction targets
  • Compliance status with environmental and ESG laws, policies, and standards
  • Proportion of projects and products aligned with low-carbon and net zero strategies
  • Readiness and understanding of climate-related disclosure standards
Risk Management Strategies

1. Expand low-carbon products: Increase the proportion of products with low carbon emissions to support the low-carbon economy.

2. Monitor compliance with climate-related regulations: Closely monitor and assess the impact of new domestic and international requirements.

3. Readiness development: Build awareness and prepare for climate-related disclosures in accordance with international standards (IFRS S1/S2).

3. Technology and Megatrend Adaptation Risks

Rapid technological change (Digital Disruption) and consumer behavior shifting toward a circular economy may make existing business models or products obsolete if the organization cannot adjust its business portfolio in a timely manner.

Key Risk Indicator
  • Number of new products aligned with innovation, technology, and market demand
  • Revenue contribution from the product mentioned above.
  • Compliance status with environmental and sustainability standards for products and production processes
Risk Management Strategies

1. Strategic integration: Integrate megatrends into the corporate vision to define innovation direction.

2. Innovation and research and development (R&D): Invest in automated factory systems and research environmentally friendly products, such as low- or zero-VOC products.

3. Partnerships: Build technology partnerships to accelerate delivery of new solutions to the market.

6. Future Directions for Sustainable Risk Management

The Company is committed to enhancing risk management by presenting future approaches that can respond to current and future business changes and challenges, achieve sustainability goals, and build organizational stability. The approaches are as follows:

1. Development of Innovation and Technology
  • Investing in advanced technologies, such as automation, to improve work processes, reduce complexity, and reduce risks in key processes such as production, warehouse management, and data management.
  • Continuously supporting research and development (R&D) to create new products that meet market needs and reduce impacts from competitive risks, while offering innovations that reduce natural resource use and are environmentally friendly.
2. Strengthening Cooperation with Suppliers and Partners
  • Building strong relationships in the supply chain by emphasizing relationship development and collaboration with suppliers to foster shared understanding of supply chain risk management and reduce risks arising from external factors, such as raw material shortages or price volatility.
  • Promoting ESG with suppliers by supporting training and communication on the importance of compliance with the business code of conduct and laws.

7. Crisis Management and Business Continuity Plan (BCP)

The Company focuses on building business resilience through the development and close monitoring of Business Continuity Plans (BCP). The goal is sustainability, building confidence among all stakeholders, and turning challenges into growth opportunities amid uncertainty from external factors such as geopolitics and energy cost volatility. The Company has enhanced its Business Continuity Planning by referencing ISO standards and working with expert consultants, with the following actions:

  • Building knowledge and understanding among the working group in preparing business continuity plans
  • Conducting Business Impact Analysis (BIA) to identify critical processes and key resources, and to define recovery strategies and appropriate Recovery Time
  • Preparing Business Continuity Plans (BCP) based on scenario-based planning to respond to severe and unexpected events
  • Conducting scenario-based drills, tabletop exercises, and call tree readiness tests at factories and overseas business units to reduce the impact of business disruptions
Empowering Risk Management Project

The Company implements the Empowering Risk Management project to strengthen participation and risk ownership across all functions in Thailand and overseas through forums for exchanging risk perspectives and regularly presenting risk management plans to the Management Risk Committee every quarter. The goal is to make risk management a shared responsibility across the organization and support decision-making and sustainable long-term growth, including risk monitoring, indicators, and continuous development.