Internal Control and Risk Management

Internal Control and Risk Management

Internal Control

Recognizing the importance of an internal control system, the Board of Directors has put in place an internal control system that governs the financial, management and operational aspects for greater effectiveness and efficiency in accordance with related laws and regulations. Meanwhile, an emphasis is placed on continuous improvement according to COSO (The Committee of Sponsoring Organizations of Treadway Commission) with respect to organizational and control environment, risk assessment, control activities, information and communication and monitoring activities.

The Board of Directors has clearly defined in writing good corporate governance & Code of ethics policy and the structure the duties and approval authority for the Management, and has controlled and ensured an efficient utilization of the Company’s assets. To maintain proper checks and balances, the roles and duties of front-line operators, supervisors and evaluators are clearly delineated. In addition, the Company ensures that there is a financial reporting to those in the direct line of responsibility and provide communication channel for various stakeholders and receiving complaints (Whistleblower) clearly.

There is also the Audit Committee, which was appointed by the Board of Directors, by the Stock Exchange of Thailand’s guidelines which currently consists of 4 independent directors and the Senior Director of Internal Audit Department acts as Secretary of the Audit Committee. The Audit Committee has the duties and responsibilities of auditing financial statements, disclosure of the financial reports and related transactions or any matters with conflicts of interest to be accurate, complete, reliable, and coordinate with the Internal Audit Department, auditors and management of the Company to review the internal control system and ensuring compliance with the relevant laws and regulations, as well as, to consider and approve an audit plan, performance evaluation and compensation of the Internal Audit Department, including selection and appointment of the auditor and audit fee. The Audit Committee shall also perform other duties as assigned by the Board of Directors and conduct self-assessment to evaluate their performance to ensure that the Audit Committee has performed their duties effectively and completely.

The Board of Directors has implemented the Assessment Form of the Securities Commission as a guideline to assess the adequacy of the internal control systems of the Company and subsidiaries and a reporting of the assessment results to the Board of Directors’ meeting on a yearly basis. The assessment results are also to be disclosed in the Company’s annual registration statement (Form 56-1) and annual report.

All Board of Directors members and the Management had collaboratively evaluated the sufficiency of internal control during 2021. The Board of Directors’ Meeting on February 25, 2022, comprising of the Board of Directors, the Audit Committee and the Management convened a meeting for the adequacy of the internal control systems of the Company and its subsidiaries as set up by the Management in five areas, namely, internal control, risk assessment, operation control, information and communication system and monitoring system. The Board of Directors and the Audit Committee shared the same opinion that:

“In general, the internal control system of the company and its subsidiaries was adequate and appropriate to the business operations of the Company. In addition, the Company has provided adequate personnel to follow the system effectively, as well as the internal control system for monitoring the operations of the subsidiaries in order to protect the assets of the Company and the subsidiaries from wrongful action of the directors and executives including transactions with persons who may have a conflict of interest and related persons. The Committee and the Management recognized the importance of good corporate governance, internal control and continuous risk management, which would ensure good corporate governance principles of company, acceptable level of internal control and risk management, accurate and reliable accounting and financial reporting practices, together with compliance with the laws, the rules or announcements of the SET and regulations related to the Company’s businesses.”

Head of Internal Audit Department

The Board of Directors’ Meeting No.3/2006 held on May 15, 2006 appointed Mr. Wichai Santadanuwat as a Secretary to the Audit Committee and Head of Internal Audit Department. The Audit Committee has considered and agreed that Mr. Wichai Santadanuwat has experience in performing the audit of the Company’s including an understanding of the activities and operations of the Company as well, so that it is appropriate for him to perform such functions.

The appointment, termination, and transfer, as well as performance evaluation and compensation for the Head of Internal Audit Department must be approved by the Audit committee. The qualifications of Head of Internal Audit Department appear in the attachment.

NOTE: Details of the Head of Internal Audit appear in "Details about the Head of Internal Audit".

Risk Management

Risk Factors

The Board of Directors has placed high importance on risk management processes at both corporate and operational levels in line with the risk management policy and framework formulated by the Group to mitigate risks to be at an acceptable level, suitable to the environment of each business unit’s nature of working or activities. The management and staff at all levels are encouraged to take part in the processes and risk management systems are put in place across the organization and instilled as part of the Group’s culture, while the Risk Management and Internal Control Department is assigned to develop risk management systems in accordance with international practices and integrate risk management practices at each level with all related departments under the supervision of the Risk Management Committee. Besides, the Group’s management has well implemented the risk management practices, including risk management follow-up and reporting to the Board of Directors on a regular basis.

In 2021, the Group has improved strategies in various areas on a continued basis, aiming to manage risks that may arise in both new and core businesses of the Group, such as preparation on production technologies and capital funds, improvement of organizational structures and work processes, and human resources development at high and middle levels in support of the Group’s business management team in response to rapid business growth.

Corporate Risk

1. Risk from Piracy

Piracy is one factor that uniformly affects music and movie business, as well as content creator and content producer worldwide. Every year, the Group has to contend with adaptation and duplication of their music, which are then sold cheaply in large quantities. New forms of piracy have emerged with the latest technological developments, such as using the Group’s products for commercial purposes on the internet through digital platforms. Consequently, the Group loses substantial valuable business opportunities every year.

Nonetheless, the government has issued various measures in a serious attempt to improve the protection and reduction of piracy. The latest measures are comprehensive, ranging from controlling the process of importing machines that can be used to produce pirated products, to controlling production and distribution processes. Penalties and fines have been increased against violators. Rewards are handed to police or to people who offer leads to the production, storage and retail sites of pirated goods. In addition, both government and concerning private sectors which include the producers, copyright owners as well as the artists themselves have pushed, promoted and enticed the consumers into purchasing the copyrighted products while avoiding pirated products.

Moreover, to promote the legal purchase of goods, the Group has continuously developed goods and services as well as new digital service platforms to keep pace with consumers’ ever-changing behavior and convenience as well as technological developments while also supplementing the Group’s revenue. These digital services include categories of download services, such as ringtones, ring-back tones, full songs and full MVs, in both a la carte and subscription services on both iOS and Android. The Company expand the method for reaching the Group’s content via GMM Grammy Official Account on YouTube as well as other web-based and mobile applications. In addition, the Company has developed digital content and partnered with digital platforms to create various types of content such as Music stickers with LINE. Artist content lets fans feel closer to their favorite artists and creates loyalty, which encourages them to buy copyrighted products. By keeping pace with technology and changes in consumer behavior, the Company builds customer engagement and generates more revenue.

2. Risk of Business Interruptions due to Force Majeure

The Group has envisioned the importance of business operations continuity, without interruptions, especially for major business processes of the Group in case of force majeure such as natural disasters, man-made hazards, technological hazards or computer virus attacks, protests, disturbances, enactment of new legislation, etc. The Company has therefore arranged the Disaster Recovery Site and conducted an annual rehearsal on the restoration of information so as to reassure that staffers, systems and work places are ready to manage any emergencies and return to normal operations quickly in case of any crisis. This helps to absorb impacts and mitigate any damage that may occur from force majeure or any disaster that may hamper business operations. Moreover, the Company also arranged the incident management plan to handle emergency cases which might occur that interrupt the broadcasting operation of both digital TV channels. The plan is reviewed annually.

With the continuing pandemic of the COVID-19, the Company have planned, researched and implemented the innovative way of organizing the “Virtual Concert”. In addition, we enforce the social distancing measures and adhere to the guidelines of the Center for COVID-19 Situation Administration (CCSA). Whenever we are allowed to organize concerts again during the pandemic, the Company will priorly concern about the health and safety of our staff. Accordingly, our team members start to work from home and collaborate by using the online applications for the uninterrupted flows of the business operations.

For our business continuality and disaster prevention, disaster recovery site has been established. The Company have annually rehearsed the information technology contingency plans to make sure that our team can get back to the normal operations as soon as possible.

3. Risk from Retarded Internal Process Adjustment to the Rapid Business Expansion

At present, fast-changing technology and changes in consumers’ behavior may affect the business operations of the Company, including the creative structure of products and services to meet customers’ needs as well as communication with them. That is why the Company continuously conducts research to keep up with changing technology and changes in consumer behavior to effectively meet customers’ needs, including forming partnerships with digital platforms.

The rapid changes in technology and consumer behavior may also affect the internal process adjustment of each business group in various ways, including the Group’s organization structure, policy etc. Consequently, these factors may create risks from retarded internal process adjustment to rapid business expansion.

In order to sustain business growth, however, such risk has always been efficiently managed by revising the organizational structure and adjusting key processes in order to effectively implement all centralized policies together with developing a standardized performance evaluation across all units in the Group. As well as keeping pace with technology and changes in consumers’ behavior, developing products and services that best serve customers has also been effective.

4. Risk from Relying on Individual Talent

The Group’s business is mainly based on people. The business has been grown by staff with experiences and distinctive talent especially for the music business, radio business, television business. All staff, regardless of whether they are the artist or all the different supporting teams, are recognized as valuable members having high impact on the Group’s operations. Hence, whenever they move to a different corporate affiliate or other companies, this means a valuable loss which requires the Group to spend additional time developing new artists or supporting teams to replace them.

However, the Group has continually managed the risk by focusing on rapport between the Group and its staff, emphasizing on promoting, among the staff, the understanding of the underlying business. In addition, it is the Group’s policy that deserving talents, whether artists or supporting staff, are given the opportunity to participate in the management process and/or become business partners. As a part of the Group’s strategic human resource plan, there exists a protocol outlining career paths for key management figures, top management executives and equally important, plan for recruiting and promoting talents. Furthermore, the Group has developed the standardized performance evaluation together with placing great importance on revising compensation package and benefits for staff to be competitive compared to the other companies in the same industry.