Internal Control and Compliance
Importance and Mission
PTTEP places great emphasis on continuous development of the internal control system with coverage to our business activities adequately and appropriately to provide reasonable assurance that the Company's operations including utilization of resources and safeguarding of its assets are efficient and effective; to ensure that reporting for both financial and non-financial reports is accurate, reliable and timely; and all business operations are in compliance with relevant laws and regulations. The Company recognizes the importance of respect and compliance with all applicable laws enforced in the country of operations, both Thailand and abroad. The Board of Directors' policy on compliance with laws, regulations and rules is set forth in PTTEP's Group Business Ethics. All personnel of PTTEP Group, from directors to executives and employees, are required to study and comply with all laws relevant to PTTEP's business operations in all locations correctly and efficiently.
PTTEP has set up Governance, Compliance, Internal Control and Subsidiary Management Department as the central unit to oversee governance, compliance to regulations and internal control. The department reports directly to the Management in the following order: Senior Vice President for Corporate Secretary Division, Executive Vice President for Human Resources, Corporate Affairs, and Assurance Group, and Chief Executive Officer. In 2013, PTTEP announced the compliance policy, demonstrating the company's determination to operate with full legal compliance. Personnel at all levels are aware of their respective duty in promoting compliance. The Compliance Manual is in place, gathering all information and regulations related to compliance to applicable laws, corporate rules and contractual agreements to ensure awareness among employees in compliance with internal and external rules.
Furthermore, PTTEP conducts Compliance Program on an annual basis, to communicate laws related to its operations to relevant departments through various channels. There are regular training on relevant and essential laws, to ensure understanding of our personnel and effective implementation. Internal rules and regulations and policies are recommended or amended in compliance with laws. Compliance is monitored and reviewed through the internal control system. Compliance reporting is prepared, including recommendations on preventative approaches or resolutions upon the emergence of non-compliance risks or incidents.
PTTEP recognizes the importance of compliance to relevant laws and respective impacts to stakeholders. In 2020, PTTEP published the Personal Data Protection Policy on Intranet and PTTEP website to express company's intention of the process of the Personal Data Protection and to inform the employees and external parties about the rights of data subject. In 2021, PTTEP announced the Personal Data Protection Standard for Employees to inform employees how to treat the Personal Data in order to operate with full legal compliance; in addition, published the Personal Data Protection Notice for External Parties on PTTEP website to inform and make the external parties understand about the purposes and method of the collection, use, disclosure, and/or cross-border transfer of Personal Data, as well as the rights of the data subject, and which ensured the compliance to the Personal Data Protection Act B.E. 2562 of which all sections will be fully enforced from 1 June 2022 onwards.
The Board of Directors is aware of the importance of internal control system and internal audit and ensures that PTTEP Group's internal control system is efficient and sufficient according to its risk appetites. The Audit Committee and Internal Audit Division are tasked to periodically review and monitor the internal control performance. The Internal Control Unit performs assessment on the adequacy and appropriateness of the internal control system on an annual basis in which the results are directly reported to the Audit Committee to assure that the Company is able to achieve its objectives in the dimensions of operations, reporting and compliance to applicable laws and regulations as to ensure confidence among the management, investors and other stakeholders. PTTEP's internal control system is in alignment with the international standard of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), with considerations to the components listed below.
1. Control Environment
PTTEP has established a suitable and sufficient control environment which not only promotes effective and efficient business operations but also the awareness and control atmosphere as guided by the Good Corporate Governance and Business Ethics (CG&BE) to achieve the ultimate goals, namely, "Growth, Prosperity, Stability, Sustainability, and Dignity". The Board of Directors governs and enhances the Company's internal control system as well as establishes appropriate organizational structure, reporting lines and delegation of work authority.
In addition, PTTEP places an emphasis on human resource management. The Human Resource Management Regulation are in writing, and the Company is committed to attracting, developing, and retaining talents, in order to deliver our business requirements. Employees' responsibilities regarding internal control have been identified to support the Company in achieving our goals.
2. Risk Assessment
PTTEP places importance on risk management by appointing the Risk Management Committee which responsible for setting policy, risk appetite and risk metrics & limits, as well as overseeing the appropriateness and effectiveness of the company-wide risk management. The Company has also applied the ISO 31000 Risk Management concepts and the assessment of key risks related to our businesses, including fraud risk as well as risks which may arise from significant changes affecting Company, to appropriately manage such risks in a timely manner.
3. Control Activities
PTTEP has adequate control measures which are able to mitigate risks to acceptable levels for their respective business environments or activities of each operational unit. Control measures include such as the establishment of policy, work process, and the adoption of technology, where they are also regularly reviewed with continuous improvement. The Company also encourages employees to be well aware of the importance of conformance to the control activities as well as compliance with related laws and regulations to ensure that our internal control system is as effective as planned.
4. Information and Communication
PTTEP realizes the significance of information and communication particularly the quality of data processing systems to provide accurate, complete, up-to-date, and timely information which is appropriate and sufficient to support business operations and make effective decisions. The Company ensures that our available information are also accessible, secured, auditable, stable, as well as embedded with authorization controls to information classified as confidential. Moreover, PTTEP has effective internal and external communication channels in place to support the functioning of the internal control system. Moreover, the Company provides a whistleblowing channel to allow our stakeholders to securely report their concerns or complaints where the reported information will be kept confidential. Whistleblowers and investigation participants will be treated fairly and protected against any retaliation threats in accordance with our Reporting and Whistleblowing Regulation 2013, which is being regularly reviewed and revised.
5. Monitoring Activities
PTTEP regularly monitors and assesses the effectiveness of our internal control system through ongoing evaluations which are built into the Company's daily operational activities along with separate evaluations to ensure that the internal control system is sufficient and suitable for the current business environment and dynamic risk factors. Subsequently, once the deficiencies are identified, improvement plans will be developed, and responsible parties will be assigned to respond with timely resolutions. For separate evaluations, the Company has developed the Control Self-Assessment evaluations (CSA) on an annual basis at both corporate and business process level. In addition, the Internal Audit Division, which has a direct reporting line to the Audit Committee, has the responsibilities for performing independent audits correspondingly.
PTTEP believes that our practices of the above 5 components shall enable the achievements the following objectives:
- Efficient and effective operations which means proper safeguarding of assets and wise resource utilization.
- Accurate, reliable, timely and transparent reporting.
- Compliance with laws, and regulations as well as the Company's policies and procedures.