• If the complaint is about corruption, the Internal Audit Office is responsible for handling of such complaint and to take further actions, along with gathering of evidence of alleged wrongdoing or violation of the company’s code of conduct. A report on such complaint will be submitted directly to the Audit Committee and the Board of Directors, which will be updated on a regular basis. The Internal Audit Office will determine whether such complaint has merit or whether an investigation committee should be appointed to look into the case. If it is found that a wrongdoing has been committed, disciplinary actions will be taken against the offender according to the company’s regulations. Under the established procedures, the whistleblower and witness will be accorded protection. In 2023, the Internal Audit Office and the complaint screening committee received various types of complaints through channels as follows: Period Complaint channel Type Preliminary investigation Case status E-mail & Postal PO Box 35 Website Supervisor -Performance -Behavior -Suggestion Corruption Preliminary investigation completed Preliminary investigation ongoing Resolved In progress Quarter 1 - 4 - 1 5 - 5 - 5 - Quarter 2 - - - 6 6 - 6 - 6 - Quarter 3 1 4 - 2 7 - 7 - 7 - Quarter 4 - - 1 1 1 1 2 - 1 1 Total 1 8 1 10 19 1 20 - 19 1 6) Digital Execution Digital transformation is considered one of the key success factors enabling the company to forge ahead with new businesses with optimal efficiency. IRPC’s Digital Framework focuses on 2 key areas: (1) Cyber Security with emphasis on strengthening defense against cyberattacks to ensure that the company’s operations are secure. This can be achieved by implementing the ISO 27001 conceptual framework and information security standard together with NIST Cyber Security Framework. (2) Data Analytic with the aim to develop and increase the efficiency of analytics and decision-making of employees at all levels to enhance the company’s income generation. Mindful of the need to secure the company’s digital and IT systems, IRPC has established proactive measures and carried out digital risk management as follows: • Implemented data and IT security in accordance with the ISO 27001 Information Security Management System. • Conducted an annual exercise to ensure preparedness under the Disaster Recovery Plan in the event of a system failure caused by external cyberattacks or natural disasters. • Established a Security Operation Center (SOC) that is efficient and constantly improving. • Conducted Phishing tests among the company’s employees on a regular basis and implemented campaign to promote awareness of negative impacts from cyberattacks. 265 Report on Key Corporate Governance Activities 56-1 ONE REPORT 2023
RkJQdWJsaXNoZXIy ODg4NTI=