Management Approach
The Company’s risk management process begins with reviewing the organization’s strategic plans and business objectives, coupled with analyzing the organization’s key Materiality Topics to develop the risk management guideline and to identify important risks in the Company’s business operations. The guideline covers four dimensions: Business Risk, Sustainability Risk, Emerging Risk, and Black Swan or unforeseen risks. They also establish effective preventive and mitigation measures to help drive the organization towards its goals and create value for all stakeholders. Additionally, the Company mandates the establishment of a Risk Management Committee responsible for setting policies and managing the organization’s risk plans, including defining appropriate Risk Appetite. This involves risk management department and audit office working together as a Risk Management Committee to drive efficient operations under corporate governance and in alignment with the organization’s objectives. Furthermore, the Risk Management Committee reports on risk management activities and presents findings to the Audit Committee and the Board of Directors twice a year. The objective is to examine the performance of the risk management process, monitor results, and identify corrective measures to enhance operational efficiency and reduce the impact of risks in a more comprehensive manner.
The Risk Management Committee has conducted a self-assessment for 2O23 using an assessment model adapted from the Thai Institute of Directors’ framework, comparing it to the charter. It revealed an excellent performance score of 93% and a good performance score of 7%. These scores indicate an improvement compared to the previous year.
Corporate Risk Management Structure
Risk Analysis and Assessment
The Company organizes the priority of risks by appointing Risk Owners who are responsible for analyzing identified risk issues, both in terms of the likelihood of occurrence (Probability Rating Scale) and the impact of the risk (Impact Rating Scale), using a Risk Matrix. The process follows principles and guidelines as follows:
Risk Matrix
In this regard, the Company establishes guidelines and frameworks for risk management and crisis situations, comprising organizational-level risk management, operational-level risk management, and communication to ensure that all employees are informed. Additionally, the Company develops risk control plans that may impact the organization’s operations and objectives, studying Risk Prioritization from the analysis of the Risk Matrix, which considers the likelihood and potential impact of each risk, including the likelihood of fraud and corruption. Furthermore, it defines key performance indicators for significant risk management effectiveness (Risk Score) and recovery plans appropriately tailored to achieve sustainable business objectives.
Furthermore, the Company has developed a Business Continuity Plan (BCP) to prepare for rapidly changing situations and ensure the Company’s operations remain continuous and uninterrupted. Additionally, every six months, the Risk Management Committee reports its operations to the Audit Committee and the Board of Directors. Moreover, the Internal Audit Office oversees and audits risk management operations to implement risk reduction measures. In 2O23, the Company engaged an external firm to evaluate the overall Enterprise Risk Management (ERM) to ensure compliance with corporate governance principles and The Committee of Sponsoring Organizations of Treadway Commission (COSO) internal control framework. Additionally, it aligns with the international standard ISO 223O1: Business Continuity Management (BCM) to ensure the Company’s risk level is acceptable and manageable. The companies within the CP Group has been certified for ISO 223O1: BCM in three areas, including CPRam Ladkrabang and Distribution Center (CDC) Bang Bua Thong. Moreover, in 2O23, six more distribution centers received additional certification, including Mahachai Distribution Center (DC), Mahachai Temperature Controlled Distribution Center (CDC), Suvarnabhumi Distribution Center (DC), Suvarnabhumi Temperature Controlled Distribution Center (CDC), Mahachai Distribution Center (BDC), and Logistics Center.
Risk and Incident Management Framework for Sustainable Business Operations
In order to ensure effective risk management alignment to its objectives, the Company mandates regular risk assessments every quarter, identifying risk categories that may impact business operations into four groups as follows:
The objective is to encourage employees to participate in risk management and can respond promptly to changes in the business environment, along with supporting corporate strategy. The Company, therefore, organizes training every quarter on relevant risk reduction measures for various departments with Risk Champions, who are responsible for providing knowledge. The Company also establishes risk control and monitoring mechanisms as follows:
Internal Control and Risk Monitoring Mechanism
Assessing high-risk activities
Selecting high-risk processes
Establishing risk control measures
Randomized assessment of control measures by auditors
Review interial process risk & control quarterly
Emerging Risks
The Company establishes measures and guidelines for managing and governing to promptly respond to risks. This includes regular annual reviews of issues and various trends to analyze new risks that may affect business operations. Moreover, the Company can identify 3 new risks and analyze the impact of these risks on business operations, along with outlining preliminary management measures and guidelines as follows:
Risks from the rapid changes in Generative AI technology in the e-Commerce business
The e-Commerce industry in 2O24 has an increasing use of Generative AI technology, where online merchants can analyze customer needs and consumer data to find products and services that meet their demands most effectively. For example, customers can use Generative AI technology to analyze the credibility of stores and detailed sales history, allowing them to assess the history and credibility of merchants and check whether the products or services sold in the past had any issues. This has led to a significant growth of the e-Commerce industry in Thailand, estimated at 23% according to the Digital Economy Report for Southeast Asia by Google in the previous year. It has also resulted in a growth of over 9.6% for CP ALL’s e-Commerce business. However, the impact of using Generative AI technology includes new investment projects Investment in subsidiaries and distribution center (DC) in CP ALL’s business operations. The aim is to maintain and create sustainable service experiences for customers at 7-Eleven stores.
The rapid introduction of Generative AI technology in the e-Commerce business has impacted new investment projects Investment in subsidiaries and distribution center (DC) in CP ALL’s business operations. It helps maintain and create a sustainable customer experience at 7-Eleven stores. In 2O23, approximately 4,OOO – 4,1OO million Baht was invested. Furthermore, if Generative AI technology is fully utilized to analyze products and services for consumers in the next 3-5 years, it will significantly affect has impacted includes new investment projects Investment in subsidiaries and distribution center (DC). This is aimed at maintaining and creating a sustainable customer experience for visits to 7-Eleven stores in the future.
The Company closely monitors the rapid changes brought about by Generative AI technology, which increasingly influences CP ALL’s business operations. Currently, it sets business strategies to grow from strengths, adapt to new lifestyles, and embrace the digital society. This is to address the aforementioned changing trends by improving the way consumer experiences are created, such as promoting products that better meet consumer needs based on surveys conducted at 7-Eleven stores. This includes diversifying products and services, such as fresh food, frozen food, vegetables, fruits, and freshly prepared food, as well as expanding 7-Eleven branches to provide access and convenience to communities with limited access to products and services. This is considered value creation and promoting access for consumers that e-Commerce businesses may not fully meet yet.
However, the integration of Generative AI technology to support the analysis of consumer product and service preferences remains a critical focus for CP ALL in driving the growth for both 7-Eleven stores and e-Commerce business. This segment contributes more than 1O% of the Company’s revenue. Therefore, CP ALL is investing in Generative AI technology to assist in analyzing consumer product and service preferences, as well as to analyze various product trends to meet current consumer demands and prepare for the future. Additionally, CP ALL is expanding 7-Eleven branches to promote access to products and services for remote communities that may not have access to new technologies, equipped with comprehensive services.
The risk from transitioning into a Complete Aged Society increases the demand for health products
Thailand is transitioning into a Complete Aged Society, according to data from the Department of Provincial Administration, Ministry of Interior, in 2O23. It was found that Thailand has a population of people aged 6O and above, or the elderly, accounting for 1 in 5 (13 million people) of the total population (66 million people), with a continuous upward trend projected over the next 5-1O years. It is estimated that Thailand will evolve into a Super Aged Society, with the elderly population increasing to 28% of the total population. This will directly impact the demand for health-related products and services. This includes a greater need for health-focused food products, functional foods, and foods with modified ingredients. This trend may influence CP ALL’s strategies, budget planning, research in product and service development, as well as procurement of health-enhancing products.
CP ALL has been actively managing health and nutrition products through various support programs and promoting research in health products internally and externally. However, with the transition into a Complete Aged Society and the trend towards becoming a Super Aged Society, CP ALL needs to adapt and prepare to deliver products and services that can meet future needs. This may affect the risk of losing opportunities in selling health products and the elderly group, which accounts for 12% of total sales compared to all food and beverage products sold in 7-Eleven stores. It may also affect organizational direction-setting and strategy. Additionally, CP ALL prepares to address the increased budget for research on products and services suitable for the elderly group, aiming to procure health products worth over 17.1O million Baht , accounting for 38% of the total research and development budget.
The Company has continuously reviewed its organizational strategy and emphasized the fundamental right to good health as one of the basic rights. The Company is also aware of delivering products that are nutritious, safe, and meet standards for all consumer groups, especially the elderly. Moreover, the Company has elevated the capabilities and research funds in health foods and appointed consultants to source and develop new products tailored for health conscious individuals, including the elderly. These products include functional foods to promote various health aspects, personalized foods suited to individual lifestyles, health,
and genetics, as well as other categories, such as food with reduced additives and preservatives, low sugar, low palm oil, no coloring, no fat, alternative protein foods, and superfoods. This is to respond to changing consumer behaviors and reduce health risks for all consumer groups. Additionally, the product development aims to anticipate future trends in product and service changes for the elderly and elevate the services to cater to customers who find it inconvenient to shop at 7-Eleven stores, including the elderly, by offering product orders through the ‘7APP’ application along with delivery services.
The risk from promoting the reduction of packaging waste as legally enforced by the government
The Company operates primarily in the business of retail convenience stores, wholesale businesses, cash payment services, and food production with operations mainly in Thailand. The Company is mandated to adopt the policy of discontinuing single-use plastic packaging under the Thai Plastic Roadmap 2O18-2O3O, coupled with the development of the country’s waste management system and infrastructure to reuse and recycle waste. One of the tools being studied to inform policy decisions is the principle of Extended Producer Responsibility (EPR) or the principle that enhanced responsibility of producers, where producers are responsible for the entire lifecycle of their products, including design, distribution, return, collection, reuse, recycling, and post-consumer packaging waste treatment. That is, producers’ responsibility for managing their own product waste. This principle is widely used in Europe, North America, South Africa and some countries in Asia, with a trend toward legal enforcement expected in Thailand within the next 3-5 years. This directly impacts the business of CP ALL, which will incur additional expenses in system preparation, including readiness along the supply chain and requiring intensified collaboration with suppliers.
The Company serves an average of 13 million customers daily at 7-Eleven stores, with revenue from product sales and services in 2O23 totaling 921,187 million Baht. Each year, the Company uses an average of 53,965.53 tonnes of plastic packaging. The push for compliance with the Extended Producer Responsibility (EPR) principle impacts CP ALL’s policies, strategies, and product design processes, shifting from traditional Design for Assembly to Design for Disassembly to facilitate material separation for recycling or investment in reuse processes. The recycling of packaging waste, as well as changing perspectives on the environmental system of production and consumption into a new approach, means transitioning from a Linear Economy model where products are manufactured by producers, distributed to consumers, and then discarded to municipalities, to a Circular Economy model, where materials and energy are recycled back to producers or distributors, requiring new distribution systems and innovations. This impacts CP ALL’s operational expenses, including increased investment in system development and operations (estimated at over 538 million Baht over the next 3-5 years), as well as fees for waste management by central organizations. Furthermore, the Company’s reputation could
be affected in case of failing to adequately prepare to handle the supply chain responsibly.
The Company is dedicated to reducing the amount of plastic waste from packaging sent to landfills to the minimum possible, while also demonstrating leadership in environmental stewardship. This makes packaging management from CP ALL’s products more environmentally friendly. This is achieved through measures and management strategies such as:
Black Swan Search continuation project
The Company has continued the Black Swan project for the 1Oth consecutive year to raise awareness of risks for the Company’s personnel. Management and employees are encouraged to take part in identifying enterprise risks that could potentially impact the Company’s operations and goals through the submission of risk topics in a contest available at various channels. The risks topics are related to the below six issues, as follows:
Continuous Business Operations
Work Process
Products and Services
Outsources Hiring
Corporate Sustainability
Activities Related to the Outsources Hiring Company’s Subsidiaries
The awarded risk issues will be considered for further development of appropriate support measures and management strategies to effectively implement them. In 2O23, there were a total of 2,465 risk issues submitted by employees for competition. The top five risk issues with the
highest number of submissions are: 1. Health and safety related risks, 2. Environmental risks, 3. Legal compliance risks, 4. Customer satisfaction, and 5. Human resource management.
Furthermore, the Company conducts Risk Score evaluations to measure the overall risk management effectiveness of each department. The Company welcomes suggestions for further development and improvement of risk management systems in all areas to enhance efficiency. This covers over 74 departments on a quarterly basis, along with providing guidance and knowledge exchange through online systems. Additionally, exemplary risk management practices are showcased to elevate capabilities through the Risk Score Clinic project weekly. Departments demonstrating consistent excellent performance will be publicly acknowledged by the Chief Risk Officer and the CEO as role models for the organization, fostering pride among the department’s risk management personnel.
Risk Management and Business Continuity Management Training Program for Risk Champion continuation project
The Risk Management unit, in collaboration with Panyatara Co., Ltd. and All Training Co., Ltd., organizes quarterly training courses to develop Risk Champions skills. The objective is to train participants, providing them with new learning experiences that can be applied to managing risk within the CP ALL Group businesses. This aims to enhance the ability of Risk Champions to assess risk management practices within their respective units according to Risk Score criteria, ensuring readiness to respond to situations. Additionally, participants are required to complete a post training assessment to review their understanding and raise awareness in identifying risks and prevention methods, enabling the organization to continue its operations without interruption. In 2O23, more than 967 Risk Champions within CP ALL’s business units participated in the program.
Furthermore, the Company has elevated its Risk Management training for the Risk Management Committee (RMC) in four formats: from gurus/experts, practical exercises (Crisis), 3A signaling (Alert, Analysis, Alarm), and external training. The training provides knowledge to users of information technology systems, including committee members, senior management, employees, and customers. Seminars are organized on topics such as the impact of the Russia-Ukraine conflict on the Thai economy and industry. Additionally, meetings are held to update the Company’s Board of Directors on Global Sustainability Trends Updates to understand trends and potential impacts on CP ALL in the future.
Promote and Support SMEs Suppliers to take part in the Private Sector Collective Action against Corruption (CAC SMEs Certification) continuation project
CP ALL organized a training program for the Private Sector Collective Action against Corruption (CAC SMEs) in 2O23 for 58 SMEs entrepreneurs in an online format in the time of the New Normal. The objective is to encourage executives and employees, including suppliers, to operate in accordance with corporate governance principles. And to instill values of business operations with honesty, transparency, and without corruption. The Company raised the status of the organizations in CAC membership to the Change Agent level. All in all, there are 15 suppliers, or equivalent to 26% of the total, who have communicated and signed to join the declaration of intent to join the Private Sector Collective Action against Corruption.
In addition, Lotus’s has been recertified as a CAC member, joining the private sector’s collective efforts against corruption in Thailand. Lotus’s also received the CAC Change Agent Award for 2O23 from CAC. Furthermore, in 2O23, Lotus’s supported 17 SME suppliers in jointly declaring their commitment to anti-corruption, elevating the standards of transparent and ethical business practices.
These initiatives reflect the Company’s dedication to being a retail organization that prioritizes sustainability in all dimensions of business operations, encompassing environmental, social, and governance (ESG) aspects.
Cybersecurity and Information Management
The Company recognizes the importance of cybersecurity and information security risk management and conducts a review of the information technology security policy. The policy was revised to be consistent with the international standard guidelines for information security management systems (ISO 27001). The Company also adopts the international cybersecurity framework (NIST Cybersecurity Framework) in technical practices throughout the system, including personal data protection measures as follows:
Cyber Security continuation project
Currently, the Company faces cybersecurity risks almost constantly due to the shift from offline to online business operations, leading to reliance on digital tools for business. Therefore, the Company has established cybersecurity management strategies that encompass aspects on People, Process, and Technology.
Cyber Hygiene Culture Cultivating and organizational culture with cyber security wellness
Cyber Assurance Control cyber security standards
Cyber Operation Operations for surveillance and cyber threat prevention
In 2O23, the Company was rated on the credibility of cyber security management by an external party (BITSIGHT Security Rating Service), reflecting the responsibility of management and information management, credibility, and corporate image-the results show that the safety
management has improved respectively and with the following actions initiated:
Impacts and Benefits
the Company's network data systems are installed and provided services through the certified Information Security Management Systems, ISO 27OO1
employees working in cyber security (31 people) have undergone training and knowledge testing on cyber security topics
employees have passed the Phishing Test
the Company's systems and websites on the internet network have been searched and assessed for vulnerabilities by external companies and. They are then further evaluated and improved by the operations team to enhance security
Raising awareness of personal data protection continuation project
The Company aims to raise awareness of personal data protection among employees at all levels, following the guidelines outlined in the Company's key strategies and plans. This initiative can reduce the risks that may affect the organization. In 2O23, the Company worked to elevate
personal data protection to international standards with details as followed:
Impacts and Benefits
activities with personal data comply with the Personal Data Protection Act
employees have passed a training and knowledge test of PDPA guidelines
response to the access right requests for personal data at an appropriate time
serious grievances
personal data
Other Information
Sensitivity Risk
1.Business Environment Risk
According to business expansion continuously, the Company is aware of development of GHG emissions reduction initiatives for various operations, including research, pilot projects, and applied to the business as well as collaboration program with stakeholders thought value chain. Under continuously development principle, the Company has preliminary studied on advance sustainability targets, being a carbon neutral organization or net zero carbon 2030 afterward. The Company has simulated 3 GHG emissions reduction scenarios (shown in diagram 1) which all cases are linked with the business growth. Additionally scenario has been performed by limiting volume of carbon offsetting at 20% of projection BAU case in 2030. The offsetting cost of all remaining carbon emissions will be used for range determination.
Results are indicating cost that associated climate change mitigation and linkage with business case which reflect effort and preparations required for co-mitigating the global issue.
Diagram 1 GHG emissions and carbon offsetting
| Data Analysis | ||
|---|---|---|
| (inputs and factors used for the analysis) | ||
| Voluntary Emission Reduction | 42.72 | Euro / tonne |
| Exchange rate | 38.37 | Bath / Euro |
| Carbon emissions forecasting 2030 (CEF2030) | 3,042,632.71 | tCO2e |
| Target limited GHGs growth at 4% | 2,086,322.77 | tCO2e |
| Target GHG reduction at 4.2% each year | 1,764,726.97 | tCO2e |
| 1% of revenue 2020 | 5,465.90 | MTBH |
Table 1: Sensitivity analysis for carbon offsetting on target year 2030 scenario
| Unit (million THB) | |||||
|---|---|---|---|---|---|
| Carbon pricing valuation | -10% | -5% | +-0% | +5% | +10% |
| Carbon emission (CEF2030) | 4,488.64 | 4,738.01 | 4,987.38 | 5,236.75 | 5,486.12* |
| Targeting Limit GHG emission at 4% growth against BAU | 3,077.85 | 3,248.84 | 3,419.83 | 3,590.82 | 3,761.81 |
| Target GHGs reduction at 4.2% each year | 2,603.41 | 2,748.05 | 2,892.68 | 3,037.32 | 3,181.95 |
* exceeded threshold at 1% of revenue
2. Compliance Risk and Operation Risk
Sensitivity Analysis of Future Salary Growth and Employee Turnover Rate
| Consolidated Financial Statements | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1% increases in assumption | 1% decrease in assumption | 3% increases in assumption | 3% decrease in assumption | 5% increases in assumption | 5% decrease in assumption | |||||||
| 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | |
| At 31 December | (in million Baht) | |||||||||||
| Future Salary Growth | 437 | 466 | (387) | (416) | 1,311 | 1,398 | (1,161) | (1,248) | 2,185 | 2,330 | (1,935) | (2,080) |
| Employee Turnover Rate | (428) | (468) | 483 | 504 | (1,284) | (1,404) | 1,449 | 1,512 | (2,140) | (2,340) | 2,415 | 2,520 |
| Separate Financial Statements | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1% increases in assumption | 1% decrease in assumption | 3% increases in assumption | 3% decrease in assumption | 5% increases in assumption | 5% decrease in assumption | |||||||
| 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | |
| At 31 December | (in million Baht) | |||||||||||
| Future Salary Growth | 240 | 227 | (213) | (203) | 720 | 681 | (639) | (609) | 1,200 | 1,135 | (1,065) | (1,015) |
| Employee Turnover Rate | (234) | (230) | 266 | 262 | (702) | (690) | 789 | 786 | (1,170) | (1,150) | 1,330 | 1,310 |
3.Market Risk
Sensitivity Analysis of Discount Rate
| Consolidated Financial Statements | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1% increases in assumption | 1% decrease in assumption | 3% increases in assumption | 3% decrease in assumption | 5% increases in assumption | 5% decrease in assumption | |||||||
| 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | |
| At 31 December | (in million Baht) | |||||||||||
| Discount Rate | (406) | (439) | 443 | 502 | (1,218) | (1,317) | 1,329 | 1,506 | (2,030) | (2,195) | 2,215 | 2,510 |
| Separate Financial Statements | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1% increases in assumption | 1% decrease in assumption | 3% increases in assumption | 3% decrease in assumption | 5% increases in assumption | 5% decrease in assumption | |||||||
| 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | |
| At 31 December | (in million Baht) | |||||||||||
| Discount Rate | (225) | (205) | 241 | 234 | (675) | (615) | 723 | 702 | (1,125) | (1,025) | 1,205 | 1,170 |
