The Company continues to embed risk culture through all levels of the business. Starting from the Company’s leadership, the Board of Directors (BoD) promotes and enforces consistent and effective risk management, making it part of our organizational culture. The policy, framework, guidelines and structure of risk management demonstrate formal communication.
Employees are encouraged to have a positive attitude towards proper risk management from their first day with Thai Union. This is consistently reinforced throughout their time with the organization, such as through the new joiner program, risk management training, ongoing activities and internal news updates.
In addition, risk management is embedded in business planning, decision and execution. Examples of key areas include:
RISK MANAGEMENT FRAMEWORK
The Company’s risk management framework is in accordance with the international standards of COSO ERM and ISO 31000: Risk Management. It is a guideline for management and employees to operate consistently. The framework is designed to identify, assess, manage, monitor and communicate systematically and consistently in order to minimize the probability of risks occurring and limit their potential impact on company business.
Thai Union Group processes risk management with a two-way approach. A top-down risk assessment workshop is performed once a year by the Global Leadership Team to assess corporate risks, entities’ common risks and global emerging risks at the Group level. Following this, materiality risks are defined to group risk owners, who manage, monitor and report risk status to the RMC and the BoD every quarter. A bottom-up risk assessment then occurs in parallel at subsidiary level. Materiality risks are managed by subsidiary-level risk owners. However, if the risk level is high and could have Group level impact, or if Group-level intervention is required, the responsibility for mitigating actions is generally determined by Group-level executives. This promotes risk culture at all levels but also provides a channel to escalate business risks to the Group level.
Risk appetite is an important factor to consider when Thai Union Group sets strategies and determines the direction of risk management. It is set with regard to financial and reputation impact, together with risk likelihood. Risks are defined by four risk levels: High, Medium-High, Medium-Low, and Low. High and Medium-High are considered to exceed the risk appetite and require the immediate development of additional mitigation plans.
KEY RISK INDICATORS (KRIS)
For materiality risks, Key Risk Indicators, or KRIs, are set up and closely monitor movement. KRIs provide an early signal of increasing risk exposures in various areas of the enterprise, and can be lagging and leading indicators. For example, the Company uses the number of negative news stories related to labor practices as a KRI for one of the non-tariff trade barrier risks and uses the percentage of real-time goods received as a KRI for inventory management risk.
RISK MANAGEMENT ORGANIZATION
Risk management structure, roles and responsibilities are clearly established. The BoD has overall responsibility to ensure risk management is appropriately and effectively implemented. The RMC oversees risk management implementation, holds regular meetings and regularly reports the Company’s significant risks, mitigations and improvements to the BoD. The Group Risk Management Department coordinates and implements the risk management processes at Group level while providing advice and guidance about the risk management framework and process to subsidiaries. Risk coordinators at subsidiary level coordinate and implement risk management processes according to guidance. Management and employees are responsible for managing risks in their areas of responsibility.
In addition, the Audit Committee (AC) oversees and monitors risk management by means of independent reviews, in order to ensure that risk management is implemented according to the policy and effectively throughout the organization. For additional information on roles and responsibilities, see the Corporate Governance Report on pages 99 to 135.