MBK Group

Job Opportunity  Home

Internal Control and Risk Management


The Company has continuously placed importance on the internal control equipped with continuous monitoring because it realizes that an internal control system is a crucial mechanism for the Company to be able to run its business and achieve its goals efficiently and effectively in order to gain long term returns, using resources and asset management, reporting financial information, trustworthy operations, complying with the law, rules, and preventing or reducing risks of any actions which may damage the Company’s assets and reputation, as well as assessing the operations according to Good Corporate Governance (GCG) and anti-corruption measures according to the principles of the Private Sector Collective Action Coalition against Corruption (CAC). The Board of Directors has clearly specified roles and duties of the committees and the Management Team. The Board has also supervised them to comply with stipulated roles and duties by setting the organizational structure and its distinct chain of command for checks and balances and appropriate internal control, and set its business goals and Key Performance Indicators (KPI) in order to assess the efficiency and follow up its operational performance compared with the organization’s goals regularly.

The Company has formulated a policy on Good Corporate Governance, business ethics and a code of conduct for the Company’s directors, executives, and employees, a policy and its measures against corruption, a policy on notification of clues or complaints, and penalties for discipline violations and serious mistakes in writing in order for the efficient, transparent, and equitable performance. It has also launched a campaign to promote every employee to have awareness and continuously act on this practice by providing the employees with annual knowledge training so that the performance is transparent and equitable for every group of stakeholders, a clear follow-up process and penalties, reviewing and preparing written manuals of the execution of authority and performance of every system which are used as guidelines on performance and help with flexible and systematic business operations. The scope of duties and responsibilities, and the internal control system are taken into consideration in order that a system of the internal control is appropriate.

The Board of Directors allows the Audit Committee to supervise the internal control system, the risk management system, the corporate governance system whether those systems are appropriate and efficient, including the compliance of related laws, orders and regulations, preventing conflicts of interest. Making, related transactions to control and utilizing, asset in order to prevent fraud or misconduct. The Company sets up an auditing mechanism for checks and balances by establishing the internal audit division an independent, unit who reports directly to the Audit Committee, performs audit, evaluates the efficiency and sufficiency of the internal control system, the risk management system and the corporate governance system in the performances of all units in the Company and its subsidiaries. They adopts the framework of COSO (The Committee of Sponsoring Organizations of the Tread way Commission) and Enterprise Risk Management, and monitoring regulations in compliance with the Stock Exchange of Thailand (SET), Thai Institute of Directors (IOD), and Organization for Economic Co-operation and Development (OECD) to be used to fulfill internal control, risk management, and governance in order to allow the Company’s performances to pursue the utmost of operational performance efficiently and effectively.

Besides, the Board of Directors has revised the assessment of the sufficiency of the internal control system annually according to an internal control framework of Securities and Exchange Commission (SEC) which reference to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) - for both 5 principles and 17 components. The Company has not found any significant flaws affecting the Company’s internal control system.

The Risk Assessment
The Company realizes the importance of the risk management which may affect the business operations, from the organization’s both internal and external factors. The Company then organizes the Risk Management Committee (RMC) to monitor the organization’s risk management to achieve goals according to the organization’s acceptance level. RMC then sets a policy on risk management in order that every employee complies with the policy which risks from external and internal factors -covering every aspect of the risks - are evaluated and managed. For example, they are strategic, operational, financial, compliance, event risk factors, including risks from corruption. These risks are divided into risks for MBK Group, business group, organization, and division levels. In order to find suitable and adequate measures against these risks, a report is submitted to RMC every quarter and another report is submitted to theBoard of Directors annually. Risk factors which are changing externally and internally that may affect the organization are also reviewed annually.

The Control of Activities
The Company has internal control measures in accordance with risks and business types by clearly dividing duties and responsibilities of each position, providing and reviewing manuals of authority and manuals/processes of performance appropriate to the organizational structure and current work performance regularly. Each position can be run by checks and balances, and a mechanism for proper rechecks- particularly, operational performance entailing crucial risks such as financial transactions, selling, procurement, asset management, and human resources management - in order to prevent and reduce errors. Also, each position’s work performance is regularly reexamined by an internal audit division in compliance with rules, regulations, and manuals of authority and work performance in order to ensure efficient work performance with a suitable and adequate internal control system. The information technology is systematically managed and employed in order to promote faster and more efficient work performance.

Moreover, the Company imposes policies, rules, and regulations to transactions on a parties involved in the Company to comply in the same direction such as major shareholders, directors, executives, and interested party for correctness, transparency, and fairness. The Company’s utmost benefits are taken into consideration according to regulations of the Stock Exchange of Thailand (SET) and the Securities and Exchange Commission (SEC).

The IT and Communication System
The Company realizes the importance of the IT and communication system and always encourages the improvement of the system to ensure that all information is accurate and up-to-date. An efficient and modern IT system is adopted to guarantee the safety of the information from the process of collecting, processing, storing and following-up to bring such information to advantage management work of the directors, executive members, employees, shareholders, customers and stakeholders. This process should be carried out as a complete, accurate method and within an appropriate time so that it can be used in the business decision making. There is also a policy regarding the security in the information technology and the use of information.

Channels of communication are opened for information receivers from both inside and outside the organization to have access easily and rapidly such as intranet and internet as the channels of communication to publicize the Company’s policies, rules and regulations, manuals/processes of operational performance and important information, or to receive recommendations and information useful for the Company’s business operations as well as the channels of communication to receive notification of corruption (Whistle-blower) through various channels established by the Company.

The System of Monitoring Activities
The Board of Directors provides a system to assess and monitor the internal control system and risk management covering all aspects such as accounting and finance, compliance with laws/regulations, asset management, and corruption which significantly has an impact on the Company’s reputation in order to ensure that the internal control system appropriately and fully operates as specified and be able to solve any incurred problems in time. The Board of Directors assigns the Audit Committee to audit and monitor the internal control system by nominating internal auditors to monitor and assess work performance to ensure that findings found from auditing and monitoring will be improved or solved appropriately and promptly. Moreover, the evaluation of internal audit for accounting and finance is carried out by certified accountants and presented to the Audit Committee for consideration on a quarterly and yearly basis. As a result of reviews conducted by certified accountants and internal auditors, no significant fault is found.

The Audit Committee and the Board of Directors have considered the result of the assessment of the sufficiency of the Internal Control System and conferred with and given useful recommendations to the Management Team. It is concluded that the Company has the sufficient and appropriate internal control and risk management for business operations which is consistent with the auditors’ opinions.

The Internal Audit
The Internal Audit Committee has monitored that the Internal Control Division has built assurance and given consulting advice independently and fairly about examining and assessing the sufficiency of the internal control system covering the processes of the performance, conformity to the law, rules, regulations, and the accuracy of information of the Company and its subsidiaries, submitting a report to the Audit Committee every month, regularly monitoring results of the improvement of operational processes to be more appropriate - particularly, issues that are important or related to high risks - and being reported of abnormal incidents such as corruption and malpractice in order to find causes and measures to prevent damage or reoccurrence so that it can ensure that the Company’s performance has the sufficient, appropriate, and efficient internal control system as well as the risk management at a level accepted by the Company. The Company’s Good Corporate Governance is also monitored in order to achieve the organization’s goals of its operation. The Charters of the Audit Committee and the Internal Audit Division and internal auditors’ code of conduct are clearly set as guidelines for operation. Also, these are annually reviewed for their appropriateness.

The Internal Audit Division has developed the internal audit system to accord with the International Standards for the Professional Practice of Internal Auditing (IIA) by utilizing the Information Technology System to help the audits, setting the self-assessment according to the standard and satisfaction assessment of people who are audited. Moreover, audit competency is imposed to assess the performance quality of internal auditors in order to continuously improve efficiency and effectiveness of the Internal Audit Division and recognize actual conditions and work performance so that problems, obstacles and working limitations related to work performance can be properly analyzed. Also, the internal auditors are developed so that their knowledge, skills, and competency meet an international standard and they can conduct the auditing more efficiently by means of encouraging them to receive training such as professional practice of internal audits, businesses of the Company Group, knowledge of other professionalism, and taking examinations to get professional certificates, for example.

The Risk Management Committee of MBK GROUP

The Duties and Responsibilities of the Risk Management Committee

  1. To impose MBK Group’s policies and guidelines on risk management in order that MBK Group’s operations reach its objectives and goals.
  2. To analyze and evaluate incurred or possibly incurred risks at a level of MBK Group continuously and annually.
  3. To consider, approve and review risk management plans of MBK Group annually.
  4. To review and monitor risk management performance of MBK Group regularly.
  5. To report to the Board of Directors and communicate risks and major risk management to the Audit Committee.
  6. To support, follow up and develop risk management of MBK GROUP regularly.

MBK Public Co., Ltd. realizes the importance of risk management as an important mechanism and tool to help the organization achieve the target objectives and goals. Therefore, the Company has set up a risk management policy that focuses on the improvement of the risk management system according to the good corporate governance guidelines. There is also an integrated risk management that is implemented systematically and consistently throughout the organization.

MBK Public Co., Ltd. enforced risk management at all levels - from MBK GROUP, Business Unit (BU) and MBK Shopping Center. In 2015, MBK Group re-reviewed the risk management in order that the risks were more strategic and initially piloted in 3 business groups - the Shopping Center business, Food business, and Finance business.

In 2016, consultants were invited to further help review the risks at the MBK GROUP level and Business Units (BU) for the rest 5 business groups— Hotel and Tourism business, Real Estate business, Golf business, Supporting business, and Other business. Moreover, risks were further managed at the division level separating into 3 divisions the Office of the President, the Marketing Division and the Business Development Division.

Risks at all levels of the organization and may directly affect the business can be divided into 5 aspects that may directly affect the business as follows:

  • Strategic Risk is the risk in important strategies and policies of the Company. It can arise from inappropriate strategy formulation or implementation, or the inconsistency of the policy, targets, strategies, organization’s structure, the state of competition, resources, plan implementation and environment. However, the Company has regularly followed up on important strategies and policies that may affect the Company’ operational performance in order to achieve its strategic goals.
  • Operational Risk is the risk that can arise from every operational process. It covers all factors related to the process, tools, IT, and personnel that may affect the operation of the organization. However, the Company has set up a clear operational process and a measure to supervise the work of each unit that may cause damage on the organization so that the operational performance can be correct and appropriate.
  • Financial Risk is the risk that can arise out of the ineffectiveness of budget, financial problems and risks that can affect the performance and financial status of the organization. The Company has always generated sufficient fund in time to reduce the risks that can affect the Company’s investment.
  • Compliance Risk is the risk that can arise out of the inability to comply with the regulations or the related rules and laws. It can be that the rules and laws are inappropriate and become an obstacle to the operation. However, the Company has also considered the compliance with the rules inside and outside the organization as well as important laws by supervising and examining the strict compliance by the related rules and laws.
  • Hazard Risk is the risk that can affect the life safety of customers, tenants, employees and the organization’s property. The hazard can come from both internal and external factors. The Company has set up a policy and safety measure to strictly prevent such risk that may cause damage to the Company.

Additionally, in regards to the investments in different projects, the Risk Management Committee (RMC) in each level (MBK GROUP / BU / MBK Center) has implemented a rule stipulating that the request for the approval of the budget exceeding THB 10,000,000 requires a risk analysis and an approval from the relevant committees. The Risk Management Committee (RMC) must always be informed to prevent any investment risk of the Company.

The Company continues to track the execution of risk management. All levels are required to submit a quarterly risk management report in order to reduce the risk to an acceptable level and allow the risk management plan to be reviewed and updated annually.