3. Control Activities IRPC has put in place effective control activities with a view to establishing sound internal control to minimize risks that threaten the company’s ability to achieve its objectives. Such control activities include creation of rules, policies, regulations, handbooks, and procedures in written form, defining managers’ scope of authority and duties and employees’ job descriptions at each level, along with the determination of authority to approve business transactions. Regular operational reviews are conducted to ensure compliance with rules, policies, regulations, and operational handbooks. In addition, the company has formulated policies and guidelines regarding managers and employees’ roles and responsibilities, and transactions with actual or potential conflicts of interest to ensure transparency, accountability, and fairness. This is to ascertain that transactions are approved in the best interests of the company, etc. IRPC has implemented Continuous Control Monitoring System (CCMS) for purchase/procurement and payments as well as sales and receipt of payments as a tool to effectively monitor business operations and detect irregularities, in line with good practices for segregation of duties concept. IRPC has developed the Control Self-Assessment (CSA) form to cover its key operations, such as the enterprisewide internal control self-assessment form and process specific internal control self-assessment form. These self-assessment forms help executives develop a comprehensive and broad-based approach to control activities to minimize risks in various operational processes. In 2023, the company launched the Robotic Process Automation (RPA) for use as a tool for processing the self-assessment of internal controls. IRPC has established Project Governance guidelines to improve efficiency and effectiveness of project management by requiring relevant committees and business units to thoroughly review information on investment projects at all stages of implementation concerning risk assessment and risk management approaches. The company is also developing IRPC Group Way of Conduct to provide supervisory oversight for companies within IRPC Group. IRPC has determined information system security control process in accordance with the ISO 27001 Information Security Management to provide assurance of the company’s efficient and effective IT security management. IRPC has developed Personal Data Protection Policy, appointed a working group and data protection officer as well as upgraded its IT system to enhance its personal data control process. The company also communicates with relevant members of the staff about the Personal Data Protection Act (PDPA) to keep them up-to-date on a regular basis. 4. Information & Communication IRPC values quality information and communication which are key components supporting effective internal control. An E-Compliance system has been developed to collect information with regard to laws, rules, regulations, and relevant requirements as well as compliance assessment system. The E-Compliance system is undergoing further development to improve the efficiency of the assessment system. A soft launch is expected in 2024. Progress in the project implementation will be communicated to the company’s Board of Directors, executives, employees, 270 Internal Control and Connected Transactions IRPC Public Company Limited
RkJQdWJsaXNoZXIy ODg4NTI=