Risk Management Strategy
EGCO Group has reviewed and edited the risk management policy and guidelines to cover all risk issues in parallel with enterprise-wide risk management, while maintaining the balance between risk and return to increase added values for shareholders sustainably.
The risk management policy applies to all subsidiary companies. EGCO Group encourages its partners, suppliers, and all related parties to acknowledge the risk management policy and operate in a similar direction.

EGCO Group has applied the 2017 COSO Enterprise Risk Management - Integrated Framework (2017 COSO ERM) for risk management throughout its organization and has developed a “Risk Management Manual” in line with the 2017 COSO ERM. Key risk indicators are determined which are both leading indicators and lagging indicators. All employees and power plants are encouraged to apply 2017 COSO ERM and the manual as appropriate to their operations. To ensure the efficiency of risk indicators, EGCO Group has conducted sensitivity analysis and stress testing for risk issues significantly affecting the business including financial risks, climate change risks, changes in water availability and water quality risks, as well as other risks e.g. operational risks, market risks, strategic business risks, project management risks, tax management risks, human capital risks, compliance risks, supply chain management risks, IT security and cyber security risk, and personal data protection risks.
Risk Management Strategy
Risk Management Process
Risk management is a continuous process within the organization and is integrated into the Company’s business activities to ensure activities are aligning with strategies, accomplish missions and objectives. EGCO Group’s enterprise risk management process consists of 8 interconnected components from business management processes and methodologies as follows:
- Internal Environment: Management shall establish a risk management philosophy and determine the level of risk acceptable to the organization. The organization’s environment is fundamental to how employees view and manage risks and internal controls. At the center of any type of business is people which consists of each individual’s unique qualities, ethical values, and skills, as well as the working environment.
- Objective Setting: Management shall establish objectives before identifying events that may occur affecting such objectives. Enterprise risk management ensures that the management has set a process for determining objectives and the objectives identified by management will support and align with the organization’s mission and acceptable risk level.
-
Event Identification: The process to identify risk events which may occur and impact the organization. Identified risks arising from internal or external sources are risk events which affects the organization’s ability to meet targets. Event identification also includes distinguishing between events that are risks, opportunities, or both. In the case of opportunities, management will integrate such opportunities into the process for establishing strategies or objectives.
In 2023, EGGCO Group has a plan to incorporate ESG Material Topics into EGCO’s risk management manual.
-
Risk Assessment: Various risks that have been identified are prioritized and analyzed to determine a criteria for managing such risks including risk appetite and risk tolerance. Identified risks are related to set objectives which may cause impacts. Therefore, the risk shall be assessed for both inherent risk and residual risk by likelihood and magnitude of the potential impact.
Corporate Risk Heat Map
For comply with COSO ERM criteria and corporate assessment criteria KPIs for comprehensive assessment in every scale of corporate risk.
- Risk Response: Employees and personnel will identify and assess the potential responses to risks, which includes risk avoidance, risk reduction, risk sharing, and risk acceptance. The Company’s management will select the measures to mitigate risks as appropriate and aligning with the organization’s acceptable risk level.
- Control Activities: The process of establishing policies and procedures to ensure that risk mitigation measures selected by the Company’s management are implemented effectively.
- Information and Communication: Relevant information shall be identified, stored, and communicate in a format and timeframe that allows employees to utilize for their duties and responsibilities. Information is vital for all levels in the organization to identify, assess, and respond to risks. Communication shall be effective and be widely perceived at all levels including from top-down levels, between departments, and from bottom-up levels. All employees shall be clearly communicated on their roles and responsibilities.
- Monitoring and Audit: The enterprise risk management process shall be monitored and adjusted as appropriate. This shall ensure that the Company can respond to every situation and can be adjusted in a changing environment. Monitoring activities can be done through continuous business management or through evaluating risk management separately or a combination of both methods. EGCO Group continues to monitor and review its corporate risk exposure on a monthly basis and power plant risk exposure at least on a quarterly basis. EGCO Group conducts internal and external audit of the risk management process and key risks on a regular basis.

The Company has determined 5 types of risks as follows:
- Strategic Risk
Risks arising from strategic planning, action plan, improper implementation and inconsistency with strategies and vision which affects the achievement of the organization’s main objectives. - Operational Risk
Risks related to the efficiency and effectiveness of resource utilization or operations which may be related to internal operation processes, personnel, work systems, or external events which affects the organization’s operations and drive to achieve strategic objectives. - Financial Risk
Risks related to the management of the organization’s budget which may cause an impact to the financial position of the Company, its credibility, transparency, and the misuse of budget funds. - Compliance Risk
Risks related to laws and regulations, as well as the ambiguity and out dated regulations which affects the Company’s credibility and reputation. - Organization Structure Risk
Risks related to the organizational structure, such as the loss of employees, inability to develop human capital, inability to develop IT working systems, and lack of organization’s plan for sustainable development and social and environmental responsibility which may reduce the effectiveness of work and reduce business continuity. In addition, it may cause loss of knowledge used in organizational development.
Corporate Key Risk
Corporate Key Risk | Description | Risk Mitigating Actions | Risk Audit (Internal & External) | Prioritization of Risk Inherent Level (Likelihood x Magnitude) | Risk Appetite & Tolerance |
---|---|---|---|---|---|
Plant Performance Risks: Power Plant Efficiency Risk | PPAs stipulate various power plants’ efficiency indicators such as Heat Rate and failure to meet their performance requirements. Unmaintainable efficiency indicators will result in a higher cost of power generation than those specified within the contract. The cause of such risks can be maintenance malpractice in power plants. |
EGCO Group sets the plant management policy and systems so that preventive maintenance is carried out continuously in a professional manner. Working procedures implemented by plant management also confirm that all relevant risks are under control. These procedures are as follows:
|
External Audit: ISO 9001:2015 | Medium - High | Zero plant shutdown |
Plant Performance Risks: Safety, Health, Environmental, and Social Risks that Must Comply with International Standards | In conducting its business, EGCO Group may experience accidents that occur from human error or low machine efficiency. Possibly, community resistance may occur when the production negatively affects the community. Furthermore, there is a sabotage risk which will cause severe loss to power plants. |
Management has put forth the following measures to investigate and reduce the likelihood of these risks listed here:
|
External Audit: ISO 45001:2018, ISO 14001:2015 | Medium - High |
|