Risk Management

Sikarin has established a clear Risk Management Policy aligned with ISO 31000 and the COSO ERM Framework. This policy provides a structured approach to identifying, assessing, managing, and monitoring risks—covering strategic, operational, financial, legal compliance, and Environmental, Social, and Governance (ESG) risks.

Key principles of the policy include:

• Risk management is a shared responsibility at all organizational levels
• Risk management must be integrated into strategy setting, business planning, and operations
• ESG risks must be analyzed and evaluated on par with business risks
• A consistent and transparent system for monitoring, reviewing, and reporting risks must be maintained

Sikarin’s risk management is guided by a clear governance structure with defined roles and responsibilities at every level to ensure effectiveness and alignment with corporate strategy while maintaining long-term resilience.

Board of Directors: Sets risk management policy, direction, and enterprise-wide framework in line with corporate strategy; approves the acceptable risk appetite; closely monitors risk performance and conducts annual reviews of the risk management system. The Board also promotes a risk-aware culture across the organization.

Enterprise Risk Management Committee: Oversees enterprise-wide risk strategy, planning, and integration—including strategic, operational, financial, and ESG risks. This committee monitors systemic and material risks, promotes risk integration across departments, and reports outcomes to the Board as scheduled.

Board of Director established Risk Management function with Mr. Suriyan Kojonroj, Deputy Managing Director responsible for specific operational level risk management. This Risk Management function is responsible for integrate risk into planning and decision-making; continuously monitor and improve risk management processes; and report outcomes to the Risk Management Committee.

Operational Units and Risk Owners: Identify, assess, and manage risks related to their operations; implement and refine control measures; prepare quarterly risk reports or event-triggered reports; and collaborate with management to strengthen internal controls.

Internal Audit: Evaluates the adequacy and effectiveness of the risk management system; audits compliance with policies and internal risk-related procedures; provides recommendations to enhance the risk management framework to respond to evolving business contexts; and reports systematically to the Audit Committee and Board.

Sikarin Public Company Limited places great importance on fostering a risk management culture at all levels of the organization, grounded in the belief that building risk awareness is a fundamental foundation for driving sustainable achievement of strategic goals, particularly in an increasingly dynamic and uncertain environment.

To promote this culture, the Company regularly conducts training sessions and seminars on risk management. These aim to ensure that employees across all levels understand the concepts, principles, and practices involved in identifying, assessing, managing, and monitoring risks. Training programs also cover specialized risk topics such as ESG risks, information technology risks, and patient safety risks to enable personnel to effectively apply this knowledge to their responsibilities.

Internal communication on risk and risk management practices is another key element that the Company strongly emphasizes. Continuous knowledge sharing and experience exchange across departments are encouraged to foster mutual learning and strengthen a shared understanding of risk-related issues relevant to each operational context.

Furthermore, the Company supports an environment in which employees are encouraged and empowered to report risks or anomalies without fear of negative consequences. By cultivating an organizational culture rooted in transparency, accountability, and constructive learning from mistakes, the Company believes that open and fearless communication of risk-related information leads to more effective risk management and significantly reduces the likelihood of severe incidents.

Key Training Highlights:

Strategic Risk Thinking: Participants learned that effective risk management involves more than just responding to incidents. It includes proactive planning, seeing the big picture, and making visionary decisions at all organizational levels.

Holistic Perspective: Risk management is not limited to hospital operations. The training also covered financial, operational, reputational, and legal risks, promoting an integrated, cross-departmental approach to risk management.

Hands-on Practice through Real-life Scenarios: Through workshop activities, participants practiced analyzing simulated events, assessing impacts, and making decisions under uncertainty. This practical approach aimed to prepare them realistically for actual situations.

Leadership Role in Fostering a Risk Culture: The training underscored the critical role of leadership in instilling preventive behaviors, encouraging open communication about risks, and creating a safe space for learning from mistakes.

At Sikarin, the highest priority in service quality control is placed on minimizing risks in the medical treatment process as well as in other related operations. Significant emphasis is given to risk identification, risk prevention, and risk reporting. Each year, Sikarin develops a Hospital Risk Matrix to assess organizational risks. The results of this assessment identify key areas where risk prevention measures are required, including the five highest-risk areas. These insights also inform the development of improvement programs and the selection of appropriate Key Performance Indicators (KPIs) within the Hospital Matrix.