2. Risk Assessment The Board of Directors and executives place great emphasis on risk management to ensure the achievement of both short-term and long-term goals. The Risk Management Committee is appointed by the Board of Directors, whi le the Enterprise Risk Management Committee and taskforces are appointed by the Chief Executive Officer & President to manage business risks and specific issues to directly enhance management agility and allow the close monitoring of various situations. GC’s risk management is structured as such to ensure suitability, efficiency, and effectiveness. GC has announced a Risk Management Policy and has implemented Integrated Enterprise Risk Management systematically and continuously throughout the organization according to such international risk management frameworks and guidelines as ISO 31000 and COSO ERM 2017. In 2023, GC revised its investment risk management procedure to align with the organization’s decarbonization goals. Risk assessment is also conducted in various aspects, including current business-related risk factors, future business-related risk factors, emerging risk factors, and the potential for fraud and corruption, and mitigation plans were developed accordingly. Risk factors and mitigation plans are reviewed and monitored regularly to ensure alignment with short-term and longterm GC’s goals. GC has also developed Key Risk Indicators (KRIs), which are linked to Key Performance Indicators (KPIs), to evaluate the Company’s short-term and long-term goals, monitor changes in risk factors, and efficiently manage risk in a timely manner. In 2023, GC developed the Risk Register platform, a centralized tool for recording and automatically tracking risk management progress, thereby ensuring effectiveness in risk management. In addition, GC has established a business continuity management system at both corporate and business unit levels, including within GC Group, in accordance with ISO 22301 international standard. GC has defined guidelines that are consistent with the business continuity management policy and prescribed annual drills of the business continuity plan (BCP) at both business unit and corporate levels. Events that could disrupt business operations and affect business continuity are simulated to ensure that GC is well prepared to cope with such crises effectively. The results of the drills are utilized to improve preemptive plans. In 2023, GC conducted a BCP drill at the corporate level involving simulations of a cyberattack on GC’s computer system that controlled plant operations. Details are described under “Risk Management”. 3. Control Activities GC has defined control activities to mitigate risks resulting from failure to achieve its goals and ensures that the residual risks are within an acceptable level. These include: GC has prescribed preventive and detective control in alignment with internal control principles, such as segregation of duties and delegation of authority, to ensure checks and balances. GC has also established policies and guidelines to identify transactions involving or potentially involving a conflict of interest, as well as operational activities for the management of related party transactions. These measures are taken to ensure that the business is operated in a transparent, fair, and auditable manner for the utmost benefit of the organization. GC has established rules, regulations, policies, and manuals in writing as well as a clear scope of authority of the Chief Executive Officer & President, executives, and employees at each level, along 224
RkJQdWJsaXNoZXIy ODg4NTI=