Risk Management
Supporting the Sustainable Development Goals (SDGs)
Goals and Performance Highlights
Goals
Performance
Commitment, Challenge and Opportunity
The Company has adopted the COSO ERM 2017 risk management framework, an international standard, as the core guideline for enterprise risk management. This ensures that the processes for identifying, assessing, controlling, and monitoring risks are systematic, comprehensive, and aligned with all dimensions of the Company’s business operations. The organization has established a Risk Appetite that is linked to its business strategy, serving as a guideline for decision-making by executives and related departments. This helps ensure that risks are managed efficiently and maintained within an acceptable level.
In addition, the Company has appointed a Risk Management Committee responsible for overseeing, monitoring, and reporting risk management performance to the Board of Directors at least twice a year. This is to ensure transparency and credibility in the governance process. The Company has also established a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) to ensure preparedness for potential emergency situations. These plans enable the Company to maintain uninterrupted business operations and strengthen the confidence of all stakeholders.
The Company’s real estate business faces challenges arising from a wide range of external and internal factors. In particular, economic conditions and fluctuating interest rates, which directly affect customers’ purchasing power as well as the Company’s capital costs. In addition, increasingly stringent and rapidly evolving regulations and requirements related to Environmental, Social, and Governance (ESG) exert pressure on the organization to continuously adapt both in operational practices and in data reporting. Another significant challenge is Climate Risk, including floods, earthquakes, severe storms, and air pollution, all of which directly impact construction activities and real estate project operations. At the same time, greater reliance on digital systems exposes the Company to heightened cybersecurity threats that could affect data integrity and service continuity. Furthermore, the Company also faces Emerging Risks, which are difficult to predict, For example, changes in demographic structure, climate change, and supply chain disruptions. These risks may affect the Company’s adaptability and long-term business sustainability.
The Company recognizes the potential risks and opportunities that may arise in the future. The Company integrates ESG considerations and Climate Risk into its enterprise risk management system to manage risks and create opportunities for developing new work processes and products that address those risks. This approach builds confidence among stakeholders and investors that the Company manages risks comprehensively and remains responsive to social and environmental changes. In addition, the Company incorporates resilience into project design, such as allocating green spaces, implementing rainwater retention systems, and developing internationally certified green buildings. These measures not only help reduce environmental impacts but also enhance the value of the projects in the eyes of customers and investors. Furthermore, collaborating with suppliers and partners across the supply chain to jointly manage environmental and social risks represents another opportunity to create shared value and raise the standard of sustainable business operations. Strengthening transparency and good corporate governance through proactive risk management also supports the Company’s reputation in the capital market, increases credibility, and reinforces long-term organizational sustainability.
Management and Strategic Approach
The Company also defines a Risk Appetite that aligns with its organizational strategy and uses it as a decision-making guideline for executives at all levels, from the Board of Directors to operational departments. A Risk Management Committee has been established to set and review the risk management policy, the Risk Management Committee Charter, the Enterprise Risk Management Framework, and the risk management processes. This ensures that the framework remains up to date with changing conditions and is suitable for business operations. The committee also provides recommendations on risk management approaches that align with the Company’s strategic direction and business plan, enabling Risk Owners to manage key risks within the acceptable level (Risk Appetite). This ensures that the Company maintains adequate and effective risk management in accordance with international standards (COSO ERM 2017), while continuously supporting the development of risk management practices at all levels to foster a strong risk management culture throughout the organization.
In 2024, two meetings of the Risk Management Committee were held, utilizing various risk assessment tools such as the Risk Map and Risk Radar Chart to evaluate risks across different areas and present the results to the Committee. In addition, the Company monitored, assessed, reviewed, and approved of the Risk Management Plan, which covers all significant categories of risks, and reported the risk management outcomes to the Board of Directors. These risks include:
Strategic Risk
Operational Risk
Financial Risk
Compliance Risk
Corruption Risk
Market Risk
Cyber Risk
ESG and Climate Risk
Emerging Risk
The Company places great importance on strengthening a risk management culture throughout the organization. All employees are encouraged to recognize the significance of risks and actively report any identified risks through designated channels, such as riskmgt@supalai.com . Risk topics are integrated into discussions in all meetings. The Company has also established a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) to ensure operational continuity in the event of emergencies or disasters.
The Company's risk management policy and plan reflect its strategic readiness, the integration of risk management into its organizational structure, and its strong commitment to transparency and accountability. These practices help build trust among shareholders, investors, business partners, and all stakeholders.
Enterprise Risk Management Plan
The Company conducts annual reviews and assessments of significant business risks through meetings of the Risk Management Committee, which is composed of experienced and knowledgeable executives. The Company utilizes tools such as the Risk Map and Risk Radar Chart to analyze risk interrelationships and prioritize urgent risks, ensuring efficient resource allocation. Appropriate risk mitigation measures and management plans are then developed in alignment with the Company’s strategic goals and presented to the Board of Directors. Each business unit is assigned responsibility for managing and reducing its risk levels to within an acceptable threshold (Risk Level), thereby supporting the successful achievement of the Company’s strategic plan.
Risk Management Culture
The Company is committed to cultivating a strong risk management culture among employees at all levels across the organization. This is achieved through continuous mindset development to ensure that everyone recognizes the importance of the Company’s risk management processes and can naturally and consistently apply them effectively in their daily work.
The process begins with leadership, comprising the Board of Directors and executives at all levels, who serve as role models in reinforcing risk management practices. Their leadership helps instill shared responsibility and supports employees in applying risk management knowledge to risks related to their roles.
The creation of a risk management culture focuses on equipping employees with the knowledge, understanding, and capability to manage associated risks naturally. Executives at every level play a crucial supporting role in driving organizational change and promoting sound frameworks that enable rapid identification and effective management of risks. The objective is to support the Company’s goals, vision, and mission.
The Successful Factors of Creating a Risk Management Culture Consist of 3 Aspects
To serve as a tool for fostering a positive work environment alongside the effective management of risks that may impact the Company in a timely manner, thereby supporting long-term business sustainability, the Company places strong emphasis on promoting a risk management culture across the entire organization. This ensures that the Company achieves stable and sustainable growth through cultivating a risk-aware culture grounded in risk management policies and frameworks, risk management structures, governance mechanisms, and continuous monitoring of risk management progress at all levels.
The Company has established guidelines for strengthening its risk management culture and mandates their application to employees at all levels. Additionally, the Company communicates the objectives and benefits of organizational risk management to all employees. These guidelines consist of six key components, as follows;
Risk Management Culture Guidelines
Risk Governance
Leadership
- A risk review agenda must be included as one of the mandatory discussion items.
- The meeting chair shall raise risk-related issues at every meeting to build awareness and maintain continuous importance of risk management.
- Risk management actions must be closely monitored and implemented in a concrete manner, with ongoing agenda items for reporting follow-up on resolutions related to risk management.
- The meeting chair must report the results of risk management actions to the next level of meeting.
Risk Management Structure
Risk Management
The Company applies risk management techniques in alignment with academic principles and integrates psychological approaches to enhance effectiveness, as follows:
- The Company adopts the COSO ERM 2017 framework and ISO 9001:2015 standards as tools for risk identification, risk assessment, risk management, and monitoring and reporting. Key Risk Indicators (KRIs) are also used as early warning signals to support preparedness and proactive prevention measures in cases where there is an increasing likelihood or potential impact of risks
- Conducting internal quality management system audits by employees appointed as Internal Quality Auditors (IQA), focusing on process-level assessments. The audit scope covers ESG-related risks (E = Environment, S = Social, G = Governance), including safety risks that may directly or indirectly affect stakeholders, along with identifying appropriate risk mitigation measures.
- Promoting a risk management culture among supervisors by requiring them to perform self-assessment (Self-Declared) every two years.
- Measuring the effectiveness of the risk management culture by having subordinates evaluate their supervisors every two years.
The objective of the activity is to raise risk management awareness among no less than 80% of employees. The results showed that 95% of employees demonstrated awareness of risk management. The top three areas in which employees rated their supervisors/managers the highest are as follows.
- Supervisors prioritize risk management and effectively communicate risk management knowledge for practical application in daily work.
- Employees are informed about organizational-level risks and receive detailed risk-related information from their supervisors and/or senior management.
- Supervisors actively listen to employees’ input and use it for risk management in their work.
Risk Communication
Dissemination of Risk Management Knowledge
Agile Transformation and the Development of Risk Management Processes
The Company has adopted Agile principles within the organization to enhance and modernize its risk management processes. Key examples include:
360° Risk Management
Risk Management Throughout the Workflow
Risk Management In-Process
The Executive Committee
Stakeholders Directly Impacted
Shareholders / Investors
Positive Impacts
- Gained confidence that the Company has a risk management system aligned with international standards, is transparent, and supports sustainable growth.
Expected Impacts / Risks
- Expect consistent returns, require transparency in information disclosure, and the Company’s capability to manage economic and regulatory risks.
Customers
Positive Impacts
- Confident in project quality designed to address environmental and disaster risks such as flooding and green buildings.
Expected Impacts / Risks
- Expect safety, construction quality, and project continuity even during crisis.
Employees
Positive Impacts
- Received training and a risk-aware culture, with BCP/DRP systems in place to ensure operational stability.
Expected Impacts / Risks
- Expect job security, crisis-impact mitigation, and strong cybersecurity management.
Suppliers / Contractors
Positive Impacts
- Received support to jointly enhance risk management and ESG systems, raising standards across the supply chain.
Expected Impacts / Risks
- Expect fair selection, responsible risk management without burden-shifting to suppliers, and timely payments.
Community / Society
Positive Impacts
- Benefited from projects designed to reduce environmental impacts and include disaster-prevention measures.
Expected Impacts / Risks
- Expect the Company to manage environmental risks such as dust, wastewater, flooding, and to communicate transparently.
Government Agencies and External Parties
Positive Impacts
- Saw compliance with laws and regulations, reducing non-compliance risks.
Expected Impacts / Risks
- Expects accurate reporting aligned with frameworks such as GRI, TCFD, environmental laws, and anti-corruption measures.
