Management Approach
Risk management is an important mechanism for identifying potential risks and problems that may arise and affect the organization. The management and determination of effective risk reduction measures are important factors in driving the organization to achieve its goals, along with creating value for all groups of stakeholders. The Company is aware of various risks that affect the organization. Hence, the Company establishes a risk management committee responsible for setting policies and guidelines for the risk management of the organization. A risk management unit and an audit unit are established and serve as a member of the Risk Management Committee. The objective is to operate efficiently under good corporate governance and in line with the organization’s goals. In addition, the Risk Management Committee is responsible for reporting the results of risk management and presents to the Audit Committee and the Board of Directors twice a year to review the results of the risk management process, as well as to find solutions that can increase operational efficiency and reduce the impact of more comprehensive risks.
Corporate Risk Management Structure
This is to achieve the goal of sustainable business operations. The Company has established guidelines and frameworks for risk and crisis management operations, including preparing plans to control risks that may affect the operations and goals of the organization.
Risk and Incident Management Framework for Sustainable Business Operations
The Company requires annual risk assessment and identifies risk groups that may affect business operations in 3 groups as follows:
The objective is to encourage employees to participate in risk management and can respond promptly to changes in the business environment, along with supporting corporate strategy. The Company, therefore, organizes training every quarter on relevant risk reduction measures for various departments with Risk Champions, who are responsible for providing knowledge. The Company also establishes risk control and monitoring mechanisms as follows:
Internal Control and Risk Monitoring Mechanism
Internal audit of the risk management
The Company has instilled its employees at all levels the awareness of good risk management and internal controls. It has put in place self-auditing processes to prevent risks in a flexible manner and ensure that all units comply with principles of good corporate governance according to the internal control framework of the Committee of Sponsoring Organizations of Treadway Commission (COSO), as follows:
The Company has clear and appropriate control activities to risk and business types. Also, the company has reviewed operation to be as regulations. The Business Ethics and Code of Conduct and the Company’s corporate governance policy provide in written guidelines for performance of duties. Employee performances are evaluated by Key Performance Indicators or KPIs, which are tools for planning, control, monitoring and tracking with a guide to business ethics and recommendations in work practice. All employees are made aware of the Code of Conduct since the orientation for new employees. The Company has clearly defined the duties and responsibilities of various work functions. Correctness can be cross-checked to reduce risks in corruption or inappropriate actions. The authority and approval limit of various types of transactions of executives are clearly written in the “Authority Handbook”. Furthermore, the IT system classifies the roles as well as control and access to information at various levels. The IT system has set access codes and an information database which can be later retrieved for verification. The policy regarding information security and information system has been announced and disseminated among employees at all levels to be aware of and strictly comply with information security. Procedures regarding connected transactions and the transactions that may lead to conflicts of interest are clearly stated to ensure transparency and the greatest benefits of the Company. The Internal Audit Office regularly reviews the adequacy and appropriateness of the control system, with the audit plan also covering important work processes.
The Company’s monitoring and evaluation process is designed to assess the adequacy of its internal control system. The Internal Audit Office, which is independent from management, assumes the role of validating the system, providing recommendations, auditing and reviewing the compliance of the Company’s internal control, risk management, and corporate governance systems, the Code of Business Ethics and anti-corruption measures, in accordance with its audit plan. Additionally, the Office is responsible for following up with audited departments to make sure that all issues and recommendations are fully resolved, following which the Audit Committee will present the audit results to the Board of Directors on a quarterly basis. Finally, the Committee will also meet with external auditors to evaluate the adequacy and effectiveness of the Company’s internal control system.
External audit of the risk management
The Company places importance on uncertainty and risks from various threats. This will help the organization to have a complete business continuity management system, effective and effectiveness. Able to truly manage sustainability (Sustainable Development) of the organization, ensuring that they have their standards equivalent to international standards. This is accomplished by organizing training to educate about the standard, assessing the gap of the current system compared to ISO 22301 : BCM, and preparing an upgrade plan for selected areas that are ready to be applied for certification. The workplace shall be audited by external auditors (Third Party) and prepared before the actual audit taker place. In 2022, the Company received Business Continuity Management Standard (ISO 22301 : BCM) certification, adding 2 areas, namely CPRAM Ladkrabang , DC Bangbuathong Distribution Center.
Emerging Risks
The Company commits to advancing measures and management guidelines in response to risks in a timely manner by reviewing the issues and trends on an annual basis. This allows the Company to analyze new risk issues that may occur and affect business operations.
In 2022, the Company collected three issues of emerging risk and analyzed the impact of risks that may affect business operations, and determined preliminary measures and management guidelines as follows:
1. Risks from governmental regulations promoting packaging waste reduction
CP ALL has main businesses in convenience store retailers, cash payment wholesale business and services, and food production business with the main operating area in Thailand, which the Company aims to expand the scope of decreasing the use of single-use plastic packaging under the Thai Plastic Roadmap 2018-2030 in parallel with the development of the country’s system and infrastructure for waste. One of the tools being studied for policy making is Extended Producer Responsibility (EPR) Principles or the principle of “increased responsibility of producers” that manufacturers must take full responsibility-from design, distribution, return, collection, reuse, recycling, and treatment of packaging waste after the consumption process. In other words, the responsibility of managing one’s own waste products. The principle of expanding the responsibility has been widely used in Europe, North America, South Africa, as well as some Asian countries, and is likely to be enforced as a law in Thailand within the next 3-5 years, which may directly affects CP ALL businesses as the changes involves additional costs in the preparation of the system as well as throughout the supply chain since the Company needs more cooperation with suppliers.
CP ALL has an average of more than 12 million customers per day that come to purchase products in 7-Eleven stores. The revenue from sales of goods and services in 2022 was 829,099 million Baht.Each year, the Company has an average of 47,772.39 tonnes of plastic packaging usage per year. The push for the implementation of the policy in the Extended Producer Responsibility (EPR) affects CP ALL in changing policies, strategies, and product design processes. From the original design of various parts to be easily assembled into pieces (Design for Assembly), the Company began to choose to use or design products that can be easily disassembled (Design for Disassembly) in order to separate different materials for recycling or there are investments in reuse processes, waste packages recycling, as well as a change in the ecological view of production and consumption in a new way. In other words, a linear economy, where products are produced by manufacturers to consumers before being left to the municipality, is shifted into a circular economy where materials and energy are recycled back to the producers or distributors again-which requires new distribution systems and innovations, which affect the increase in operating costs of CP ALL from system building or operation (this is accounted from higher investment costs, an average of more than 215 million Baht in the next 3-5 years), including expenses from paying fees for waste management for central organizations. It can also affect the company’s reputation if there is no good preparation for dealing with the entire supply chain.
CP ALL commits to minimizing the amount of plastic waste from packaging sent to landfill. The Company is ready to stand firm in leading the way in making packaging management from CP ALL products more environmentally friendly with measures and management guidelines are as follows:
2. Risk of rising sea levels and erosion of brackish water from climate change
The cause behind the continuous rise of seawater levels is due to climate change. The rising global temperature affects the ocean. This causes rising seawater levels. Simultaneously, the rising temperature also speeds up the melting of glaciers, resulting in higher sea levels. The ocean, whose role is to absorb greenhouse gas, inadvertently stores more heat, expands, and push the seawater level to rise higher, resulting in risks of flooding in watershed and low-lying areas and effects on natural freshwater sources (e.g., groundwater, surface water, etc.), which will be replaced by salt water. This reduces the quality of fresh water for consumption and business operations.The seawater seepage is triggered by high-tide seawater, which rises higher and further. The freshwater volume released from dams decreases due to drought, multiplying the seawater contamination in natural freshwater sources, with direct impacts on all lives, ecosystems, economic growth, and fundamental infrastructure, as well as causing the loss of opportunities to sell products that require good water quality, increased cost of water supply, damage costs, maintenance costs incurred for tools in stores.
Researches from various institutes demonstrate the possibilities of rising sea level. The data is derived from highly precise calculations from satellite images. Over 96% of Thailand’s Bangkok would be flooded if flooding occurs, encompassing over 1,512 square kilometers within the next 3-5 years. The economic damage could multiply, particularly in the river basin areas across 9 provinces, which are Bangkok, Samut Prakarn, Nonthaburi, Pathumthani, Saraburi, Chachoengsao, and Prajinburi, which are areas of business importance due to the high density of 7-Eleven stores over 6,336 stores. Post-flooding, there would be business disruption, additional costs for store fixes and rebuilding, and expenses in tool and equipment procurement to maintain water supply quality for businesses. In tandem, such incidents can impact products’ quality, as well as products and services requiring prior preparation, which must stop its sales as it got affected by seawater level and high tide, resulting in saltwater intrusion of frequently sourced freshwater bodies. The incident can directly affect CP ALL in the following areas:
The Company developed a comprehensive risk policy and risk management plan governed by Risk Management Committee. Climate change risk has been integrated as a risk factor against the Company’s business operations, aiming to review the risk management approach thoroughly at least twice a year. This ensures risk management is aligned and is part of the decision behind determining business operation strategy. Simultaneously, the Company set up Flood Scenario & Preparation plans for 7-Eleven stores by studying for consistency with natural disaster statistics, coupled with the public sector’s risk assessment data, such as spatial climate change-induced risk database. This could be used to substantiate risk assessment of store in each area, to develop business continuity plans, and post-incident restoration plans. The extent includes reports on impacts from rising sea levels, which may trigger floods and high tides, subsequently culminating in saltwater intrusion, directly to Risk Management Committee. This enables stipulation of directions and identification of crisis mitigation approach
3. Risks in maintaining capacities of fresh produce suppliers in the Company’s supply chain post-regional transportation system
The expansion of product logistics and transportation to various regions, also known as Belt and Road Initiative (BRI) commenced on the 3rd of December 2021, only the China-Laos Railway section. The boten – Vientien comprises 32 stations, consisting of 22 stations of product logistics, 10 stations for passengers. This would help expand the trade and tourism scope at a regional level with significantly reduced time used. The time used for transportation is only 7-9 hours and product logistics only 10-12 hours, meaning products will be delivered into Thailand within 48 hours, considerably much faster than the traditional counterpart (traditional road transportation requires 4-6 days, ships 12-17 days, and airplane 1-2 days). This shift helps fresh product groups to be distributed into Thai market more and transported much faster, likely to an even greater pace upon completion of domestic railway system in 2028.
Maintaining the capacity of fresh food suppliers in the Company’s supply chain after connecting to the regional rail transport system can be considered both opportunities and risks in business conduct. The challenges can be identified in 2 aspects, as follows:
The Company has sped up in fostering suppliers’ strength through various measures, ensuring SMEs suppliers are able to adapt and be ready to grasp sales and competitive opportunities at a regional level. This was achieved through promotional measures, as follows:
Black Swan Search (continuously)
The Company has continued the Black Swan project for the 9th consecutive year to raise awareness of risks for the Company’s personnel. Management and employees are encouraged to take part in identifying enterprise risks that could potentially impact the Company’s operations and goals through the submission of risk topics in a contest available at various channels. The risks topics are related to the below six issues, as follows:
Risk issues awarded would be considered for development and implementation of appropriate mitigation and management measures, paving the way to effective implementation. In 2022, a total of 4,490 risk topics were submitted by employees. Among them, the top 5 risks submitted comprise 1. Risks related to Covid-19 Threats from using IT systems such as fraudulent email, social media, computer viruses, call center, and SMS 3. Leakage/loss of important data 4. Legal and Compliance Risk 5. Work safety.
The Company organized for Risk Score assessment to measure departmental risk management capabilities, as well as providing feedback for improvement and enhancement of effectiveness in risk management system for all areas to be more, covering over 70 departments quarterly. There were also advisory services online, as well as exchange of knowledge and best practices to increase capacities in risk management via Risk Score Clinic weekly. Departments with consecutive excellent performances would be recognized by Chief Risk Officer and the Chairman. Furthermore Lessons learned were then disseminated to risk champions to further improve. Seminars for risk champions were organized on a quarterly basis to elevate the level of risk champions’ knowledge and skills to be ready for risk strategic, operational, financial, regulatory, sustainability and governance risks. There have been over 700 persons.
Risk Management and Business Continuity Management Training Program for Risk Champion (continuously)
The Risk Management Division, together with Panyatara Co., Ltd. and All Training Co., Ltd., organized training on risk management and business continuity for the Risk Champion in 2022 in an online format. More than 120 Risk Champions in the CP ALL Public Company Limited participated. The project aims to enhance skills and create learning experiences for new Risk Champions as the training is an opportunity for them to learn about CP ALL’s risk management approach and advance the ability to assess the risk management of departments according to the Risk Score criteria. In addition, the participants completed a knowledge test after the training to ensure their understanding of the topic. The training also focused on raising awareness of risk-finding and prevention methods, successively that the organization can conduct business without interruption.
Promote and Support SMEs Suppliers to take part in the Private Sector Collective Action against Corruption (CAC SMEs Certification) (continuously)
CP ALL organized a training program for the Private Sector Collective Action against Corruption (CAC SMEs) in 2022 for 40 SMEs entrepreneurs in an online format in the time of the New Normal. The objective is to encourage executives and employees, including suppliers, to operate in accordance with corporate governance principles. And to instill values of business operations with honesty, transparency, and without corruption. The Company raised the status of the organizations in CAC membership to the Change Agent level. All in all, there are 38 suppliers, or equivalent to 90% of the total, who have communicated and signed to join the declaration of intent to join the Private Sector Collective Action against Corruption.
Cybersecurity and Information Management
The Company recognizes the importance of cybersecurity and information security risk management and conducts a review of the information technology security policy. The policy was revised to be consistent with the international standard guidelines for information security management systems (ISO 27001).
The Company also adopts the international cybersecurity framework (NIST Cybersecurity Framework) in technical practices throughout the system, including personal data protection measures as follows:
Cyber Security Project (continuously)
Changing business model from offline to online subsequently put the Company at cybersecurity risk almost at all times. The Company, therefore, set up cyber security management guidelines for personnel, processes, and technology.
In 2022, the Company was rated on the credibility of cyber security management by an external party (BITSIGHT Security Rating Service), reflecting the responsibility of management and information management, credibility, and corporate image-the results show that the safety management has improved respectively and with the following actions initiated:
Continuously project to raise awareness of personal data protection
Raising awareness of personal data protection among employees at all levels is one of the Company’s key strategies and plans that aims to reduce the risks that may occur to the organization. In 2022, the Company operated to raise the level of personal data protection equivalent to international standards as follows:
Impacts and Benefits
activities with personal data comply with the Personal Data Protection Act
employees have passed a training and knowledge test of PDPA guidelines
response to the access right requests for personal data at an appropriate time
serious grievances
personal data breaches
Other Information
Sensitivity Risk
1.Business Environment Risk
According to business expansion continuously, the Company is aware of development of GHG emissions reduction initiatives for various operations, including research, pilot projects, and applied to the business as well as collaboration program with stakeholders thought value chain. Under continuously development principle, the Company has preliminary studied on advance sustainability targets, being a carbon neutral organization or net zero carbon 2030 afterward. The Company has simulated 3 GHG emissions reduction scenarios (shown in diagram 1) which all cases are linked with the business growth. Additionally scenario has been performed by limiting volume of carbon offsetting at 20% of projection BAU case in 2030. The offsetting cost of all remaining carbon emissions will be used for range determination.
Results are indicating cost that associated climate change mitigation and linkage with business case which reflect effort and preparations required for co-mitigating the global issue.
Diagram 1 GHG emissions and carbon offsetting
| Data Analysis | ||
|---|---|---|
| (inputs and factors used for the analysis) | ||
| Voluntary Emission Reduction | 42.72 | Euro / tonne |
| Exchange rate | 38.37 | Bath / Euro |
| Carbon emissions forecasting 2030 (CEF2030) | 3,042,632.71 | tCO2e |
| Target limited GHGs growth at 4% | 2,086,322.77 | tCO2e |
| Target GHG reduction at 4.2% each year | 1,764,726.97 | tCO2e |
| 1% of revenue 2020 | 5,465.90 | MTBH |
Table 1: Sensitivity analysis for carbon offsetting on target year 2030 scenario
| Unit (million THB) | |||||
|---|---|---|---|---|---|
| Carbon pricing valuation | -10% | -5% | +-0% | +5% | +10% |
| Carbon emission (CEF2030) | 4,488.64 | 4,738.01 | 4,987.38 | 5,236.75 | 5,486.12* |
| Targeting Limit GHG emission at 4% growth against BAU | 3,077.85 | 3,248.84 | 3,419.83 | 3,590.82 | 3,761.81 |
| Target GHGs reduction at 4.2% each year | 2,603.41 | 2,748.05 | 2,892.68 | 3,037.32 | 3,181.95 |
* exceeded threshold at 1% of revenue
2. Compliance Risk and Operation Risk
Sensitivity Analysis of Future Salary Growth and Employee Turnover Rate
| Consolidated Financial Statements | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1% increases in assumption | 1% decrease in assumption | 3% increases in assumption | 3% decrease in assumption | 5% increases in assumption | 5% decrease in assumption | |||||||
| 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | |
| At 31 December | (in million Baht) | |||||||||||
| Future Salary Growth | 437 | 466 | (387) | (416) | 1,311 | 1,398 | (1,161) | (1,248) | 2,185 | 2,330 | (1,935) | (2,080) |
| Employee Turnover Rate | (428) | (468) | 483 | 504 | (1,284) | (1,404) | 1,449 | 1,512 | (2,140) | (2,340) | 2,415 | 2,520 |
| Separate Financial Statements | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1% increases in assumption | 1% decrease in assumption | 3% increases in assumption | 3% decrease in assumption | 5% increases in assumption | 5% decrease in assumption | |||||||
| 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | |
| At 31 December | (in million Baht) | |||||||||||
| Future Salary Growth | 240 | 227 | (213) | (203) | 720 | 681 | (639) | (609) | 1,200 | 1,135 | (1,065) | (1,015) |
| Employee Turnover Rate | (234) | (230) | 266 | 262 | (702) | (690) | 789 | 786 | (1,170) | (1,150) | 1,330 | 1,310 |
3.Market Risk
Sensitivity Analysis of Discount Rate
| Consolidated Financial Statements | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1% increases in assumption | 1% decrease in assumption | 3% increases in assumption | 3% decrease in assumption | 5% increases in assumption | 5% decrease in assumption | |||||||
| 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | |
| At 31 December | (in million Baht) | |||||||||||
| Discount Rate | (406) | (439) | 443 | 502 | (1,218) | (1,317) | 1,329 | 1,506 | (2,030) | (2,195) | 2,215 | 2,510 |
| Separate Financial Statements | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1% increases in assumption | 1% decrease in assumption | 3% increases in assumption | 3% decrease in assumption | 5% increases in assumption | 5% decrease in assumption | |||||||
| 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 | |
| At 31 December | (in million Baht) | |||||||||||
| Discount Rate | (225) | (205) | 241 | 234 | (675) | (615) | 723 | 702 | (1,125) | (1,025) | 1,205 | 1,170 |
