Risk Management
Our Commitment
JMT Network Services Public Company Limited recognizes the importance of risk management as a critical tool to support sustainable and stable business growth.
Business risks may arise from various factors, including rapidly changing economic conditions, shifts in regulations and laws, industry competition, and internal organizational factors such as process vulnerabilities or operational errors. If not properly managed, these risks can lead to severe negative impacts on operations and the company’s reputation.
To address these challenges, the Board of Directors and management have integrated risk management into corporate strategy and good governance practices. Comprehensive policies and procedures have been established, covering risk identification, impact assessment, risk prioritization, and the implementation of measures to mitigate or control risks to an acceptable level.
The company also fosters a culture of risk management by raising awareness and understanding among employees at all levels through training, meetings, and regular communication. Employees are encouraged to participate in identifying risks and collaboratively developing appropriate preventive measures. This commitment strengthens collective responsibility within the organization and promotes proactive efforts to minimize future risks.
Effective risk management reinforces stakeholders' confidence—including investors, partners, customers, and business associates—that the company can handle uncertainties in the business environment efficiently. It lays a solid foundation for long-term growth.
JMT Network Services Public Company Limited is committed to prudent and sustainable risk management principles to maintain organizational stability and create value for all stakeholders across all dimensions of its operations.
Stakeholders Directly Impacted
Supporting the SDGs Goals
SDG 8
SDG 12
SDG 16
Management Approach
JMT Network Services Public Company Limited is committed to promoting and advancing good corporate governance across all dimensions of its business operations. The company has adopted the principles of Enterprise Risk Management (ERM), a widely recognized international standard, as a key framework for managing risks within the organization and its subsidiaries.
This approach is based on the risk management framework developed by COSO (The Committee of Sponsoring Organizations of the Treadway Commission), a comprehensive and globally proven standard for managing organizational risks. To ensure the success of the company’s risk management efforts, both in terms of efficiency and effectiveness, the Board of Directors, management, and employees at all levels are required to strictly adhere to the established risk management policies.
Compliance with these policies is not merely a business requirement but is also an integral part of fostering an organizational culture that prioritizes sustainable risk management practices.
Risk Management Structure
The company recognizes the importance of enterprise risk management, which plays a critical role in enabling the company to achieve its strategies, objectives, or goals. It also supports good corporate governance and sustainable growth. Therefore, the company has established a risk management policy to serve as a guideline and operational framework for all departments within the company and its subsidiaries.
- The Board of Directors is responsible for supporting, promoting, and overseeing the management of risks that may have a significant impact on the company.
- The Audit Committee is responsible for overseeing and independently monitoring risk management, reviewing the internal control system, communicating with the Executive Committee, and reporting to the Board of Directors regarding risks.
- The Executive Committee is responsible for approving risk management policies, monitoring the development of processes, and evaluating risks. Additionally, they communicate and coordinate with the Audit Committee regarding significant risks.
- The Chief Executive Officer is responsible for creating and reviewing risk management policies to align with changing circumstances, ensuring that the company has adequate and appropriate risk management plans in place.
- The Legal Officer / Regulatory Authority is responsible for establishing frameworks, plans, and processes for risk management within the department, presenting them to the Executive Committee for approval, and supporting and monitoring the department's risk management within their area of responsibility.
- The Internal Auditor is responsible for reviewing the internal control systems and the risk management operations.
- Supervisors and employees are responsible for identifying, measuring, controlling, monitoring, and reporting risks, as well as collaborating in the development and implementation of risk management plans.
Risk Management Process
The company continuously evaluates and monitors risk issues, taking into account both internal and external factors that may impact its operations across all dimensions. The company’s risk management process is systematically and comprehensively designed to effectively identify, analyze, and manage risks, focusing on maintaining risks at an acceptable level.
The company recognizes the importance of appropriate risk management to support business operations in alignment with its strategies, objectives, and goals, while also enhancing long-term stability and sustainability. The process consists of the following 8 steps:
-
1
Strategy and Objective Setting
Define strategies and objectives for the operations of all departments, and ensure that employees establish clear business strategies, objectives, or work goals that align with policies, targets, strategies, and acceptable risks.
-
2
Identifies Risks
The responsible department heads and employees should understand the risks, risk factors, and identify potential risks that may arise from both internal and external factors, which could result in both positive and negative events affecting the achievement of objectives.
-
3
Assesses Severity of Risk
The responsible department heads and employees should assess the risk based on the likelihood of an event occurring and the severity of its impact if the event were to occur.
-
4
Prioritizes Risks
The responsible department heads and employees should prioritize and address the urgency of managing risks. Activities with high risks and significant importance to achieving the strategy and objectives should be managed as a top priority. Activities with high risks but lower significance should be managed as the next priority.
-
5
Implements Risk Responses
The responsible department heads and employees should consider effective and efficient risk management methods, taking into account the acceptable level of risk, the costs involved, and the benefits to be gained. The risk response may involve choosing one method or a combination of several methods to reduce the likelihood or probability of an event occurring and the severity of its potential impact.
-
6
Develops Portfolio View
The responsible department heads and employees should develop risk management by integrating risk factors and the interrelationships between different departments, creating a shared risk management database for collaborative risk management.
-
7
Review and Revision
The responsible department heads and employees should ensure the monitoring of risks and review the results of risk management, making necessary adjustments to improve the process. This is to ensure that risk management is appropriately applied at all levels of the company, and that risks with significant impacts on achieving the company's objectives are reported to the responsible parties.
-
8
Monitoring
The responsible department heads and employees should ensure the continuous monitoring and review of risk management, communicate risk-related information, and report the results of risk management to the management committee regularly.
This is to focus on improving the corporate governance system to align with best practices in governance, as well as regulations and requirements from authorities and supervisory agencies. To keep the risk management policy current and suitable for the situation and changes, the company has established a requirement to review the risk management policy at least once a year.
Business Continuity Plan
The Business Continuity Plan (BCP) is designed to enable various departments within the company to respond and continue operations during crises or emergencies, whether they result from natural disasters, accidents, or malicious acts. The goal is to ensure that these crises or emergencies do not disrupt business operations or prevent continuity. If an organization lacks a response process during such times, it may impact various stakeholders in terms of economics, service delivery, society, communities, the environment, and even the lives and property of the public.
Therefore, developing a business continuity plan is crucial for enabling the organization to cope with unexpected emergencies, ensuring that critical business processes can resume operation at normal levels or within the defined service levels. This helps minimize the severity of impacts on the organization.
To address the uncertainty of such situations, businesses need to continuously analyze risks, prioritize them, and implement systematic risk management plans. Additionally, the business continuity plan should be practiced in simulated events to identify improvements and refine the plan, while also evaluating staff capability and plan effectiveness in responding to crises. This process involves the following management steps.
Assessing the impact of a crisis: This involves preparing plans in advance and being ready to handle any situation that may arise, ensuring that departments can continue their operations without interruption.
-
1
Establish a Business Continuity Management Team
To ensure the effective implementation of the Business Continuity Plan (BCP), with clearly defined responsibilities, reducing redundancy in addressing situations.
-
2
Analyze Business Impact
Prioritize impacts in both qualitative terms and workflows that need immediate attention, ensuring that the company can recover and return to normal operations as quickly as possible.
-
3
Emergency Notification Process (Call Tree)
Notify members of the Business Continuity Management Team (BCP Team) with accurate and consistent information, so each member can prepare their response plan systematically, based on the shared understanding of the event and their clear responsibilities.
-
4
Business Continuity and Recovery Plan
Carry out actions to restore the situation and bring it back to normal as quickly as possible.
-
5
Review and Update the Business Continuity Plan
Require management to regularly update the "Business Continuity Plan (BCP)" to enhance its effectiveness and ensure it aligns with the current situation, reviewing it annually.
Crisis or Emergency Management
The Business Continuity Plan (BCP) is used to ensure preparedness in case of a crisis or emergency situation at the office or within any department. The company must prepare a plan in advance and be ready to respond to any potential situations to ensure that operations can continue uninterrupted. The company has considered the potential impacts that may arise, as follows:
Flood event
Fire event
Power outage
Protest / Riot event
Terrorist event
Pandemic / Severe infectious disease event
Earthquake incident
Key Business Functions Management
To effectively respond to emergencies and potential disasters that may occur at any time, the Company has established strategic guidelines for managing its key business functions. These guidelines ensure the continuity of business operations under changing circumstances in a professional, timely, and highly efficient manner. The measures are outlined as follows:
-
1
Customer Management System
1.1 Back up the customer database on a high-standard cloud platform or secondary server, with regularly scheduled data backups at appropriate intervals.
1.2 Prepare an additional backup method for customer data using Excel files, to ensure access in case of internet network disruptions.
1.3 Restrict customer data access only to authorized departments to prevent data breaches during emergency situations.
-
2
Debt Collection Telephone System
2.1 Regularly inspect and maintain the functionality and performance of debt collection phones to ensure optimal readiness.
2.2 Establish official online communication channels between staff and customers and notify customers of these alternatives in advance, in case the telephone system becomes unavailable during emergencies.
-
3
Debt Payment and Collection Recording System
3.1 Communicate the Company’s official payment channels to customers regularly to prevent fraud or impersonation attempts during emergencies.
3.2 Develop a temporary debt collection record form using Google Sheets to allow for continuous internal communication and coordination in the event that the primary debt collection system is unavailable.
-
4
Customer Service and Help Desk
4.1 Headquarters and branch-based debt collection officers must continuously communicate and monitor emergency situations to ensure accurate and consistent awareness, enabling prompt and precise communication with customers.
4.2 Assign staff with strong listening and professional communication skills to handle customer inquiries effectively and minimize potential misunderstandings.
-
5
Human Resources Management System
5.1 Prepare a plan for recording employee working hours during emergency situations.
5.2 Develop a system for regularly checking employee headcount and status to ensure their safety and to enable swift support in urgent situations.
5.3 Establish an additional backup method for monthly salary disbursement in case the standard payment method becomes temporarily unavailable.
