Risk Management

Management Approach^{(GRI 3-3d., GRI 3-3e., GRI 3-3f.)}

Risk Management

  Today’s business operations are more challenging, in terms of market competition, crises, and transitions. Risk management is, therefore, considered an important tool for OR’s business management to ensure that business operations can achieve set goals and respond to the needs of all stakeholder groups in a balanced manner, as well as prevent losses that may arise from uncertainty. Risk management also includes seeking opportunities to add business value to maintain the competitiveness of the organization in the future. OR has established a risk management structure supervised by the Enterprise Risk Management Committee. The Audit Committee reviews the risk management system and helps in driving risk management throughout the organization effectively.

OR’s Risk Management Structure

Risk Governance Framework

OR adopts the Three Lines Model as a governance framework to establish clear roles and responsibilities in risk management. This model comprises three distinct levels: OR has been utilizing the Three Lines Model as a framework for governance and defining roles, which includes: 1) First Line – Business units and process owners accountable for identifying, assessing, and managing risks within their respective areas to ensure effective operational execution, 2) Second Line – Functions responsible for establishing risk management frameworks, setting control standards, and overseeing compliance with regulatory and internal requirements to enhance governance and risk oversight, and 3) Third Line – The Internal audit department or unit which provides independent and objective assurance on the adequacy and effectiveness of risk management, internal controls, and governance processes.

Risk Management Policy

OR has announced its risk management policy, establishing a framework and processes that interconnect at every level within the organization. The policy adheres to the COSO Enterprise Risk Management – Integrated Framework 2017 criteria and is steered by the Risk Management and Internal Control team under the Strategy and Investment Management Division. The risk management is intricately linked to the strategic and business planning processes from the outset, ensuring alignment across the entire value chain. There is continuous monitoring of quarterly and annual risk management progress to report to the Enterprise Risk Management Committee and the Company’s Board of Directors. This facilitates regular review and control of organizational risks, maintaining them at levels acceptable to OR.

OR has reviewed its risk management policy to align with the direction and business strategy of the Company, aiming towards conducting business for a sustainable future through the lens of OR Sustainable Development Goals (SDG). This is to efficiently address the OR 2030 objectives.

Risk Management Process

For sustainable growth for all groups of stakeholders, OR reviews factors that can cause significant risks both externally and internally. OR has communicated the 2024 Risk Trends, including Global Risk, Thailand Risk, and Business Area Risk. This enables all departments, both business and support functions, to take risks into account and prepare risk management plans along with the preparation of strategic plans and business plans of the divisions to be consistent with the OR’s strategic direction, goals, and Corporate Risk Framework. Key risk issues from business and support functions are consolidated to prepare the 2024 Corporate Risk Profile. Additionally, the 2024 Corporate Risk Profile, approved by the Board of Directors, has been communicated to all departments to manage risks, ensuring consistency in risk management at the organizational level, functional, and operational level. Risk management results under Corporate Risk Profile are monitored, reviewed and reported quarterly to the Management Committee, Enterprise Risk Management Committee and Board of Directors. In this regard, the Risk Appetite level has been determined, and the Risk Tolerance level has been applied to determine the threshold level of the Key Risk Indicator, facilitating more effective measurement of risk management outcomes.

OR conducts a continuous review of its risk management processes annually, both internally and externally. The audit committee has examined the effectiveness and efficiency of the risk management process, including risk management policy, internal control, legal compliance, and regulations relevant to OR and its subsidiaries. Collaboration with the internal audit department or unit involves quarterly assessments and consultancy work, offering recommendations and suggestions regarding internal control and risk management in critical business processes for OR’s management and subsidiaries. Additionally, the results of the internal control assessment and feedback on the internal control system report are reviewed following the standards and guidelines set by the Ministry of Finance regarding the Internal Audit Standards and Ethics for Internal Auditing of Government organizations B.E. 2561 (2018). In 2024, the internal control assessment results were found to be adequate and consistently implemented, with identified risks accompanied by internal control improvements to prevent or mitigate these risks in 2025.

For external Risk Management Process Audits, OR undergoes Operational Risk assessments through third-party audits, which is an integral part for certification process for ISO 9001, ISO 14001, and ISO 45001, conducted regularly every year.

Enterprise Risk Issues

OR has conducted a business environment analysis based on various crises that occurred in 2024, considering both internal and external factors. The key risks in 2024 include the geopolitical, oil price situation, risk situation of the country where investment is made, government policies, exchange rate fluctuations, natural disasters, industry changes, competitors, technological advancements, cybersecurity, enforcement of new laws, and other relevant factors. The Company has identified these significant risk factors affecting current and future business operations, grouping them into 6 categories.

1. Strategic Risk
2. Operational and Business Risk
3. ESG Risk
4. Information Technology Risk
5. Financial Risk
6. Compliance Risk

OR has implemented comprehensive risk control measures and developed additional risk mitigation strategies to effectively reduce risks to an acceptable level. Furthermore, in 2024, the company conducted a review of its crisis response plan and carried out a business continuity management drill to enhance preparedness for oil spill incidents. A full-scale emergency response exercise was conducted on August 26, 2024, simulating a scenario involving a collision between vessels, damage to a port, and an oil spill impacting the environment, leading to community complaints. This exercise aimed to strengthen the company’s ability to respond efficiently to oil spill emergencies. The drill was carried out in collaboration with relevant government agencies and stakeholders, following the Incident Command System (ICS) framework for oil spill incidents, specifically in the case of an oil spill into a river (Bangchak Petroleum Terminal). Key focus areas included the readiness of emergency response measures, recovery plans for port repair, complaint management strategies, and engagement with affected communities to address concerns and mitigate opposition effectively.

Example of Identified Risks

Organizational Risk Factors		Prioritization (Likelihood and Magnitude	Process to Determine	Mitigating Actions	Monitoring and Audit
IT Risk	The cybersecurity risks and threats have been steadily increasing, causing widespread impacts. Examples of these include computer virus attacks, ransomware attacks, data theft, and data hacking. As a result, key corporate data and confidential information could be leaked or business could face disruption, and negatively impacting the organization’s reputation.		The leakage of information as required by law or the leakage of information that could significantly impact business operations is equal to 0 (zero).	OR places importance on prevention and mitigation measures to avoid becoming a target of cyber-attacks. This includes implementing cybersecurity plans to enhance security effectively, such as: • Adopting Firewall Systems and Security Operation Centers (SOC) to prevent attacks and data leakage. • Procuring, installing, and utilizing Cloud Access Security Brokers (CASB) and Data Leak Protection (DLP) software to control access, defend against attacks, and prevent data leakage. • Purchasing cyber insurance. • Creating awareness of cybersecurity among employees and BSA by developing learning materials and conducting Cyber Security Awareness tests. • Conducting system penetration testing and increasing the frequency of such tests, covering systems hosted outside of PTT Digital. Developing crisis response plans and conducting continuous business continuity management drills throughout the organization’s value chain.	• Monitoring Cyber Security Roadmap reports every quarter • Reviewing access control reports on information technology every quarter • Assessing Cyber Security Awareness test results every quarter. • Evaluating system penetration test results every quarter • Conducting internal audits by the Data Protection Officer (DPO) or the Personal Data Protection Officer regularly each year • External audits and certification to ISO27001 standard for PTT Digital

Organizational Risk Factors		Prioritization (Likelihood and Magnitude	Process to Determine	Mitigating Actions	Monitoring and Audit
Financial Risk	Financial liquidity risk may significantly impact the organization’s business operations and OR’s financial costs significantly.	Click	Financial liquidity must be sufficient to debt obligations, commitments, and investments, with financial ratios in line with the financial policy of the PTT Group.	• Prepare financial estimates to plan for fund management, aligning with the monetary demands and market situations in the financial and/or capital markets. • Planning for short-term and/or long-term loans to secure capital funds. • Prepare for the launch of bond issuance to enhance long-term financial liquidity.	• Monitor financial risk management quarterly. • Information on internal audit can be found at 56-1 One Report PDF page 59-60 (Click for more information) • The independent auditor’s report can be found at 56-1 One Report PDF page 293 (Click for more information)

Risk Culture

OR aims to promote a risk management culture throughout the organization to ensure that OR grows sustainably and securely. Executives and employees at all levels of the company possess Risk Awareness, Risk-Taking, and Risk Management. OR fosters a risk-aware culture through the following:
OR drives a risk management culture from organizational leaders or “Tone from the top” by declaring Risk Management Policy, articulating acceptable risk (Risk Appetite), and promoting and overseeing appropriate risk management throughout the organization.
OR assigns accountability where executives and employees are aware of the ownership of risks, with appropriate risk exposure. Key performance indicators (KPIs) are established that consider the balance between returns and risks. In terms of investing for business, OR sets criteria and guidelines for investment analysis, assesses risks, and prepares a Mitigation Plan to reduce the impact of investments and also incorporates risk criteria into the product development or approval process For example, lubricant product development plan requires health and safety risk assessment to reduce potential risks. In addition, OR develops the product and service stewardship plans following the difference types of business operation and sets the topic ‘Product and Service Standard: Quality/Safety/Environment’ as the Corporate Risk Profile to highlight the importance of product and service stewardship in business. Risk criteria are established for research and development of products and services, encompassing the Risks & Opportunities section.

OR has an escalation process in the event that a risk is found to exceed the acceptable risk level of the Organization. Individual employees have responsibility to proactively identify and report potential risks throughout the organization that can lead to negative impacts on business operations or organizations via an e-mail OR-ERMC@pttor.com. OR communicates and exchanges ideas to create effective communication and challenges, supports open expression, and presents perspectives on risks at every stage of work from all departments.

OR provides financial incentives which incorporate risk management metrics. KPI for senior executives, line managers and employees (such as Operation safety, Product and Service Quality, Image and Reputation Organization, Carbon Neutral Pathway, and Financial Performance) is tied to risk items of OR’s Corporate Risk Profile. KPI will be interpreted as an individual performance evaluation and resulted in financial incentive consideration).

In addition, HR management plays a role in promoting the organization’s risk culture, such as succession planning, training, etc. OR defines and emphasizes that all employees adhere to operational guidelines that consider governance, risk, and compliance (GRC). The risk management manual is published throughout the organization on a website accessible to all employees, as well as training sessions throughout the organization are held during the year to make executives and employees aware of the importance of risk management processes and internal control, and to increase knowledge and understanding of risk management principles and internal control for executives and employees to apply to their operations effectively. In particular, risk management has been incorporated as a key topic in the annual OR orientation for new employees. All employees must also complete the training on risk management and internal control through an e-learning course. OR also regularly provides knowledge in risk management for employees in chief executive position or above level through the Risk Management Program for Corporate Leader (RCL) training courses organized by the Thai Institute of Directors (IOD). The aim is to enhance understanding of roles and responsibilities in overseeing risk management aspects.

OR organizes training programs for employees to ensure compliance with legal requirements and organizational regulations, such as the Competition Act B.E. 2560 (2017), and adherence to laws and corporate regulations from the beginning.
In addition, OR encouraged directors, senior executives, and executives appointed as directors of OR Group and employees to attend GRC-related training courses of the Thai Institute of Directors Association (IOD) such as Advanced Audit Committee 2Program (AACP), Risk Management Program for Corporate Leaders (RCL), Ethical Leadership (ELP), Anti-Corruption in Practice (ACPG), Corruption Risk & Control, and Good Corporate Governance (CG) E-learning

Risk Training Details in 2024^{(GRI 3-3e.)}

Training program	Target group	Date of training	Number of trainees (people)	Summary of recommendations from training/Remark
Risk Management and Internal Control (Orientation)	New employees	Round 1: 24 June 2024 Round 2: 28 June 2024 Round 3: 8 July 2024 Round 4: 5 August 2024	166 people	New employees have knowledge and understanding in risk management and internal control as a basis for their work.
Risk Management	Strategic departments of every line of work and relevant department in business development and ORion project	20 May 2024	55 people	Trainees have increased knowledge and understanding of project risk management.
Risk Management and Internal Control (E-Learning)	All Executives and employees across organization	Risk Management: 1 August 2024 Internal Control: 6 September 2024	1,965 people 1,870 people	Trainees have increased knowledge and understanding of risk management and internal control.

Knowledge-Sharing regarding Risk Management for the Board of Directors:

In 2024, OR actively promoted risk awareness and risk management practices through knowledge-sharing initiatives as part of the Enterprise Risk Management Committee (ERMC) meetings, conducted on a quarterly basis or as deemed appropriate. Most of member is non-executive directors. The knowledge-Sharing regarding Risk Management is also provided for all executive and non-executive directors. These sessions covered key topics such as Global Risk, Business Area Risk, Thailand Risk, and impact analysis on OR’s business operations. Additionally, OR facilitated discussions through “Sharing Risk Moments”,” providing valuable insights into emerging risks and their potential implications, thereby enhancing the organization’s overall risk management capabilities.

Emerging Risk

OR prioritizes newly emerging risks and prepares to address them, considering their impact on OR’s business operations. Measures are in place to proactively manage the risks comprehensively and systematically, as follows:

1. Environmental Challenges and Biodiversity Threats in Coffee Bean Production

Category	Business and Operational Risk
Description	The Global Risks Report 2024 by the World Economic Forum highlights environmental and technological risks are among those expected to deteriorate the most in severity over this period and dominate the longer-term global risks landscape. Nearly all environmental risks are included in the top 10 rankings for the decade ahead. Extreme weather events are anticipated to become even more severe over the next decade. The perceived severity of Biodiversity loss and ecosystem collapse worsens the most of all risks. Critical change to Earth systems and Natural resource shortages are also among those perceived to materially deteriorate. Concurrently, the Food and Agriculture Organization (FAO) has illuminated a concerning aspect of climate change: the potential reduction of suitable areas for coffee cultivation by up to 50% due to rising global temperatures. This phenomenon poses a substantial threat to countries situated in the Bean Belt, spanning various regions near the equator where coffee cultivation is prevalent. Nations such as Peru, Brazil, Ethiopia, Colombia, and others face the formidable challenge of climate change, with potential repercussions for future coffee production. The expansive impact on this vital global commodity encompasses not only the potential extinction of specific coffee varieties but also the alteration of the taste, aroma, and overall quality of coffee. In essence, the intertwining of natural resource crises and climate change poses a multifaceted risk to the coffee industry, impacting not only the economic vitality of coffee-producing nations but also the global coffee market’s sensory and qualitative attributes. Addressing and mitigating these challenges necessitate comprehensive strategies that span environmental, economic, and agricultural dimensions to ensure the resilience and sustainability of the coffee sector in the face of evolving climatic conditions.
Impact	Currently, Thailand’s annual coffee bean consumption stands at 80,000 tons, while domestic production capacity is only 20,000 tons per year. Café Amazon, recognized as a major coffee bean consumer, requires up to 6,000 tons annually. The Café Amazon business is susceptible to potential disruptions arising from a shortage in coffee beans, a scenario that could precipitate heightened operational costs and consequential impacts on overall operating results. The shortage in coffee beans, a core raw material for Café Amazon’s operations, has the potential to induce an upward pressure on costs, stemming from increased procurement expenses and potential supply chain complexities. Such cost escalations, if realized, may exert a discernible influence on the financial performance and operational efficiency of Café Amazon. In addition, changes in the taste, aroma, and quality of coffee may affect consumer satisfaction.
Mitigating Action	It is imperative for Café Amazon to proactively assess and strategize in response to this risk, potentially exploring diversified sourcing strategies, fostering resilient supply chain practices. OR has established a collaborative knowledge exchange initiative with the Ministry of Agriculture and Cooperatives with the strategic objective of fostering and bolstering the expansion of coffee cultivation areas. This initiative aims to catalyze a transition towards integrated agriculture practices aligned with coffee cultivation, thereby empowering farmers to enhance productivity and income through sustainable agricultural methods. The overarching goal of this partnership is to elevate the efficiency of coffee production, aligning with international standards, and particularly emphasizing the distinctive qualities of region-specific coffee varieties. By doing so, the initiative not only seeks to augment the value of coffee products but also contributes to mitigating environmental concerns, including deforestation. Central to this collaborative effort is the establishment of a mutually beneficial marketing cooperation. Within this framework, Café Amazon is committed to supporting the procurement of coffee products adhering to standardized quality from certified farmers. This approach is not only conducive to the advancement of sustainable farming practices but also aligns seamlessly with OR’s inclusive growth strategy, which prioritizes the creation of opportunities and the generation of value for all stakeholders throughout the entire business chain. In 2024, OR initiated the Amazon Park project in Lampang Province. The project aims to serve as a hub for coffee cultivation, research, and breeding of Thailand’s finest coffee varieties. This initiative is designed to strengthen the Café Amazon business across the entire value chain, from upstream to downstream, while fostering a sustainable business ecosystem.

2. Employment crises

Description	Business and Operational Risk
Category	The Global Risks Report 2024, issued by the World Economic Forum, underscores the employment crisis as a long-term global risks. Concurrently, the World Population Prospects reveals a global populace reaching 8 billion individuals, with those aged 65 and above comprising approximately จ%, a figure anticipated to ascend to 16% by 2050. Thailand, in particular, has emerged as the world’s third-fastest growing elderly population, officially transitioning to an aging society in 2022. Projections indicate that by 2030, Thailand is poised to attain super-aging status akin to Japan, with individuals aged 60 and above constituting 28% of the nation’s demographic landscape. As nations worldwide confront the challenges of an increasingly aging society, the pervasive labor shortages experienced underscore the need for strategic responses.
Impact	OR employs a substantial workforce across various businesses, including PTT Station, Café Amazon, and other retail businesses, faces a potential labor shortage as Thailand transitions into the ultimate aging society. This demographic shift poses a significant concern, as it could lead to heightened labor costs, thereby impacting the efficiency of business operations and potentially affecting its business performance.
Mitigating Action	OR has innovatively introduced the “Fully Self Serve Station”. OR incorporates automation comprehensively throughout production, storage, and distribution processes, strategically aimed at minimizing labor requirements and optimizing overall work efficiency. Simultaneously, Café Amazon, an entity under the OR umbrella, has proactively undertaken an initiative to broaden employment prospects for the increasing senior citizen demographic. Recognizing the demographic shift towards an aging society in Thailand and the ensuing dearth of employment opportunities for the elderly, OR has entered into a collaborative effort with the Department of Social Development and Welfare, Ministry of Social Development and Human Security. This collaboration has given rise to “Café Amazon for Chance run by an elderly barista,” a pioneering endeavor specifically designed to address this societal challenge. The program involves the recruitment of individuals aged 55-65 to serve as coffee shop baristas. The establishment is thoughtfully tailored to accommodate the unique needs of the elderly workforce. For instance, the drink menu is streamlined, focusing exclusively on best-selling items. Automation is seamlessly integrated into the operational processes, with an automatic brewing machine ensuring consistency in delivering the café’s standard flavor. Amazon has undertaken considerations such as determining optimal shelf heights for raw materials and provisioning emergency medical equipment. To facilitate a seamless transition for the elderly baristas, a comprehensive training program has been implemented. This training, conducted by the Amazon Café standard development and training team, adheres to the same exacting standards applied to all Café Amazon baristas. This pioneering model not only addresses the imminent challenge of labor shortages but also actively contributes to the creation of meaningful opportunities for the elderly population in Thailand. It underscores OR’s commitment to innovative solutions, social responsibility, and the proactive adaptation to evolving demographic trends.

3. Adverse outcomes of Generative AI technologies

Category	Information Technology Risk
Description	The Global Risks Report 2024 by the World Economic Forum highlights those risks associated with artificial intelligence technologies, particularly Generative AI (Gen AI), are expected to intensify over the next 2 to 10 years as these technologies become integrated into every aspect of society. These risks include the spread of misinformation, threats to privacy, cybersecurity, copyright infringement, biases in AI, criminal activities, labor displacement, and even the use of AI as a military weapon. According to the Harvard Business Review (HBR), the adoption of Gen AI in organizations is growing, a trend supported by findings from the Stanford AI Index, which reports an upward trajectory in AI usage across all global regions. Leading global corporations like Microsoft and Salesforce are integrating AI into their products and services, while companies such as Apple and Samsung are hesitant to adopt AI in operations due to concerns over potential risks. In Thailand, the adoption of Gen AI in organizational operations presents significant challenges. The Electronic Transactions Development Agency (ETDA) emphasizes the need to balance sustainable AI usage with robust governance. The increasing use of Gen AI tools, such as ChatGPT and Gemini, comes with heightened risks. Key risks include: 1. Data Inaccuracy: Errors in data processed by Gen AI may lead to misuse or inefficiencies. 2. Bias and Stereotyping: Outputs from Gen AI may reflect biases inherent in its training data, resulting in skewed and non-neutral outcomes. 3. Copyright Issues: The use of Gen AI for generating images or text could raise copyright infringement concerns. 4. Privacy Violations: There is a risk of unauthorized disclosure of personal or organizational confidential information. 5. Misinformation: The dissemination of false or deceptive information online could severely impact organizations. Organizations must address these risks effectively to maximize the benefits of Gen AI while safeguarding operational integrity and public trust.
Impact	OR has transformed into a digital-driven organization, integrating Generative AI (Gen AI) into its operations to enhance efficiency, improve organizational effectiveness, and elevate customer service, thereby gaining a competitive advantage. However, this transformation comes with challenges and risks, including concerns over data privacy, security, transparency, and accountability. These risks could potentially cause significant harm to the organization, impacting both its business operations and corporate reputation.
Mitigating Action	OR recognizes the dangers posed by such threats and the importance of preventive measures and impact mitigation to manage risks effectively. To address these concerns, OR has established an AI/ML Governance process to ensure the application of AI/ML within the organization is efficient, secure, and ethical. A robust Governance Framework has been developed, defining clear roles and responsibilities for both AI/ML utilization and organizational data management. Additionally, the organization actively monitors, evaluates, and improves the implementation of AI/ML applications. Risk management for AI/ML is aligned with OR’s overall risk management framework, enhancing the likelihood of achieving the intended objectives of AI/ML applications. Appropriate risk control measures and monitoring mechanisms have been put in place, including policies and controls tailored to specific risks. These measures address the three core principles of information technology security and privacy: confidentiality, integrity, and availability. OR ensures adequate personnel are assigned to develop, test, deploy, and oversee AI/ML operations, ensuring alignment with the organization’s needs. The company also promotes the ethical use of Generative AI (Gen AI) by educating employees, fostering understanding of ethical issues, and adopting best practices for Gen AI applications. Measures to monitor compliance with organizational guidelines have also been implemented. To mitigate potential risks, OR has adopted stringent preventive measures, including the deployment of firewalls and utilizing a Security Operation Center (SOC) to safeguard against cyberattacks and data breaches. Cloud Access Security Brokers (CASB), Data Leak Protection (DLP) systems, and company-installed software have been implemented to control data access and prevent unauthorized data leaks. Regular system inspections and vulnerability risk assessments are conducted to identify and address information system weaknesses. OR also educates employees on protecting organizational data from external leaks. Furthermore, the company has procured cybersecurity insurance and established a Business Continuity Management (BCM) system to address potential threats to its information systems, ensuring resilience and readiness in the face of cyber threats.

4. Misinformation and Disinformation

Category	Information Technology Risk
Description	The Global Risks Report 2024 by the World Economic Forum highlights the dissemination of false information and disinformation as a critical global risk with potentially severe political, social, and economic repercussions, including exacerbating international conflicts. This risk is further intensified by the widespread adoption of Generative AI (Gen AI) technologies, which are used to create so-called “synthetic content.” Such content ranges from deepfake videos and voice imitations to counterfeit websites. Coupled with the pervasive influence of social media, the rapid and far-reaching nature of online communication amplifies the problem. Society tends to trust information shared through social media, leading to the widespread dissemination of false information that is difficult to control. Disinformation can serve various purposes, from minor social movements, such as environmental advocacy, to escalated conflicts. Moreover, new forms of crime are emerging at a rapid pace, including stock manipulation and deepfake pornography. Disinformation is also increasingly tailored to specific audiences, targeting particular groups such as minority communities. It is often disseminated through private messaging platforms, such as WhatsApp or WeChat, which are more challenging to monitor and regulate.
Impact	OR has been affected by the dissemination of false information on social media, which has been widely spread, distorting consumer, societal, and community perceptions. This has resulted in significant damage to the organization’s image, impacting both its business operations and corporate reputation.
Mitigating Action	OR recognizes the impact of misinformation and the spread of false information. As a response, the company closely monitors the dissemination of false content on social media, ensuring effective communication with stakeholders. OR has implemented processes to manage potential issues, anticipate negative scenarios, and develop plans and countermeasures accordingly. Proactive communication is employed alongside crisis communication and negative issue management to address matters affecting the organization in a timely manner. Additionally, OR conducts Brand Health Check research to analyze stakeholder expectations across all groups, using the insights to enhance the organization’s communication strategies. The company also employs targeted, straightforward, and accessible proactive communication to effectively reach its audience. Efforts to foster Brand Love are undertaken to encourage brand advocacy, serving as a defense mechanism against attacks stemming from the spread of false information that could harm the organization’s reputation and image.

Document Name	File (Attach or Link)
1. Risk and Crisis Management	Click to Download
2. Risk Management Policy (Please select “Corporate Risk Management”)	Click to Download