BUSINESS OPERATION AND PERFORMANCE CORPORATE GOVERNANCE FINANCIAL REPORTS AND FINANCIAL STATEMENTS APPENDIX additional gaps pursuant to the criteria of both Thailand’s and international corporate governance assessment. (4) Supervision of policies and operation of group companies. Improving criteria and guidelines for appointing the Company’s Executives to take a director position in any group company to enhance effectiveness of promoting the investment objectives of the Company. Putting in place the GC Subsidiaries Director’s Governance Handbook to set a clearer scope of duties and responsibilities and to use as guidelines for Director’s self-assessment on performance review. Holding site visit session to review the operation of the group companies in accordance with GC Way of Conduct and putting in place site visit close out as a mutual agreement between Executives and the relevant staff of the group companies including the Company’s staff in order to successfully carry out the operation under GC Way of Conduct pursuant to the determined objectives. Develop webpage using share point system to create additional channel to receive news and updated information relating to GC Way of Conduct, e.g., news letter, Q&A, etc. Providing consulting engagement relating to internal control to newly established group company. Providing advice and supports to companies within GC Group to put in place their own corporate governance policy, anti-corruption policy, and corporate governance and business code of conduct handbook, being in line with organization structure and characteristics of business operation, and providing supports to companies within GC Group to have effective, transparent and verifiable management system in accordance with good corporate governance principles. Communicating and providing advice on assessment of process level control to group companies which are strategic owner and operator by taking into consideration internal control and compliance supervision using methodology of control selfassessment (CSA). (5) Responsibility towards stakeholders Customers/Suppliers Developing Sale Service system to support better customer’s opinion management system. Putting in place privacy notice and consent form relating the keeping, use and disclosure of personal data and assessment of supplier’ PDPA compliance. Improving the Approved Customers/Suppliers System, which is used to select customers and suppliers to procure raw material from or sell products to, so as to bring it up to standard and ensure verifiability. Employees Improving the Performance Management System to allow regular communication between supervisors and staff (feedback), regular target review and performance assessment (dynamic), internal performance raking and mobile working support. Developing diverse learning channels including Online, Classroom, e-Learning and Micro-Learning. Providing training on “financial coach” as change agent of operation unit to give investment knowledge to every level of employees. Procuring COVID-19 vaccines to employees and providing quarantine facility in case any employee or any of their family members gets contracted with COVID-19 virus. (6) Risk management and internal control Improving Risk Matrix to clearly prioritize the risks and improving criteria for evaluating effect and possibility of risks in order to assess the effect on the satisfaction of business objectives and strategies in 2022. Carrying out mitigation plan when encountering cyber attack crisis on the Operation Technology (OT) system both at the Cyber Incident Response level and at the Corporate Crisis Management Level. Developing IdeaMANI system to monitor the key risk indicator (KRI), a leading indicator, via online system. Developing COSO Connect assessment system to assess the adequacy of internal control system of the Company via online system. Carrying out anti-corruption actions, i.e., being CAC Change Agent to expand transparent business network to business partners, supporting group companies to be CAC members and putting in place automated CAC Checklist system to improve working procedures and efficiency of database management relating to the Company’s anticorruption measures, as well as monitoring, processing, analyzing, information reviewing and giving advice on CAC Checklist and referencing document via online system. Supervising and managing IT related matters, i.e., appointing Chief Information Security Officer (CISO), setting up cyber security project unit and data classification project to compile and classify confidential information and analyze risks in the Company’s information, including providing advice on managing and protecting each class of information to be in accordance with international standard. 129