EGCO Group has reviewed and edited the risk management policy and guidelines to cover all risk issues in parallel with enterprise-wide risk management, while maintaining the balance between risk and return to increase added values for shareholders sustainably.

The risk management policy applies to all subsidiary companies. EGCO Group encourages its partners, suppliers, and all related parties to acknowledge the risk management policy and operate in a similar direction.

EGCO Group has applied the 2017 COSO Enterprise Risk Management - Integrated Framework (2017 COSO ERM) for risk management throughout its organization and has developed a “Risk Management Manual” in line with the 2017 COSO ERM. Key risk indicators are determined which are both leading indicators and lagging indicators. All employees and power plants are encouraged to apply 2017 COSO ERM and the manual as appropriate to their operations. To ensure the efficiency of risk indicators, EGCO Group has conducted sensitivity analysis and stress testing for risk issues significantly affecting the business including financial risks, climate change risks, changes in water availability and water quality risks, as well as other risks e.g. operational risks, market risks, strategic business risks, project management risks, tax management risks, human capital risks, compliance risks, supply chain management risks, IT security and cyber security risk, and personal data protection risks.

Risk Management Strategy

Risk Management Process

Risk management is a continuous process within the organization and is integrated into the Company’s business activities to ensure activities are aligning with strategies, accomplish missions and objectives. EGCO Group’s enterprise risk management process consists of 8 interconnected components from business management processes and methodologies as follows:

  1. Internal Environment: Management shall establish a risk management philosophy and determine the level of risk acceptable to the organization. The organization’s environment is fundamental to how employees view and manage risks and internal controls. At the center of any type of business is people which consists of each individual’s unique qualities, ethical values, and skills, as well as the working environment.
  2. Objective Setting: Management shall establish objectives before identifying events that may occur affecting such objectives. Enterprise risk management ensures that the management has set a process for determining objectives and the objectives identified by management will support and align with the organization’s mission and acceptable risk level.
  3. Event Identification: The process to identify risk events which may occur and impact the organization. Identified risks arising from internal or external sources are risk events which affects the organization’s ability to meet targets. Event identification also includes distinguishing between events that are risks, opportunities, or both. In the case of opportunities, management will integrate such opportunities into the process for establishing strategies or objectives.

    In 2023, EGGCO Group has a plan to incorporate ESG Material Topics into EGCO’s risk management manual.

  4. Risk Assessment: Various risks that have been identified are prioritized and analyzed to determine a criteria for managing such risks including risk appetite and risk tolerance. Identified risks are related to set objectives which may cause impacts. Therefore, the risk shall be assessed for both inherent risk and residual risk by likelihood and magnitude of the potential impact.

    Corporate Risk Heat Map

    For comply with COSO ERM criteria and corporate assessment criteria KPIs for comprehensive assessment in every scale of corporate risk.

  5. Risk Response: Employees and personnel will identify and assess the potential responses to risks, which includes risk avoidance, risk reduction, risk sharing, and risk acceptance. The Company’s management will select the measures to mitigate risks as appropriate and aligning with the organization’s acceptable risk level.
  6. Control Activities: The process of establishing policies and procedures to ensure that risk mitigation measures selected by the Company’s management are implemented effectively.
  7. Information and Communication: Relevant information shall be identified, stored, and communicate in a format and timeframe that allows employees to utilize for their duties and responsibilities. Information is vital for all levels in the organization to identify, assess, and respond to risks. Communication shall be effective and be widely perceived at all levels including from top-down levels, between departments, and from bottom-up levels. All employees shall be clearly communicated on their roles and responsibilities.
  8. Monitoring and Audit: The enterprise risk management process shall be monitored and adjusted as appropriate. This shall ensure that the Company can respond to every situation and can be adjusted in a changing environment. Monitoring activities can be done through continuous business management or through evaluating risk management separately or a combination of both methods. EGCO Group continues to monitor and review its corporate risk exposure on a monthly basis and power plant risk exposure at least on a quarterly basis. EGCO Group conducts internal and external audit of the risk management process and key risks on a regular basis.

The Company has determined 5 types of risks as follows:

  1. Strategic Risk
    Risks arising from strategic planning, action plan, improper implementation and inconsistency with strategies and vision which affects the achievement of the organization’s main objectives.
  2. Operational Risk
    Risks related to the efficiency and effectiveness of resource utilization or operations which may be related to internal operation processes, personnel, work systems, or external events which affects the organization’s operations and drive to achieve strategic objectives.
  3. Financial Risk
    Risks related to the management of the organization’s budget which may cause an impact to the financial position of the Company, its credibility, transparency, and the misuse of budget funds.
  4. Compliance Risk
    Risks related to laws and regulations, as well as the ambiguity and out dated regulations which affects the Company’s credibility and reputation.
  5. Organization Structure Risk
    Risks related to the organizational structure, such as the loss of employees, inability to develop human capital, inability to develop IT working systems, and lack of organization’s plan for sustainable development and social and environmental responsibility which may reduce the effectiveness of work and reduce business continuity. In addition, it may cause loss of knowledge used in organizational development.

Corporate Key Risk

Corporate Key Risk Description Risk Mitigating Actions Risk Audit (Internal & External) Prioritization of Risk Inherent Level (Likelihood x Magnitude) Risk Appetite & Tolerance
Plant Performance Risks: Power Plant Efficiency Risk PPAs stipulate various power plants’ efficiency indicators such as Heat Rate and failure to meet their performance requirements. Unmaintainable efficiency indicators will result in a higher cost of power generation than those specified within the contract. The cause of such risks can be maintenance malpractice in power plants.

EGCO Group sets the plant management policy and systems so that preventive maintenance is carried out continuously in a professional manner. Working procedures implemented by plant management also confirm that all relevant risks are under control. These procedures are as follows:

  • Regular inspections and maintenance according to the schedule by skilled technicians.
  • Installation of monitoring systems for critical equipment in power generation systems. These monitors will provide advance notification if a problem occurs with the equipment such as the vibration monitoring system of the gas and steam turbine and the monitoring system for pressure and temperature of the steam entering the steam turbine.
  • Provision of necessary inventory reserves which include machinery spare parts, chemicals, lubricants, and various supplies used in maintenance. These items should be sufficient for use and maintenance under proper inventory management.
  • Implementation of the Quality Management System (ISO 9001:2015) in 12 power plants to ensure their quality operation as well as to comply with PPAs such as Khanom, GPG, GYG, SPP Two, SPP Three, SPP Four, SPP Five, GPS, Solarco, SEG, PAJU, and SBPL.
  • Continuous development of employee competency
External Audit: ISO 9001:2015 Medium - High Zero plant shutdown
Plant Performance Risks: Safety, Health, Environmental, and Social Risks that Must Comply with International Standards In conducting its business, EGCO Group may experience accidents that occur from human error or low machine efficiency. Possibly, community resistance may occur when the production negatively affects the community. Furthermore, there is a sabotage risk which will cause severe loss to power plants.

Management has put forth the following measures to investigate and reduce the likelihood of these risks listed here:

  • Conform to the requirements of safety, health, and environment management manuals in which the guidelines have specified for implementation, monitoring, and auditing.
  • Strictly comply with work manuals and emergency plans, administer training and plan testing, equipment and warning systems.
  • Implement an Environment Management System (ISO14001:2015) in the following 10 power plants: Khanom, GPG, BLCP, KLU, BPU, GYG, TWF, NTPC, SEG, and PAJU, for the objective of continuously and sustainably improving the environmental management system
  • Implemented Occupational Health and Safety Assessment Series (ISO45001:2018) in 5 power plants, specifically Khanom, BLCP, NED, Nam Theun 2, and SEG. The objective is to reduce and control health and safety risks in the employees, associated with the employees and the stakeholders, to improve business operations efficiency, maintain safety, and increase a corporate reputation of responsibility toward employees and society.
  • Communicate with personnel to avoid carelessness.
  • Regularly maintain all equipment.
  • Strengthen relationships with the surrounding communities.
  • Collaborate with government agencies as well as local authorities.
  • Deploy a security plan that includes regular drills and security equipment such as closed circuit TV and various monitoring devices that should always be in use.
  • Prepare yearly fire drills and fire evacuations to respond to an emergency in the Company’s power plants and its head office building.
  • Arrange and practice business continuity planning (BCP) for crisis management
External Audit: ISO 45001:2018, ISO 14001:2015 Medium - High
  • GHG emissions emitted per EIA requirement
  • Zero incident rate