Risk Governance

EGCO Group has designed risk management system and internal control to be appropriately independent from each other. Risk Oversight Committee is chaired by independent director, with directors and the president as committee members, and executive vice president of corporate strategy as the secretary of the committee.

The Risk Oversight Committee is responsible for evaluating, reviewing, validating, and commenting on corporate risk management policy and framework, determining acceptable risk level and acceptable deviations, overseeing risk identification, impact assessment and probability, and monitoring and evaluating the performance of risk management planning and overall process, giving advices and supporting the Board of Directors and Management with regard to risk management relating to EGCO Group’s business operation appropriately and efficiently, as well as reporting the results of risk assessment and mitigation measures to the Board of Directors on a regular basis.

In management level, Risk Management Committee, chaired by the president, comprises all executive vice presidents as the committee, and Risk Assessment Division manager as a secretary. Risk Management Committee is responsible for overseeing the implementation according to EGCO Group’s risk management policy and guidelines, promoting and supporting risk management throughout the organization as well as in operational level, and reporting risk management performance to Risk Oversight Committee and Board of Directors on a regular basis. In addition, if new risk that could significantly affect EGCO Group is identified, Risk Management Committee must report such risk to the Risk Oversight Committee and Board of Directors in a timely manner.

EGCO Group has implemented a comprehensive risk governance framework which aligns with the Three Lines of Defense (3LOD) model as follows:

First Line of Defense - Operational Management/Risk Owners:

  • In EGCO Group's context, the "Risk Owner" functions act as the first line. These are the agencies or individuals responsible for actively managing risks. They identify and evaluate risks, decide on appropriate risk management measures, implement these plans, and monitor their performance. The risk owners are directly involved in the operations and have the primary responsibility for controlling the risks associated with their activities.

Second Line of Defense - Risk Assessment Division:

  • EGCO's Risk Assessment Division acts as the second line of defense. This division supports the risk owners by helping in the identification and evaluation of risks, and in formulating measures to minimize risks. Additionally, the Risk Assessment Division serves as the secretary of the Risk Management Committee and assistant secretary of the Risk Oversight Committee, bridging the operational management with strategic oversight. The Risk Assessment Department is required to report risk management performance to the Audit Committee every 3 months.

Third Line of Defense - Internal Audit:

  • The Internal Audit function at EGCO Group represents the third line of defense. It evaluates the activities of both the operational level and the risk management practices independently. This includes assessing the effectiveness of the entire internal risk management system and reporting its findings directly to the Audit Committee. The independence of the Internal Audit is maintained through the Audit Committee’s role in overseeing the audit functions, which includes the approval of audit plans and the performance evaluation of the Internal Audit Manager.

Framework for Corporate Risk Management

Click to Enlarge