Risk and Crisis Management and Resilience

Central Retail places utmost importance on risk management and strengthening crisis response capabilities, particularly given its diversified portfolio and global operations. With on going global shifts, the company prioritizes comprehensive risk management, encompassing vigilant monitoring, proactive mitigation, and effective response strategies. Central Retail is the committed to increasing awareness and comprehension of risk management protocols across all business units, to promote a proactive risk culture among employees at every level. In addition to improving organizational flexibility, the company is exploring new opportunities for business growth

Impact to Business, Stakeholders, and Human Rights

By applying effective risk management processes and prevention measures, as well as fostering a flexible risk management culture, Central Retail can reduce the likelihood and/or mitigate potential losses that may disrupt critical business activities, lead to disputes and legal issues, or damage reputation, lives, and assets.

It can be confirmed that by improving the efficiency of creating an environment and work processes, Central Retail can achieve sustainable growth by increasing profits and reducing operational costs. As a result, employees feel secure and work safely, partners will trust in the organization's ability to ensure reliable payments and maintain strong business relationships, customers will be satisfied and have confidence in the quality and consistency of products and services, and communities will benefit from a source of income and financial stability through collaboration with Central Retail. The government will also benefit from tax payment, while shareholders and investors will enjoy appropriate returns as well as dedicated to upholding human rights in all its operations

On the contrary, inadequate risk management and lack of disaster resilience capabilities can result in the cessation of Central Retail's business operations, thereby impacting revenue, product quality, and leading to heightened operating expenses.

Management Approach

Risk Governance

Central Retail has established its structure, roles, and responsibilities in the risk management process as follows:

The Risk Policy Committee (RPC) comprises independent directors, with the Chief Executive Officer (CEO) playing a role in aligning risk management policies with the Company's objectives and strategies. The RPC is tasked with supervising, advocating, and encouraging Central Retail to effectively manage risks in accordance with established policies and international standards. This includes continuous monitoring and assessment of the efficacy of risk management policies, along with providing ongoing advisory support on risk-related matters. The RPC is mandated to regularly report to the Board of Directors and the Audit Committee (AC), convening at least biannually. Additionally, it delegates the Risk Management Unit to liaison with AC to assess the adequacy of Central Retail's internal control systems and extending oversight to its subsidiaries.
The Risk Management Committee (CRC RMC) is appointed by the RPC, with the Chief Executive Officer (CEO) serving as Chairman and the Chief Financial Officer (CFO) as Vice Chairman. The committee comprises the Chief Digital Officer (CDO), Chief Business Unit Officer, and the Assistant Managing Director of Investor Relations and Risk Management as directors. Operating as the second line of defense in alignment with the principles of the three lines of defense, the CRC RMC is tasked with deliberating on strategies, risk items, frameworks, and risk assessment criteria. Moreover, it oversees the reporting of risk management outcomes at both organizational and departmental levels by convening with RPC at least semi-annually to report progress on risk management outcomes.
The Risk Management Unit comprises proficient individuals with specialized knowledge and experience in risk management, operating as the second line of defense in alignment with the principles of the three lines of defense, its primary responsibility is to conduct risk assessment and analysis. Additionally, it plays a role in compiling a list of key organizational risks (Corporate/CRC Risk), its degree, and Key Risk Indicators (KRI), as well as developing Risk Management Plans (Risk Mitigation Plans/Risk Management Plans). These plans are then reported to the Risk Management Committee (CRC RMC) for approval and ongoing monitoring. The outcomes and the performance of risk management activities are reported to both CRC RMC and RPC respectively, according to predefined intervals or, at minimum, semi-annually
The Risk Owner, appointed by CRC RMC, comprises executives from each business unit, support unit, division, or department, serving as the first line of defense in adherence to the three lines of defense principles. Their primary responsibility is to identify, analyze, and evaluate risks within their respective areas of operation. Additionally, they are tasked with developing guidelines for responding to risks and overseeing the monitoring, the controls execution, and reporting of risk management outcomes to the Risk Management Working Team.
The Internal Audit Department comprises specialized expertise in internal auditing field, performing its duty independently from other business units to maintain the principle of the three lines of defense. Functioning as the third line of defense, which responsible to assess internal controls, ensuring that Central Retail achieves its objectives and goals efficiently and effectively within the risk management framework. Additionally, it also provides insights regarding inspection, risk management, internal control, and essential operational processes. The department evaluates the sufficiency and efficacy of risk management within its designated mandate and scope of work, presenting periodic progress reports and synthesizing key issues for review by the Chief Executive Officer and the Audit Committee on a quarterly and annual basis.

ดูภาพขยาย

Risk Management Policy

The Company recognizes the importance and necessity to adopt the internationally standardized risk management system to its management in order for CRC to achieve its objectives in an efficient and effective manner and to comply with the relevant laws and standards. To limit the overall risks within the acceptable level, the Risk Management Policy has been defined as follows:

Determine that the risk management is the responsibility of employees in every level whereby they must be aware of risks in operations of their own units and of CRC as well as focus on managing different types of risks under the systematic internal control in an adequate and appropriate manner.
Establish the enterprise risk management process that is in accordance with the good international standards in order to efficiently manage risks that may affect CRC’s operations, bring developments, and carry out the risk management in the same direction throughout the organization by embedding the risk management system as part of the decision-making, strategic planning, plans and operations of CRC as well as focusing on achieving the specified objectives, goals, vision, mission and strategies to establish operational excellence and build confidence of relevant parties.
Set up measures to prevent and mitigate the risks from CRC’s operations in order to avoid any damage or loss that may incur.
Promote and develop a cutting-edge information technology system to be implemented in CRC’s risk management process and support personnel at all levels to have access to the sources of risk management information thoroughly as well as set a system to report the risk management to the Risk Policy Committee in an efficient manner.

Enterprise Risk Management (ERM) Process

Central Retail manages risks according to COSO ERM 2017 standards that adopts an integrated approach to enterprise risk management process, encompassing the concepts as follow:

Governance & Culture

Establishing a structure, roles and responsibilities of risk management
Fostering an organizational culture of risk awareness

Strategy & Objective-Setting

Formulation an integrated strategy on risk management
Developing strategies in accordance with an acceptable risk level and risk appetite

Performance

Setting and assessing risk level, risk appetite, and sensitivity analysis
Prioritization of risks based on magnitude and likelihood of potential risks

Review & Revision

Regularly monitoring of operating results and review of risk exposure
Review risk mitigation measures for continuous improvement

Information, Communication, and Reporting

Promoting use of information technology system in risk management
Raising awareness through proper communication and reporting

Central Retail identifies and assesses risks, including ESG risks, that are deemed as detrimental to the achievement of corporate strategies and business objectives. The risks are then prioritized into low, medium and high based on impact criteria and likelihood criteria. Central Retail’s risk matrix for 2023 is shown below.

Risk Assessment Criteria and Matrix

Risk Level	Impact Criteria	Likelihood Criteria
High Risk (Unacceptable) Need to manage immediately and report the results to Top Managements	High impact on the business operation	High chance of occurrence
Medium Risk (Acceptable) But need to be controlled and monitored regularly by Risk Owners or set additional mitigating actions	Moderate impact on the business operation	Moderate chance of occurrence
Low Risk (Acceptable) The risk is controlled by the existing process as usual	Low impact on the business operation	Low chance of occurrence

Risk Level

Impact Criteria

Likelihood Criteria

High Risk (Unacceptable)

Need to manage immediately and report the results to Top Managements

High impact on the business operation

High chance of occurrence

Medium Risk (Acceptable)

But need to be controlled and monitored regularly by Risk Owners or set additional mitigating actions

Moderate impact on the business operation

Moderate chance of occurrence

Low Risk (Acceptable)

The risk is controlled by the existing process as usual

Low impact on the business operation

Low chance of occurrence

2023 Risk management performance

In 2023, Central Retail Corporation convened quarterly meetings of the Risk Policy Committee and Risk Management Committee to oversee the risk management practices of the organization. Leading up to the end of 2022, the risk management team conducted a thorough analysis of significant risk profiles, utilizing Central Retail's vision, mission, values, and objectives as central pillars in their risk assessment process. In addition, they considered various internal and external factors, business context, economic trends, political climate, societal influences, technological advancements, environmental considerations, legal regulations, as well as insights from reputable international organizations such as the World Economic Forum, CRO Forum, and Internal Audit Foundation.

Furthermore, Risk data from business units was utilized to create a preliminary framework for risk appetite, risk tolerance, risk indicators, and risk assessment criteria. This framework considered statistical data on events and operational outcomes that have had a direct impact on Central Retail and similar businesses. Following this, a summary of the data was updated to senior management through surveys to identify key risks, levels of risk severity, risk appetite, risk tolerance, Key Risk Indicators (KRI), and risk assessment criteria for approval by CRC RMC and RPC. Subsequently, Risk Owners were assigned to oversee and manage risks within their respective departments. Risk exposures are then assessed based on the impact and likelihood criteria as shown in the risk matrix. Risk exposures is regularly reviewed and updated at least twice a year to ensure risks are well managed throughout the organization.

Risk	Description	Risk tolerance	KRI	Mitigation action	Responsible person
Strategy risk: S1 Macroeconomic risks	Risk of potential impact on the Company's financial performance due to fluctuations in macroeconomic factors	The Company accepts fluctuations that may affect financial performance target by no more 5%	Headline Inflation rate GDP FX rate Interest rate CCI Tourism trend Household debt	Boost sales and expand customer base in all channels Carefully expand new stores in high potential locations Uplift profitability and investment return by focusing on 3C (Cost, Cash, Capex) management	Corporate strategy & Special project Unit Financial and Accounting BUs
Operational risk: O1 Inventory and obsolescence risk	Risk arising from an inadequate stock management may lead to a decline in product value, financial impact, and sales performance	The Company allows flexibility in management, which may affect the target by no more 5% than an acceptable ratio.	Inventory day Obsolescence	Utilize data analytics to optimize order amounts, minimize excess inventory, and avoid obsolescence Provide sales Promotion to release stock Consistently examine and revise the Planogram.	Supply Chain management and related functions of all BUs
Compliance risk: C2 Fraud & corruption risk ^*	Risk from any misconduct from regulatory compliance and good corporate governance. This risk could impact on legal, financial, reputational, and operational aspects of the Company	According to good corporate governance, Central Retail will not tolerate any risks from fraud, corruption, and any regulatory non-compliance	No. of Fraud or Corruption case Control effectiveness	Enforce stringent internal controls by establishing clear policies, monitoring effectiveness of controls, and maintaining a clearly defined reporting hierarchy Establishing a culture centered on ethics and compliance by informing the Anti-Corruption Policy to employees Establish whistleblowing channels formally.	Internal Audit Department Compliance Loss Prevention

Risk

Description

Risk tolerance

KRI

Mitigation action

Responsible person

Strategy risk:

S1 Macroeconomic risks

Risk of potential impact on the Company's financial performance due to fluctuations in macroeconomic factors

The Company accepts fluctuations that may affect financial performance target by no more 5%

Headline Inflation rate
GDP
FX rate
Interest rate
CCI
Tourism trend
Household debt

Boost sales and expand customer base in all channels
Carefully expand new stores in high potential locations
Uplift profitability and investment return by focusing on 3C (Cost, Cash, Capex) management

Corporate strategy & Special project Unit
Financial and Accounting
BUs

Operational risk:

O1 Inventory and obsolescence risk

Risk arising from an inadequate stock management may lead to a decline in product value, financial impact, and sales performance

The Company allows flexibility in management, which may affect the target by no more 5% than an acceptable ratio.

Inventory day
Obsolescence

Utilize data analytics to optimize order amounts, minimize excess inventory, and avoid obsolescence
Provide sales Promotion to release stock
Consistently examine and revise the Planogram.

Supply Chain management and related functions of all BUs

Compliance risk:

C2 Fraud & corruption risk ^*

Risk from any misconduct from regulatory compliance and good corporate governance. This risk could impact on legal, financial, reputational, and operational aspects of the Company

According to good corporate governance, Central Retail will not tolerate any risks from fraud, corruption, and any regulatory non-compliance

No. of Fraud or Corruption case
Control effectiveness

Enforce stringent internal controls by establishing clear policies, monitoring effectiveness of controls, and maintaining a clearly defined reporting hierarchy
Establishing a culture centered on ethics and compliance by informing the Anti-Corruption Policy to employees
Establish whistleblowing channels formally.

Internal Audit Department
Compliance
Loss Prevention

Remark: * Central Retail has established specific criteria for assessing fraud and corruption risks. These criteria designate the likelihood of occurrence and the acceptable level of impact as very low. Consequently, this risk is considered more sensitive than other risks, frequently resulting in a risk level classified as medium (yellow) or high (red). These measures are implemented to ensure the prevention, monitoring, and close oversight of such risks.

Risk Culture

Central Retail is dedicated to fostering a culture of risk awareness across the entirety of the organization, encompassing key personnel within Central Retail as outlined below:

Central Retail is committed to cultivating an environment where risk consciousness is integral throughout the organization, particularly among the essential personnel of Central Retail as delineated herein

Board of Directors and Executive level: Inviting experts from various institutions specializing in risk management. These lectures will provide valuable insights into important risk data and trends, ultimately enhancing the skills and knowledge of senior management and the board of directors. This initiative aims to improve our ability to effectively manage risks within the organization.
Employee level: Central Retail provides a variety of training programs, which include online e-learning courses focusing on essential aspects of risk management. These initiatives aim to enhance employees' understanding of risks across all levels of the organization, covering topics such as:
1. Occupational Safety, Health and Work Environment: All employees at Central Retail are provided with thorough safety and emergency training. This training has been successfully completed by 100% of our workforce. For additional details, please refer to our Sustainability Report on page 83.
  Read More
2. Anti-Corruption: Central Retail has provided training on anti-corruption, with the participation of the entire Board of Directors (100%), 72% of senior executives, and 91% of employees. For further information, please refer to the Central Retail Elevation Excellence Sustainable Future Performance Data 2023 document, available on page 4. Additional details can be found therein.
  Read More

In addition, Central Retail has established risk management performance as a Key Performance Indicator (KPI) for employees and executives engaged in risk management. For instance, the management of Health & Safety risks has been implemented as a KPI for the Occupational Safety, Health and Work Environment Committee in some business units.

Furthermore, Central Retail places significance on diverse risk factors stemming from the implementation of business models and services, as well as the integration of tools, equipment, or technologies into its operational framework. Such risks include security concerns related to branch renovations or upgrades, challenges associated with the unsuccessful expansion of branches as projected, and the uncertainties accompanying the development of innovative business models. To effectively address these risks, Central Retail has devised comprehensive frameworks and risk management protocols for its projects, alongside establishing a New Business Checklist specifically tailored for ventures like Tops Care, Tops vita, Pet & Me. These resources serve as guidelines for enhancing risk management practices within the organization

Project Highlights

GRC (Governance, Risk, Compliance) training course for the Board of Directors and Executives

In 2023, Central Retail organized training sessions for the Board of Directors and executives with the aimed of fostering comprehension of GRC principles and practical implementation. The session mainly conducted in collaboration with consulting firms to share knowledge and expertise on GRC methodologies

Risk Management Training

In addition, Central Retail has released the GRC E-Rulebook on the intranet so that employees can study and explore GRC more conveniently, as well as use it as a tool to promote understanding of the GRC framework and proactive risk management throughout the organization as well

Risk Management Manual

Central Retail has already published a risk management manual to equip employees with the knowledge and skills to identify, evaluate, and effectively respond to potential risks relevant to their accountability. This manual is readily accessible through the company's intranet platform. Moreover, it was provided as a vital communication tool for engaging with key individuals involved in driving risk management initiatives, including the Risk Policy Committee, the Risk Management Committee, department/business unit supervisors responsible for risk management, and risk owners.

Emerging Risk

The Company has been consistently identifying and assessing emerging risks, or those that appear low level of impact in the short term but gradually become significant in the long term. The Company has identified the cost-of-living crisis and terrorism as significant emerging risks specific to the Company’s context, which are also considered as a risk item of the Global Risk Report of the World Economic Forum 2023. To mitigate the impact of these emerging risks, the Company places importance in strengthening its resilience.

Consumer Behavior Change from Emerging Cost of Living Crisis

Category	Societal
Description	The cost-of-living crisis is a social risk that ranks among the top 10 in global risk rankings. It is likely to occur during the next 2-3 years, which directly causes people to become more careful and conservative in their consumption behavior by focusing only on products that are daily necessities. In addition, fluctuations in inflation rate and prices, especially energy prices, goods, and services, lead to varying interest rate adjustments that can affects debt issues and the government’s fiscal planning. Reference: https://www3.weforum.org/docs/WEF_Global_Risks_Report_2023.pdf
Impact	The increase in the cost of goods and services not only increases the Company's operating costs but also increases the cost of living, which is inconsistent to the stagnating household income and economic growth. This may result in reduction in the purchasing power of consumers. Meanwhile, retail business becomes more competitive due to increased competition from online-commerce and mass-market retailers which impact on the Company’s sales and revenue. However, the government's economic stimulus policy may benefit retail businesses in the short term, but some conditions in the policy may hinder business operations in the long term.
Timeframe	2024 - 2026
Mitigating Actions	Driving the Company's business operations according to the CRC Retailigence strategy and creating a foundation for managing financial status based on the 3C principles (Cost, CAPEX and Cash Flow). Changing strategies to be in line with consumers’ behavior change, developing the Central Retail Ecosystem and the Next-Gen Omnichannel Platform to enhance the shopping experience for each individual (ultra-personalization) while seamlessly connecting online and offline shopping. Efficient expenses management, such as product management expenses, promotional expenses to meet customer needs, and the use of innovations to save energy within the company. Continuously increasing long-term profit rates, such as ordering products in bulk to achieve reasonable costs. Adjusting the financial cost structure to suit interest rate fluctuations. Creating attraction for customers and creating sales growth by opening new branches or renovating existing department stores throughout Thailand, Vietnam, and Italy

Increasing Risks of Terrorism

Category	Geopolitical
Description	According to the 2022 Global Terrorism Index (GTI), a survey of 163 countries on terrorism conducted by the Institute for Economic & Peace (IEP), it was found that Thailand's GTI was ranked 26th globally. This shows an increase of 4 ranks higher than previous year (2021), indicating that Thailand has higher risks of terrorism. Reference: https://www.visionofhumanity.org/maps/global-terrorism-index/#/
Impact	GTI shows that Thailand is likely to be at a higher risk of terrorism, which can take many forms including stress and frequency of violent behavior in public places. For example, a shocking terrorist incident involving mass-shooting occurred at a department store located in downtown Bangkok in October 2023. Such terrorism incidents cause loss of life to people and negatively affect the department store and the Company’s reputation if appropriate response measures are not readily and quickly in effect. Furthermore, it undermines consumer confidence and deteriorates the shopping experience, leading to feelings of distress and insecurity among customers. Additionally, the Company operates many department stores in prime locations that serve as popular destinations among international tourists. Terrorism incidents may turn down the traffic of potential tourists and significantly decrease the Company’s performance.
Timeframe	2024 - 2026
Mitigating Actions	Action prescribed as basic guidelines: During March 2023, the Board of Directors has concluded that the Company shall prepare and create a plan for the event of a mass shooting by allowing business units with relevant areas to prepare plans and participate in rehearsals with police officers, for example, the CDS business unit has completed 100% of rehearsals during October 2023 and for business units that depend on the owner of the area (Central Pattana) will be operated according to the plan of the area owner as well as purchasing an insurance policy to cover damages in the events of emergency. Action on immediate response during an incident: The Company has issued an announcement of “How to Survive in a Shooting Incident” to employees. To create more confidence for customers, Central World and Central Pattana has issued additional announcements regarding raising the level of security within the shopping center, including installing a checkpoint for customer bags and baggage at the entrance, monitoring security through the shopping center’s CCTV system, arrangement of security guards to patrol the shopping center to assist customers and store employees in the event of abnormal events, and the readiness of trained security personnel to suppress all types of misfortunes