BUSINESS OPERATION AND PERFORMANCE CORPORATE GOVERNANCE FINANCIAL REPORTS AND FINANCIAL STATEMENTS APPENDIX GC implements the automated control in crucial processes: For example, SAP GRC Access Control is in place to ensure that SAP operating system access rights accord with good practices in segregation of duties. GC also uses the Continuous Control Monitoring System (CCMS) for crucial processes – sales and payment received processes to help detect and follow up exceptional transactions and to notify designated employees to correct problematic transactions in a timely manner. Moreover, the Company applies the digital tools such as; Robotics Process Automation (RPA) in procurement process, Blockchain technology in bank guarantee management process, and Salesforce CRM system in sales and service processes. In 2021, GC continually developed the automated control in corresponding to the situations. The Company implemented Approve Customer and Supplier List system to gather information about customers and suppliers from data entry to approval, create sales orders or contracts through the online system for reducing working time and increasing operational efficiency and enhancing corporate governance. GC initials the FiT project which focuses on business transformation; operational efficiency enhancement with respect to costs, quality, and agility using digital technology in operational process and alignment with GRC principle as well as human development for emerging jobs in order to bolster its capabilities in support of its future missions. GC has in place an Information Technology Security Pol icy in accordance with the ISO27001 – Information Security Management standards and international standards framework and guidance. The policy is reviewed and updated regularly. All executives and employees are required to sign and pledge to comply with the policy to ensure information security and continually business operation of GC group. Furthermore, Cyberthreat prevention training and communication are regularly provided to all employees for up-lifting information security standards according to current situations. In 2021, GC conducted assessment under the NIST Cybersecurity Framework (CSF) which assist organizations in planning to prevent, detect and respond to threats in timely manner while the business continues to operate. In addition, a Real-Time Vulnerability Management project was implemented to conduct continuous vulnerability checks on the server, network, and security equipment continuously as well as reporting the results immediately. This shall create an awareness of the vulnerabilities and lead to corrections and improvements and definitely decrease the risk of threats occurring in a prompt response. Besides, GC set up the special function to closely oversee information technology security. The Corona Virus infection prevention and control committee (COVID-19) is accountable for monitoring and analyzing the COVID-19 situation, establishing policies, supporting including formulating measures. In 2021, the measures were upgraded to be more intensive, such as adopting the guideline for preventing cluster (Bubble) and limiting the location to reduce the likelihood of infection from outside (Seal), preventive measures for factory areas and construction projects The Vaccine Service Center was set up with communication measures to raise understanding and lead to comply and prevention. GC looks after employees as well as visitors who come into the company’s area to ensure that the safety of all parties engaged, and the Company’s business can continue despite the severe COVID-19 outbreak. GC governs and manages its subsidiaries to ensure that their directions, policy, and procedure align with GC. Subsidiaries’ performance is monitored regularly and continuously. GC developed the guideline called “GC Way of Conduct”, which is regularly improved and continually communicated to subsidiaries in the GC group. The training programs are arranged to executives of GC Group to raise understanding and awareness. The assessment is conducted every year to evaluate the implementation for further improvement and enforcement. The progress of this program is regular ly reported to top management for acknowledgment. 201
RkJQdWJsaXNoZXIy ODg4NTI=