Risk and Crisis Management
Most of the products sold in 10,988 7-Eleven stores nationwide are delivered via the Company’s distribution centers, with more than 2,000 manufacturers and suppliers delivering their products to the distribution centers according to the given delivery date. Therefore, the distribution centers play a vital role in 7-Eleven’s business in distributing products to stores across the country in a correct, complete and timely manner. Errors or problems at the distribution center and disruption of transport route due to floods, fire, communication system and information technology failure, severe accidents, or any force majeure from the supply chain system from the manufacturer to distribution centers and then delivery at the stores, will have an adverse impact on the sales of all 7-Eleven stores and business opportunity, and may negatively affect the Company’s operating performance.
The Company’s Risk Management
The Company has continuously reviewed its annual strategic plan in order to support the growth of new store openings to potential areas nationwide, together with an increase in same store sales growth. For the distribution centers, the Company has continued to evaluate the adequacy of the capacity in line with the growing sales turnover and new store openings, including the crisis management in regard of the distribution center where one interrupted. In case additional distribution center needed, the key consideration is a prime location which is in the safety area and be able to operate at the most efficiency of delivery to store. Distribution centers should be distributed along the metropolitan areas and provincial areas across the country in order to diversify operating risk and to support store expansion in the future. The Company has prepared and practiced the Incident Action Plan and conducted drill regularly planned to be ready to deal with various crises through 24 hours such as flooding, riots, fire, and blackouts. There is also a Crisis Assessment Team (CAT) which is responsible for providing warnings about the crisis to various departments in the risk areas so that they can prepare to deal with the crisis in a timely and appropriate manner. Business Continuity Management (BCM) includes using nearby distribution centers to deliver products, transporting products using large trucks, using alternative routes, finding alternative products, and establishing temporary distribution centers. The Company has also collaborated with key suppliers to develop a Business Continuity Plan (BCP) to prepare products and deliver them during crisis to minimize the negative impact on the sales revenue. In addition, the Company has appropriately bought insurance to compensate for loss and to alleviate the cost burden that may occur in the future, covering distribution centers, stores and subsidiary companies. By doing so, the Company believes that the distribution centers are sufficient to support store expansion plans in the future. On the other hand, the distribution centers can function as a secondary distribution network with each other across the country. In case if any place where a disruption or major transportation routes were not passable. The network can back up to replace at the most effectiveness.
Risk and Crisis Management Procedures for Business Continuity and Sustainability
Risk and crisis management procedures for business continuity and sustainability have been embedded into regular business operations and tailored to suit all internal corporate functions. Our Risk Culture, which adopts a working framework designed for both top-down and bottom-up approaches, encourages engagement at all levels and ensures that risk management plans and measures are practical and effective. The working framework comprises of 3 key steps: Pre-incident risk management, real-time incident management, and post-incident damage recovery, as reflected in the diagram below:
Every year, the Company reviews risks and regulations related to its business. Following from 2018 review, the Company continues to identify emerging risks as digital transformation, our digital presence risks, artificial intelligence, and governmental regulatory and policy change. The Company has studied and developed responsive approach, in the form of appropriate policies and guidelines. In 2018, the Company has identified a new emerging risk with potential impacts to the operations; as follows.
1. Disruptive Digital Technology
Technology is increasingly playing a bigger role in people’s lives and in business. Competition has intensified and consumer demands are fast changing, especially in the emerging innovation-driven competition and business landscape following the government’s announcement of the Thailand 4.0 strategy. The use of digital technology in transportation services, marketing, and online distribution, in the long-term, poses risks to traditional business models and distribution channel. While this may reduce the competitiveness of 7-Eleven stores, it also presents an opportunity to create new businesses and add value to the business.
Company Risk Management
The Company has continually reviewed its annual strategy to support business growth and develop a readiness strategy for Digital Transformation. To make it more convenient for customers to access the Company’s products and services, there is a need to increase sales channels beyond the storefront. The Company has developed systems and processes to manage its Omni-channel strategy to ensure that customers are able to access its products and services anytime and anywhere through a combination of offline and online stores. The Company has also created a new e-commerce sales channel, powered by 24 Shopping Co., Ltd., pursued various digital marketing activities, and promoted sales through the use of a mobile application to increase customer engagement. The “7-Eleven Thailand” Facebook page and LINE account have also been leveraged to communicate news and updates to and receive feedback from customers. In addition, the Company has also improved its payment gateways. Customers can now make ayments in 7-Eleven stores using barcodes through Mobile Payment portals of Alipay Wallet and TrueMoney Wallet. Payments through credit cards have also been added to increase convenience and encourage spending among customers with high purchasing volume per bill, as well as Chinese tourists.
The Company has started piloting a delivery service for small-size packages, including products purchased on leading online retailing websites. The service enables customers to retrieve their packages 24/7 at any store location in Thailand, and is operated as “At All” by Dynamic Management Co., Ltd.
2. Our Digital Presence Risk
The World Bank’s Thailand Economic Monitor 2017 reported that Thailand is “reaching the Digital Frontier”. Based on national capacity in different aspects and an assessment across various indicators related to digital economy, Thailand performed considerably well in terms of “affordability”—indicating value in spending for connectivity—usage of mobile services, as well as financial attractiveness for investment. This suggests a growth opportunity of the digital world and its potential socio-economic impact—a change which calls for adequate preparation.
The Company is cognizant of such transformation, and believes that the world’s future connectivity will inevitably connect our real and digital lives. The number of people with digital identities on the internet is increasing in tandem with the changing social contexts. This causes the Company to consider its digital presence, which includes the searching and sharing of information, expression of opinions, searchability, or even the building and maintenance of on-line relationships globally. If the Company fails to approrpriately manage its Digital Presence, it may lose its competitiveness, the opportunity to venture into new businesses, and its value creation to the Company.
Company Risk Management
The Company places importance on corporate governance by creating policies and procedures, a Business Ethics and Code of Conduct manual, an anti-corruption policy and other related guidelines. It also promotes efficient organizational development, rooted in transparency and morality and responsibility towards all stakeholders. In addition, the Company has also tasked the Corporate Communication and Reputation Management office (CCRM) to communicate and monitor news and information on its digital Corporate Image in order to ensure that all parties receive accurate, complete, and timely information.
3. AI and Decision Marking
Intelligence and Decision Making technologies recent times. In 2017, Google’s Alpha Go defeated a Chinese Go world champion and many other world-renowned players. In the future, should competitors be able to elect an AI on the Corporate Board of Directors to facilitate swift decision making based on available information and historical events, the Company may lose its competitiveness. By the same token, the Company may also leverage the use of AI as opportunity create new businesses and add value to the organization.
Company Risk Management
The Company regularly reviews its corporate strategies and incorporates global trends in technology and innovation, including Disruptive Technology, in the planning of it’s short- and long-term strategies. In addition, the Company has set up the Science Technology and Innovation Developent Office (STIDO) to forge cooperation between internal and external entities to develop its own technologies, which are aligned with the Company’s strategies and support its corporate sustainability.
4. Risk from Changing Government Policies and Laws
Monitoring changes at the local, regional, and international levels is part of a process to scope out important information to assist in the decision making and to forecast potential business impact resulting from new regulations both at the local and international levels. Regulations such as those pertaining to the carbon tax, for instance, contain requirements with particularities that are specific to different localities. If the Company does not monitor, anticipate, and prepare for their potential business impact, they may affect not only its competitiveness, but also the Group’s ability to achieve its growth targets as well. In order to ensure regulatory compliance and to manage these risks, the Company has the following measures.
Company Risk Management
The Company’s business practices are rooted in transparency, compliance with local and international laws and regulations, and continuously fulfilling the government’s policies in its compliance risk management and assessment of their potential business impact. The Company monitors and participates by giving its opinions on the legislation of emerging laws when authorized agencies are open for public hearing on the issues or concerned with the new regulations.
In addition, the Company has appointed a Corporate Governance Subcommittee, a Risk Management Committee, a Compliance Unit Office, and a Sustainable Development Committee to oversee legal compliance and enable the Company to operate with transparency, in accordance with good governance principles with its stakeholders, and ensure that it can adapt to regulatory changes related to its business operations and contain their impact at an acceptable level as per organizational risk management.
5. Cybersecurity Risk
As business operation and approach shift to become more reliance on digital technology, the Company provides different services on internet network, web application. Employees can now access internal drive when they are outside the Company. Remote access is now available and being utilized more in internal network. This leads to increased possibility of cyber threats, such as data theft. This maybe data on trades, or employee’s and customers’ data, which will affect the Company’s finance and reputation.
Company Risk Management
The Company has appointed a Chief Security Officer to be responsible for the Company’s information technology security. The information technology security management is provided by Go Soft (Thailand) Company. They also support in management of Internet Security Strategy System to ensure business continuity and mitigate risks to acceptable level. The strategy is reviewed at least annually. There is awareness building for employees on cyber security awareness continuously through internal communication channels. Employees are tested on Cyber Simulation Program to ensure accurate understanding of technology and relevant security practice against cybersecurity. This is in compliance to international standards, such as ISO 20000 and ISO 27001.
Under this framework, CP ALL Plc. the (“Company”) has taken wide range of actions to increase awareness and sensitization in discovering corporate risks. These include:
- The Black Swan Award is a project that has been in place since 2015. In 2018, the Company organized a competition to discover “Black Swan” risks, under the following six risk issues:
- Business Continuity
- Work Process
- Product and Service
- Corporate Sustainability;
- Other Activities related to companies in the Group
Participating employees can submit risk issues through multiple channels, including electronic media through QR Codes for convenience and greater participation. In 2018, one submission was awarded on the following risk issues: capacity to comply with regulations and requirements, food safety, human rights issues, and safety. The awarding criteria included conceptual approaches in identifying and providing control, preventive, and management measures for “Black Swan” risks, which were used by the management team to supplement their consideration in developing practical preventive measures and effective implementation.
The “Mai-Na-Loei” Project monitors and reviews both national and international situations reported by the media or experts in order to identify issues relevant to the Company and to Environmental Social Governance criteria (ESG). The output of this project will be used to form case studies that guide the assessment of Corporate Risks and Business Continuity.
Efforts on Risk and Crisis Management for Business Continuity and Sustainability have enabled the Company to identify the following emerging risks and Environmental, Social, and Governance risks:
Risks identified either by function representatives or Risk Champions, and those assessed through other channels, will be reported to the Risk Manager for a joint review of specific plans and measures, and prevention of business disruption. The mitigation and prevention plans will be cascaded to the Risk Committee and Audit Committee for reviewing every quarter and half a year, respectively. Emergency cases can be immediately reported before the regular reporting period.