Succession planning and leadership development program are consistently implemented along with systematic and standardized performance assessment. The company also closely monitors employee performance to ensure good work is rewarded and incentives help increase productivity and efficiency. IRPC has adopted the internationally accepted “Three Lines of Defense” model of enterprise risk management and sound internal control. Staff members and managers (First Line), internal control unit, compliance unit and other auxiliary units (Second Line), and the Office of Corporate Internal Audit (Third Line) are all required and encouraged to apply the model of risk management continuously and consistently, from risk identification, determination of risk control, monitoring and assessment activities. In this regard, the First Line of Defense plays the most crucial role in ensuring success and efficiency of internal control. 2. Risk Assessment The Board and the management attach foremost importance to risk management to inspire confidence that the company is capable of accomplishing its short- and long-term goals. The Board established the Risk Management Committee (RMC) and Risk Management and Internal Control Committee (RMCC), chaired by a Senior Executive Vice President, Strategy, Planning and Business Development, to provide oversight to ensure effective risk management and internal control as well as to implement enterprisewide risk management under the following management approaches: IRPC has applied ISO 31000 (2018) Risk Management and COSO Enterprise Risk Management (2017) frameworks along with its own risk management policy to develop guidelines to address potential obstacles that prevent the company from achieving its objectives. The company has developed the Risk Appetite Statement to provide framework for enterprisewide risk management, covering corporate risk management, functional risk management as well as project risk management, focusing on the corporate goals, evolving internal and external factors as well as likelihood of fraud and corruption. Such enterprise risk management approach also calls for risk assessments that need to be reviewed periodically and implementation of risk management plan review standards to be monitored. All work units are expected to take up the responsibility to ensure risks stay at an acceptable level. IRPC requires the submission of a quarterly summary report on enterprise risk management to the Risk Management and Internal Control Committee, and a monthly enterprise risk management report to the Risk Management Committee. For risk management at work unit level, a summary report is required at respective line/functional team meetings. For Star KPI-aligned & risks, a quarterly summary report on KPIs and risk management is required at the VP meeting. IRPC has adopted the Business Continuity Management System in accordance with ISO 22301 (2019) and received certification from the ISO, Foundation for Industrial Development, a member of network institutions of the Ministry of Industry. This is to enable the company to conduct contingency planning and respond effectively to emergency situations to ensure business continuity, mitigate impacts, and preserve the corporate public image and reputation. 269 Internal Control and Connected Transactions 56-1 ONE REPORT 2023
RkJQdWJsaXNoZXIy ODg4NTI=