MBK Group

Job Opportunity  Home

Internal Control and Risk Management


The company places importance on having in place an internal control system, a risk management system, and good corporate governance system in order for the Company's operations to achieve the goals. The internal control system covers all aspects including financial and accounting, information technology, and compliance with the laws and regulations. Also, the Company has formulated explicit corporate governance policy and anti-corruption policy and measures.

Furthermore, the Company also prioritizes personal data protection with an integrated data management process from obtaining consent, collecting, accessing, using and disclosing data to ensure that it is properly handled in compliance with directions according to the law.

The Board of Directors allows the Audit Committee to supervise the internal control system, the risk management system, the Corporate Governance system, and follow the Company’s policy and anti-corruption measures so that they are appropriate and efficient, including the compliance of related laws, orders and regulations, preventing conflicts of interest, related transactions to control and utilizing assets. To prevent corruption or misconduct and to supervise the Company's and subsidiaries' operations to ensure that their assets are not misappropriated or unauthorizedly used, and to adequately prevent transactions with persons who may have conflicts of interest and related persons, the Company sets up an auditing mechanism for checks and balances by establishing the internal audit division which is independent and reports directly to the Audit Committee. It performs audit, evaluates the efficiency and sufficiency of the internal control system, the risk management system and the Corporate Governance system in the performances of all units in the Company and its subsidiaries. The division also audits compliance with the anti-corruption policy and measures, the laws and regulations so that the Company’s efficiency and effectiveness are maximized. The internal control assessment framework can be categorized according to the COSO international standards as follows:

The Environment of Control

The Company provides a good atmosphere in the internal control. The roles and responsibilities of various committees and management functions are clearly specified. The duties compliance is supervised. The organization structure and definite line of command to balanced. In addition, the policy and procedure on Good Corporate Governance and the policy on anti-corruption are established, and the Board of Directors, executives, and employees must comply with them accordingly in order that a system of the internal control is appropriate.

From a policy on Good Corporate Governance, business ethics and a code of conduct for the Company’s directors, executives, and employees, a policy and its anti-corruption measures, a policy on notification of clues or complaints, the imposition of penalties for discipline violations and serious mistakes. The Company has monitored that aforementioned policies which are implemented. Its performance is efficient, transparent, and equitable. There is ongoing communication so that all employees acknowledge these policies and seriously implement them. It has also launched a campaign to promote every employee to have awareness and continuously act on this practice by providing the employees with knowledge training, reviewing and improving a manual of authority and a manual of operation systems which are used as guidelines on performance and help with flexible and systematic business operations. The scope of duties and responsibilities, and the internal control system are taken into consideration in order that a system of the internal control is appropriate.

Moreover, the Company underscores the importance of continuous people development by arranging training and development of the skills and capabilities to match the assigned tasks, and succession planning for key positions so that the Company’s business can continue.

The Risk Assessment

The Company puts great emphasis on risk management under changes that affect the business from both internal and external factors. The Board of Directors has assigned the Risk Management Committee (RMC) to be responsible for defining the organization-wide risk management policy and supervising the implementation of corporate risk management in line with business strategies and goals. The RMC assesses and manages risks covering various aspects such as strategic, operational, financial, regulatory compliance, etc., Its duty is to set policies and risk management guidelines of the MBK GROUP so that the group companies achieve their objectives and targets, and risks that may affect business operations are reduced. It is considered that risk management and control are the responsibility of every department.

The Operational Control

The Company has established a policy framework, regulations, and operational procedures to lead to practice guidelines. The authorities, duties and responsibilities and the scope of approval authority of each level of employees are clearly defined in writing, and they are reviewed and communicated regularly to employees. The internal audit team regularly reviews the control system adequacy by requiring the audit plan to cover important operational processes. Audit results are regularly reported to the Audit Committee so that the Committee can consider important audit findings and monitor the results of the suggested corrective actions in the audit reports and measures to prevent possible errors.

The Information Technology System and the Communication

The Company realizes the importance of IT system and communication, which is an important part to support the efficiency of the internal audit, and always encourages the improvement of the system continuously in order to ensure that all information is accurate, sufficient, up-to-date, and catching up with expanding and changing circumstances of business operations. The efficient and modern IT system, as well as information security from the process of collecting, processing, and storing, to following-up to bring such data, is adopted for work performance and important information are used for management by directors, executives, employees, shareholders, customers, or stakeholders. The information is complete, accurate, sufficient, and within an appropriate time so that it can be used in the business decision making. The policy regarding the security in the information technology is also specified the level of information secrecy and guideline to store important documents and controlled documents in order to ensure that the Company has appropriate safety measures of information that are in line with the Cybersecurity Act B.E. 2562 and the Personal Data Protection Act B.E. 2562. Various channels of communication are opened from both inside and outside the organization in order to have access easily and rapidly. Due to COVID-19, the Company has digital management to support the business to be able to adapt and respond to changes on time and be able to continually operate the business with efficiency and safety of the employees who work from home, such as providing a notebook computer to employees and providing software to support working at home or teleconference via electronic media. There are guidelines for properly conducting meetings via electronic means (online meetings) of MBK Group to prevent data leakage. In the part of reporting corruption clues, the Company provides a channel for whistleblowing. Employees and stakeholders can be directly notified through various channels to the Audit Committee, CEO and President, and the Internal Audit Division, including providing protection for whistle blowers or informants.

The System of Monitoring Activities

The Company prepares performance reports compared against the targets and reports them to the Executive Committee and the Board of Directors on a monthly basis. The Audit Committee is assigned to check the internal control system through the Internal Audit Division which is an independent division with responsibility for checking and verifying the performance, evaluating the sufficiency of the internal control system for risk management, regulating the operation of various functions and consulting on the Good Corporate Governance procedures, monitoring divisions and following up the results of corrections made by checked divisions in every issue until they are already corrected; in order to ensure that the internal control system appropriately and fully operates as specified and can manage the changing risks in each period in time. Any issue impacting on the internal control will be reported to the persons in charge. Significant issues will be reported to top executives, the Executive Committee, the Audit Committee, and the Board of Directors within proper period.

For internal audit for accounting and finance is carried out by certified accountants and presented to the Audit Committee for consideration on a quarterly and yearly basis. As a result of reviews conducted by certified accountants, no significant fault is found.

The Audit Committee and the Board of Directors have assessed the sufficiency of the Internal Control System in accordance with guidelines stipulated by Securities and Exchange Commission (SEC). Has not found drawbacks which are significant to the Company’s Internal Control System. It is concluded that the Company has the sufficient and appropriate internal control and risk management for business operations which is consistent with the auditors’ opinions.

Internal Audit provides assurance and consulting services by assessing the efficiency and effectiveness of the internal control system, risk management system and corporate governance to enable the Company to achieve its business objectives and goals. The division reports to the Audit Committee and monitors the implementation of the suggestions found from the audit, especially in important or high-risk issues. Internal Audit acknowledges reports of abnormal events to ensure that the Company's operations have an adequate internal control system that is appropriate and efficient in conjunction with managing the risks at an acceptable level and corporate governance. The Charter of the Audit Committee, the Internal Audit Charter, and the code of conduct for internal auditors serve as a clear operational guideline are reviewed annually.

Internal Audit encourages internal auditors to improve themselves continuously so that they are equipped with knowledge and skillsets necessary and relevant to the operations. Individual self-development plans are formulated according to the Company’s people development framework so that the auditors can perform audits more efficiently by means of encouraging them to receive training such as knowledge, professional expertise in internal audits, businesses of the Company Group, knowledge of other professionalism, and self-development by taking examinations to get professional certificates of auditing or other auditing-related professions, for instance.

Head of the Internal Audit

The Audit Committee has approved Ms.Yupapun Paritranun to take the position of Chief Internal Audit Officer to control the operation of the internal audit function. The Audit Committee views that she understands MBK GROUP's business with knowledge, skills, and experiences in internal auditing. She is responsible for internal auditing and overseeing the internal control system of the Company and its subsidiaries under the professional practice of internal auditing, the charter of the internal audit function, and the code of Conduct for internal auditors. Board of Directors and high-level executives of the Company and its subsidiaries will be reported continuously. The approval for the appointment, removal, transfer, and evaluation of the internal audit supervisor's performance must be approved by the Audit Committee.

In 2022, the Company did not find any wrongdoing or action in violation of the Public Company Limited Act and regulations of regulatory agencies such as the Securities and Exchange Commission (“SEC”) and the Stock Exchange of Thailand.

MBK Public Company Limited recognizes the importance of the organization's risk management as a part of the business administration for good governance according to the guidelines of the Stock Exchange of Thailand. To align with the organization's anti-corruption policy and measure, the Company has established the organization's risk management policy for all levels of employees’ awareness and compliance as follows:

  1. There is a focus on developing risk management systems following good corporate governance guidelines by providing systematically and continuously integrated risk management throughout the organization, including a focus on employees' strict adherence to the organization's anti-corruption policy and measures.
  2. Risk management system is implemented as part of decision-making, strategic planning, project planning, and organizational operations to achieve the organization's objectives, goals, visions, missions, and strategies while minimizing risk to the acceptable level, achieving operational excellence, and gaining stakeholder confidence.
  3. Following up, evaluating risk management results, reviewing, improving on a regular basis, and reporting to the Board of Directors are all encouraged.
  4. Employees are educated about the importance of risk management and also incorporate risk management into the organization's culture.
  5. The risk management promotion adds value to the organization.

The Risk Management

The Risk Management Committee of MBK GROUP

Duties and Responsibilities of the Risk Management Committee

  • To impose MBK GROUP’s policies and guidelines on risk management in order that MBK GROUP’s operations reach its objectives and goals.
  • To analyze and evaluate incurred or possibly incurred risks at a level of MBK GROUP continuously and annually.
  • To consider, approve and review risk management plans of MBK GROUP annually.
  • To review and monitor risk management performance of MBK GROUP regularly.
  • To report to the Board of Directors and communicate risks and major risk management to the Audit Committee.
  • To support, follow up and develop risk management of MBK GROUP regularly.

The Corporate Group of MBK Public Co., Ltd. realizes the importance of risk management as an important mechanism and tool to help the organization achieve target objectives and goals. Therefore, the Company has set up a risk management policy that focuses on the improvement of the risk management system according to the good corporate governance guidelines and guidelines according to the anti-corruption policy and measures. There is an integrated risk management in order to be consistent in the Quality Management System (ISO 9001: 2015) which is implemented systematically and continuously throughout the organization.

The Corporate Group of MBK Public Co., Ltd. enforces risk management in order to conform to strategies and operations by covering all levels — from MBK GROUP, Business Unit (BU), key lines, Sub Business Unit (SBU), risk of MBK Shopping Center and Operation level (Department)– in order that the organization can achieve its objectives and goals set at each level.

Risks at all levels of the organization and may directly affect the business can be divided into 5 aspects that may directly affect the business as follows:

  • Strategic Risk is the risk in important strategies and policies of the Company. It can arise from inappropriate strategy formulation or implementation, or the inconsistency of the policy, targets, strategies, organization’s structure, the state of competition, resources, plan implementation and environment. However, the Company has regularly followed up on important strategies and policies that may affect the Company’ operational performance in order to achieve its strategic goals.
  • Operational Risk is the risk that can arise from every operational process. It covers all factors related to the process, tools, IT, and personnel that may affect the operation of the organization. However, the Company has set up a clear operational process and a measure to supervise the work of each unit that may cause damage on the organization so that the operational performance can be correct and appropriate.
  • Financial Risk is the risk that can arise out of the ineffectiveness of budget, financial problems and risks that can affect the performance and financial status of the organization. The Company has always generated sufficient fund in time to reduce the risks that can affect the Company’s investment.
  • Compliance Risk is the risk that can arise out of the inability to comply with the regulations or the related rules and laws. It can be that the rules and laws are inappropriate and become an obstacle to the operation. However, the Company has also considered the compliance with the rules inside and outside the organization as well as important laws by supervising and examining the strict compliance by the related rules and laws.
  • Hazard Risk is the risk that can affect the life safety of customers, tenants, employees and the organization’s property. The hazard can come from both internal and external factors. The Company has set up a policy and safety measure to strictly prevent such risk that may cause damage to the Company.

Additionally, in regards to the investments in different projects, the Risk Management Committee (RMC) in each level (MBK GROUP / BU / SBU) has implemented a rule indicating that a request for the approval of specified budgets requires a risk analysis and an approval from the relevant committees. The Risk Management Committee (RMC) must always be informed to prevent any investment risk of the Company.

The Company continues to track the execution of risk management in all levels and required to submit risk management report in order to reduce the risk to an acceptable level and allow the risk management plan to be reviewed and updated annually.