Risk and Crisis Management

Risk Management Structure

     The Board of Directors has taken the initiative to create a Risk Management Working Group to develop and supervise the implementation of comprehensive risk management policies and procedures across the organization. This effort aims to effectively reduce the impact of risks on the company's business, involving detailed analysis, review, and implementation of critical risk management practices. Ms. Pondkarn Rattanakamolporn, Chief Operating Officer, chairs the Risk Management Working Group, which is composed of representatives from various departments, especially those directly involved in risk management, as presented in the organizational chart that follows.

     In order to guarantee the operational efficiency and effectiveness of risk management practices, the company commissions external audits of its internal control and risk management systems. Mr. Kamtorn Chimpalee, the Internal Audit Department Manager, acts as the primary contact."

Risk Assessment

     Acknowledging the critical role of risk management in maintaining robust corporate governance, the company has implemented the COSO risk management framework to manage risks across all organizational levels and activities. This strategic approach ensures the company's ability to achieve its objectives and targets with both efficiency and effectiveness.

Risk Assessment Process

Risk Assessment and Prioritizing

     The Risk Management Working Group, comprised of the Risk Management Committee Chair and team members from various departments, including Risk Owners, collaboratively conducts risk assessments and prioritizes risks based on two key elements: the likelihood of occurrence and the impact of the risk, as depicted in the following diagram.

Risk Appetite and Risk Tolerance

     To effectively manage risks, the company has undertaken a process of compiling, classifying, and defining acceptable risks based on severity levels as outlined in the Risk Matrix. Risks assessed as high or very high, or those scoring 8 or more, are deemed to be outside the company's risk tolerance and require a specialized risk management strategy, including the implementation of supplementary measures to mitigate these risks to an acceptable level.

Key Risk Indicators (KRIs)

     To ensure proactive risk management, the company establishes criteria to define risk indicators for each risk issue, allowing for risk monitoring and early warning. This empowers the risk management department to predict future risks and formulate preventive actions before incidents arise. Departments associated with each risk are required to report indicator monitoring results regularly. In the event of data abnormalities, immediate remediation steps must be taken.

Performance Reporting and Risk Management Report Preparation

     The primary unit responsible for risk management is tasked with reporting risk management performance to the Risk Management Working Group at least every six months and preparing an annual risk management report to present operational results to the Audit Committee and the Board of Directors.

Risks to the Company's Business Operations

     Operational and financial performance of the company may be significantly impacted by certain risks. The company has established a framework for risk prevention and mitigation, which is summarized as follows.
  • Risks from Technological Change

Due to the continuous development and changes in technology affecting the business of selling and servicing document management systems, the leasing, selling, and servicing of photocopiers, printers, and other technology products, and the technology service and engineering contracting business for government agency projects of the company and its subsidiaries, in terms of efficiency, price, and suitability for each type of application, which will affect competitiveness and industry competition, especially in the business of selling and servicing document management systems, there is a growing trend for offices and organizations to reduce paper usage (Paperless Office) and shift to digital document management systems due to long-term cost savings in document storage, as well as environmental conservation, which will benefit the organization's image. The aforementioned reduction in paper usage will impact revenue from the leasing and sales of photocopiers and printers, including spare parts, ink, and paper, which will affect the company's operating results in the business of leasing, selling, and servicing photocopiers and printers.
Therefore, the company focuses on expanding the business of selling and servicing document management systems to cover comprehensive document management systems and digital document scanning and storage services to accommodate technological changes and consumer behavior. Currently, it is one of the company's main businesses. The company and its subsidiaries must study and monitor changing technology information and procure new products to maintain continuous competitiveness. The company and its subsidiaries provide training to the company's and subsidiaries' personnel to have knowledge and understanding of the changing technology from various media on a regular basis. Furthermore, the company and its subsidiaries also receive information and knowledge about technology and new products from product distributors and brand owners that the company and its subsidiaries are appointed as distributors.


  • Risk of Losing Key Brand Distributorship Agreements

As authorized distributors for a range of brands encompassing document management system software, photocopiers, printers, key components, and technology engineering contracting for government projects, like digital planetariums, the company and its subsidiaries rely on the quality of these products to maintain customer trust. Consequently, the loss of these brands due to factors such as non-renewal of distributorships, partner company mergers, or altered distributorship policies could adversely affect the company's and subsidiaries' sales performance.

However, the company has a Business Development and Marketing Department to study and research potential new technologies and products that can meet the changing needs of customer groups, such as document management systems suitable for each customer group, and to contact product owners to obtain distribution rights. Due to the rapid changes in technology and products, the company and its subsidiaries reduce their dependence on any single brand distributorship. Nevertheless, since 2017, the company and its subsidiaries have not lost any brand distributorship that significantly affected their revenue.


  • Risk of Brand Owners Implementing Direct Marketing Strategies

If the brand owners of document management systems, photocopiers, and printers elect to pursue direct marketing to the company's customer segment, circumventing the company, the company may be exposed to the risk of losing its distributorship rights and will likely face competition from the brand owners' direct marketing operations.

Conversely, the company perceives this risk as having a low probability, due to its prolonged engagement in the sales and service of document management systems, photocopiers, and printers, enabling it to effectively cater to customer demands. The company also possesses an efficient service management infrastructure and a substantial track record of sales and service projects for both government and private clients, which reduces the risk of sales decline if a brand owner decides to market directly to the company's and subsidiaries' customer base. Furthermore, the company is relied upon by brand owners to represent them in proposals for various government and private sector projects.


  • Risk of Reliance on Outsourcing

Due to the project-oriented nature of services provided by the company and its subsidiaries, such as document management systems and technology engineering contracts for government projects, outsourcing is required for certain specialized or understaffed areas, including construction, structural work, and custom software coding. In 2023, one contractor accounted for 10.70% of total outsourced work, surpassing the 10% benchmark, and in 2022, this figure was 18.41%. This concentration of reliance introduces risks related to contractor non-performance, potentially leading to project delays and client-imposed penalties. However, the company manages these risks by assigning company engineers to supervise and monitor contractor progress at all stages, facilitating timely problem identification and resolution. Contracts also include penalty clauses for delayed or substandard work to mitigate potential client penalties or damages caused by contractor errors. The company also maintains a pre-qualified contractor list with annual performance reviews.

  • Risk of Revenue and Gross Profit Margin Volatility in System Management Service Projects
     In providing Business Process Outsourcing (BPO) services, the company conducts thorough evaluations of clients' operational and documentation flows, subsequently configuring or customizing document management or enterprise information systems to meet clients' unique requirements. The designed system's compatibility with clients' processes is paramount, introducing the risk that revenue tied to task completion may vary from projections, potentially leading to gross profit losses. This can stem from design flaws hindering process alignment, system configuration inefficiencies, or lower-than-expected task volumes, particularly during project initiation requiring process and system refinements.      Nevertheless, the company employs problem analysis and process/system enhancements to improve efficiency and reduce gross loss risks. In 2023, BPO services generated a gross profit of 125.70 million baht (38.08% gross profit margin), and in 2022, 96.20 million baht (24.46% margin). Additionally, BPO contracts are typically multi-year, minimizing revenue fluctuations from contract terminations. The company also actively explores service expansion opportunities across public and private sectors, further mitigating revenue unpredictability.  
  • Risks Due to Foreign Currency Exchange Rate Variability
     As the company and its subsidiaries perform direct procurement and importation of certain goods and equipment from overseas suppliers, such as document management systems, ink, spare parts, drive-thru equipment, or digital planetariums for celestial projects, with quotations and payments typically in U.S. dollars, the value of foreign currency purchases in 2023 and 2022 comprised approximately 1.71% and 12.58% of total procurement expenditures, respectively. With nearly all of the company's and subsidiaries' revenue being in Thai baht, they may be impacted by foreign exchange rate volatility, which can influence the company's and subsidiaries' cost of goods and gross profit.      In any case, the company and its subsidiaries have recognized these impacts and have arranged for foreign exchange forward contracts with financial institutions to protect against these risks. The credit lines available are sufficient to cover outstanding foreign trade liabilities at any moment.  As of December 31, 2023, the company had foreign exchange forward contracts with a value of 67.34 million baht to hedge against potential risks from foreign exchange rate volatility, effectively reducing the impact on the company and its subsidiaries. The effectiveness of this risk management is reflected in the past three years' financial results. In 2023, there was no profit or loss from hedging net position items. In 2022, a profit of 4.40 million baht was realized, and in 2021, a loss of 0.47 million baht was experienced.
  • Risk of Project Delivery Delays Beyond Contractual Deadlines

     Business operations of the company and its subsidiaries, particularly technology engineering services for government projects, are conducted on a project basis, involving fixed completion timelines and contractual penalties for delays. Such delays, attributable to factors like supplier material delivery delays or contractor performance issues, expose the company and its subsidiaries to risks of penalty payments and revenue recognition below projections.

     Conversely, the company and its subsidiaries mitigate the risk of contractually stipulated delivery delays through close collaboration with equipment suppliers and by consistently monitoring contractor progress, with subsidiary engineers supervising all phases to ensure timely identification and resolution of potential issues. Close coordination with project clients is also maintained. Furthermore, contracts with subcontractors include penalty clauses for late delivery, compensating for potential penalties levied on the company and its subsidiaries due to subcontractor delays.

  1. Risk of Personal Data Breach
     Following the enforcement of the Personal Data Protection Act, personal data breaches pose a significant risk that could result in competitive disadvantages, commercial losses, and erosion of trust from investors, partners, and contractual parties. This may also lead to reputational and business image damage, potentially causing severe impacts on the company.      To address this, the company has established a Privacy Policy and a Privacy Notice, communicated to all staff. A comprehensive and up-to-date Record of Processing Activities (ROPA) is maintained, and a Data Protection Officer is appointed to oversee personal data management. Regular training and knowledge assessments on updated data protection laws are conducted for executives and employees to prevent unauthorized external disclosure of personal data. 
  • Risk of Non-Compliance with Corporate Governance Principles

     This risk arises from non-compliance with the company's established corporate governance principles, such as executives or employees failing to adhere to relevant laws, company regulations, or other regulatory requirements. Examples include executives or employees intentionally or negligently violating company policies, causing damage, or disclosing confidential information, potentially harming the company and external parties. Executives or employees may also intentionally or negligently fail to comply with laws or regulations related to the company's business operations and securities regulations, damaging the company's reputation. Insufficient internal legal communication may also hinder employee awareness.

 

To ensure ethical conduct, the company has promulgated a Code of Ethics/Conduct, which all employees are mandated to follow. The company reinforces awareness through annual acknowledgment and signature. Moreover, a confidential channel is available for stakeholders/employees to report instances of fraud or misconduct, with the Internal Audit Department assessing compliance using the COSO internal control framework.

 

  • Risks from Climate Change and Increasing Environmental Regulations

The effects of climate change are pervasive, influencing business practices in every sector and demanding attention from global organizations. Climate change may precipitate an increase in natural catastrophes such as storms, floods, or wildfires, potentially disrupting company operations, data storage, and service delivery. Thailand's commitment to achieving Carbon Neutrality by 2050 and Net Zero Emissions by 2065, as declared at UNFCCC: COP 26, is driving the formulation of a long-term strategy for low greenhouse gas emission development by the Office of Natural Resources and Environmental Policy and Planning (ONEP), which, upon implementation, could substantially affect business operations.

The company implements a crisis management plan that is subject to periodic reviews, along with regular drills to test its effectiveness.

     To maintain readiness across all four branch locations, the company conducts regular crisis management drills, including provisions for alternate work sites and data storage. Furthermore, an internal Work Flow System has been implemented to facilitate remote work for all employees, ensuring continuous operations during critical events. The company and its subsidiaries are also jointly preparing a Carbon Footprint for Organization report to assess environmental impact and develop effective mitigation measures.

  • Risks from Increased Cyber Threats (Widespread Cybercrime)

     As digital data and online transactions expand, the risk of cyber threats intensifies, encompassing personal data breaches, phishing, and unauthorized access. These threats can disrupt the company's business through operational interruptions from IT infrastructure damage, loss of critical data affecting customer trust and long-term business stability, and potential penalties under the Personal Data Protection Act for customer data leaks.

     To mitigate and prevent these risks, the company employs technology security management (Cyber Security) measures. This involves updating systems for spam filtering/prevention, utilizing expert analysis from product vendors, deploying Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) for intrusion detection and prevention, and planning the implementation of Data Loss Prevention (DLP) technology. Regular cybersecurity assessments and system testing are performed to proactively identify and rectify vulnerabilities, and employees are trained to recognize cyber threats and understand risks associated with IT system usage.

     Promoting an organizational risk culture is a process that requires participation from all internal stakeholders to enhance risk management effectiveness and prepare for any potential changes in a suitable and sustainable manner, based on the 'Way of life and Way of Think' concept.

Risk Management Plan Development Guide

  • Risk Management Plan Development Guide
    Download

Business Continuity Plan (BCP)

trang cá cược bóng đá uy tín