The Audit Committee independently evaluates and reviews the effectiveness of the Company’s internal control systems to ensure that they are in compliance with good corporate governance principles and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control framework which is a generally accepted control framework. COSO consists of five integrated components: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities. The Audit Committee reviewed internal audit reports including audit findings and recommendations. Based on the Audit Committee’s assessment, the Board concluded that the Company’s internal control systems are adequate and effective, and are functioning consistently with corporate governance principles and the COSO internal control framework as summarized in the following sections.
The existing organizational structure is appropriate and effective for the Company’s business operations. It is the Company’s policy that directors, officers, and employees are expected to observe the highest code of ethics and avoid any actual or apparent conflict between their own personal interests and the interests of the Company. They are also expected to deal fairly with each other or with the Company’s suppliers, customers, competitors, and other third parties.
The Company applies rigorous risk assessment and management practices in all aspects of its business. The Company has processes in place to analyze and assess the significance of risks and determine mitigation measures to reduce those risks to the extent feasible. Risk management plans are embedded as an integral part of business processes, developed with consideration for both internal and external risk factors, and designed to include follow-up processes to ensure effective implementation and continuous improvement.
The Company adopted a Delegation of Authority Guide which summarizes the responsibilities and authorities that form the overall framework for ensuring business arrangements and transactions are reviewed and approved at an appropriate level. By delegating authority, management ensures decisions will be made by individuals with the required skills and knowledge. A basic premise is that the delegated authority bears with it the obligation to exercise good business judgment and due diligence as well as effective segregation of duties. In addition, the Company’s computer systems include effective application and general controls.
Information and Communication
Meeting agendas and supporting information are provided to Board members in a timely fashion to ensure that material information is available to those responsible for making relevant decisions. Minutes of the Board meetings, including relevant comments by Board members, are properly documented for subsequent review. All financial and supporting documents are retained in accordance with the Company’s Information Management System (IMS). The Company provides ongoing internal control training for employees.
Internal audit staff independently assesses compliance with policies and procedures and evaluate the effectiveness of all control systems relating to the business. The control weaknesses, irregularities, and business practice issues are promptly addressed and reported to management and subsequently reviewed by the Audit Committee. Corrective actions, in accordance with internal audit findings and recommendations, are monitored by the management of each business unit until the issues are appropriately resolved. The Audit Committee periodically reviews and assesses the effectiveness of the management follow up process.
Internal Control System
The Company recognizes the importance of an effective internal control system. In this regard, extensive internal controls and procedures, including those set out in the Company ’s System of Management Control (SMC) - Basic Standards and Controls Integrity Management System (CIMS), are fully established at all levels in the organization.
The internal control system, including compliance with policies and procedures, is formally assessed by independent internal audit staff and external auditors during each audit cycle. This includes a review of the effectiveness of all financial, operational, and related controls.
System of Management Control (SMC)
The System of Management Control (SMC) sets forth basic control principles, concepts, and standards. The Company implemented this system of management control to ensure the effective, efficient, and proper utilization of the Company’s resources. The basic purpose of the controls framework is to make sure business activities are conducted properly and in accordance with management’s general and specific directives.
The SMC is based on 7 basic principles: Decentralization of Management , Segregation of Duties and Responsibilities, Documentation, Supervision and Review, Timeliness, Relevance to Risk, and Minimum Interdependence of Controls. Management at all levels and in all areas is required to establish systems and procedures that meet these control principles.
Controls Integrity Management System (CIMS)
The Controls Integrity Management System (CIMS) is a formal system of internal methods and analytical tools to assess and mitigate operational, financial, and administrative control risks. It also facilitates the timely reporting to management of control weaknesses and business practice issues. CIMS is based on the principles and standards of SMC and provides key attributes of an effective control system that helps to ensure the Company’s policies and in-line controls are implemented and effectively sustained over time.
CIMS is comprised of 7 elements: Management, Leadership, Commitment & Accountability, Risk Assessment, Business Process Management & Improvement, Personnel & Training, Management of Change, Reporting & Resolution of Control Weakness, and Controls Integrity Assessment. Each element has 5 components: Objectives, Standards, Procedures, Expected Results, and Verification & Feedback Mechanism.
Auditing and Compliance
Business Practice Reviews (BPRs)
The Company has long recognized the importance and value of sound corporate governance, a straight-forward business model, and high ethical business standards. We believe the methods we use to obtain business results are as important as the results themselves. All employees are expected to be familiar with the Company ’s policies and standards of business conduct and apply them to their daily work. They are required to confirm their knowledge and compliance with the policies and standards on an annual basis. In addition, formal business practice reviews (BPR) are attended by all employees every four years.
The BPR objectives are:
- Promote the Company’s reputation for honesty and straightforward approach to business integrity
- Promote clear understanding of and compliance with the Standards of Business Conduct
- Demonstrate applicability of the Standards to all aspects of day-to-day business activities and practices at every level in the organization
- Convey consequences for non-compliance with the Standards
- Identify, evaluate, report, and where necessary, correct practices that may not be consistent with policies
- Report compliance concerns and ensure employee awareness of channels available for reporting concerns
The internal audit staff independently assesses compliance with policies and procedures, and evaluates the effectiveness of all control systems related to the business. Generally, each segment of the business is subject to an internal audit every three years.
In addition, business segments appoint controls advisors to provide guidance on controls and facilitate self-assessments for their units at the mid-point of the audit cycle based on CIMS and audit standards.
Management of each business segment is obligated to consider all internal audit and self-assessment findings and recommendations, and take appropriate corrective actions. In addition, the results of internal audits are reviewed by the Audit Committee.
Independent External Audit
Independent external auditors audit the Company’s financial statements in accordance with generally accepted auditing standards in Thailand to ensure that the financial statements are free of material misstatement and in conformity with generally accepted accounting principles.
The audit fees paid to the external auditor, PricewaterhouseCoopers ABAS Limited, for the 2020 accounting period were Baht 4,600,000. There were no other fees paid to the Company’s auditor.