ANNUAL REPORT 2024
EN
Pandemic, economic crisis, supply chain disruption and global political instability have shown that the business’s survival and development can be threatened without a proper risk management strategy. Given the constantly changing markets and unexpected economic shocks, risk management has become an indispensable element for enterprises. With the goal of increasingly perfecting and standardizing the risk management system which was built from the early stage, in 2024 PVCFC continued to focus on synchronously implementing activities based on the components of the system, including risk management and culture, strategy and target setting, operational performance, reviewing and improving the system as well as promoting information, communication and report.
PVCFC has applied “The three lines” to support BOD and the General Director to be responsible for supervision and operation of risk management by identifying factors that can affect missions, vision and strategic goals of the Company, working out solutions to minimize threats and grasping opportunities.
The Company applies a “The three lines” model to support BOD and Executive Board to not only control risks but create higher values by identifying factors that can affect the implementation of the Company’s mission, vision, and strategic goals and provide solutions on minimizing potential risks, taking advantage of opportunities. BOD has issued a model of internal control system according to the value chain and risk management system from Company-level to unit-level.
Following operational practices over the past years, PVCFC has reviewed, updated risk management frameworks aligned with the company’s strategic goals in each period. The Company’s risk management framework includes statements of risk appetite, risk tolerance level and risk measure. Risk management regulations and risk management process have also been issued since the Company started implementing risk management and updated and adjusted over the years or when necessary.
Based on the established risk management framework, the Company regularly assesses external impacts that may affect the achievement of strategic goals (such as the situations of politics, economics, society, law, environment, technology, etc. in the country and in the world) as well as the Company’s internal factors to identify the major risks that need to be controlled (such as financial risks and operational risks in terms of information technology, environment, society and economy), including evaluating risk materiality in line with the risk heat map, root causes of the risks, giving out response measures and specific action plans, and building Key Risk Indicators (KRIs) for early warning of risks. The Company monitors, reviews and evaluates both potential and identified risks in monthly and quarterly assessments as well as the Company’s seminars in risk management. Executive Board makes quarter and annual reports on risk management to the Audit and Risk Management Committee. Regular meetings of the Audit and Risk Management Committee also review internal control and risk management activities implemented during the period. Therefore, BOD members can review the Company’s major controls (including operational, financial and compliance controls) and risk management systems, assisting the BOD (Audit and Risk Management Committee) to evaluate the adequacy of the Company’s internal control/risk management that have been established and ensured.
In 2024, the Company identified 7 corporation-level risks and 40 unit-level risks. The major risks and the response/minimization solutions applied by PVCFC are as follows:
Regularly monitoring, updating and evaluating the world’s political and economic situation.
Researching and forecasting the market for self-traded products.
Diversifying self-traded products.
Selecting and trading products that cannot be produced domestically or are in short supply.
Optimizing costs in production and business activities
Researching and proposing appropriate market policies to always ensure customer benefit
Researching and proposing appropriate market policies to always ensure customer benefit
Developing and implementing after-sales programs for customers to increase customer engagement and companionship
Closely following gas resupply plan, aiming to put the Plant into operation as soon as possible.
Closely following gas resupply plan, aiming to put the Plant into operation as soon as possible.
Duy trì một tỷ lệ hàng tồn kho hợp lý dự phòng cho mất sản lượng.
Maintaining a reasonable inventory ratio to reserve for loss of output.
Improving maintenance efficiency.
Reviewing and updating guidance periodically, ensuring that all items of medium maintenance and large maintenance have guidance or plans attached.
Ensuring the availability and quality of tools and spare parts.
Regularly checking, monitoring, and reporting the operating status of equipment.
Assigning equipment care to each individual in the unit, visualizing equipment care tasks at the site.
The likelihood of cyber-attacks and cybersecurity vulnerabilities can threaten the integrity of intellectual assets and other sensitive information, causing operational disruption as well as affecting the Company’s financial performance and operational results.
The possibility of Ransomware attack can exfiltrate network data, encrypting server system platforms and files, apps and backup system.
The possibility of confidential information related to employees, customers or the company’s operation is exposed to unauthorized parties, causing losses in revenue, assets, regulation and other issues.
Planning a tight control for the system.
Accelerating investment in security solutions, especially effective solutions for Ransomware prevention.
Investing in backup solutions.
Timely updating security patches for the system.
Upgrading and investing in replacing old technology equipment.
Developing and standardizing system operation documents.
Improving user capacity through training and communication.
Hiring a third party to conduct network security testing.
Monthly monitoring by the BOD through the General Director’s update on operating status of the Company’s IT system, risks and important improvements related to safety, network security.
Purchasing and upgrading equipment.
Checking all information printed on packages as for 100% of batches before entering the warehouse.
Setting up a checkpoint to control information printed on packages before delivery.
Regularly updating/training/announcing the latest regulations on labels and promptly controlling raw materials for organic products.
Carefully reviewing specifications of organic products when ordering and accepting.
Developing a general assessment method (Getting a consensus on the method to evaluate physical properties of organic products with the manufacturers (solubility, hardness, granular size, etc.)).
Classifying, inspecting, and managing packaging.
Regularly updating relevant legal changes to promptly adjust management and control solutions.
Regularly maintaining environmental treatment equipment and automatic environmental monitoring equipment to ensure stable operation.
Carrying out temporary storage and waste transfer in accordance with the regulations
Carrying out temporary storage and waste transfer in accordance with the regulations
Fully implementing identification of hazards, risks, and work permits.
Sufficiently equipping fire prevention and fighting equipment and fully carrying out rehearsals.
* Financial risk: PVCFC continues to maintain good financial management of the Company, so it has not identified key company-level financial risks in 2024.
The above risks are classified on risk likelihood and level of impact on company level risk heat map:
Depending on the level of risk on heat map, the Company will give out appropriate treatment which will be specified in the Company’s risk management regulations.
| COLOR | LEVEL | ACTION |
|---|---|---|
| Very high |
1. Require to implement risk response plans to immediately minimize
risks at relevant units. 2. Report to Chairman, Risk Management and Economic Committee and General Director for review and direct direction. |
|
| High |
1. Require the relevant units to prepare risk response plans that they are
always ready and can be applied immediately as the risks occur. 2. Report to General Director for review and direct dire | |
| Medium |
1. Add the risks into watchlist and process. 2. Risk mitigation plans are implemented and monitored by the Head of Units. Second line functions of the Company such as Risk Management Department enhance indirect monitoring activities |
|
| Low |
1. The risks are low and are managed by in-process controls. 2. First and second line units consider to include in their implementation plans: The Unit’s risk self-assessment program or the second line’s inspection and supervision plan for the first line. 3. Add the risks into watchlist. |
In 2024, PVCFC implemented many activities related to risk management: Based on the company-level risk profile and the 2024 unit-level risk profile which have been issued, the Company periodically reviews and evaluates identified risks and emerging risks that may affect the implementation of the Company’s business plan, including major risks at both the Company and Unit levels for all departments/ divisions/affiliates.
The year 2024 also marked a milestone when the Company deployed and put into use the software of risk management integrated with electronic office (transformed from the formerly independent risk management software into an integrated risk management software), which allows to connect Electronic Signature and Incident Investigation modules for the purpose of digitizing this activity and helping operations, queries, reports, etc. be quick and timely, increasingly improving risk management effectiveness. Continuing to raise awareness of risk management as an annual activity, the Company has organized a training course on “Understanding management of risk control system” for the unit risk coordinators. Together with training courses, PVCFC promotes communication to help employees understand the meaningful role of risk management in uncertain fluctuations. The Company has also organized an E-learning contest named “Risk management to create sustainable value” to learn about risks and risk management, attracting the participation of many groups and individuals in the Company
Based on the enterprise risk management framework which was built and increasingly standardized over the years, in 2024 PVCFC continued to implement activities to further improve the system according to good practices. PVCFC always focuses on implementing risk management associated with all regular operations. According to ESG Strategic Orientation - Sustainable Development which was issued as per Decision No. 1696/QD-PVCFC dated June 10, 2024 of the BOD, the Company has standardized risk management system towards integrating ESG risks into the enterprise risk management framework. Initially, the Company has assessed the current status of integrated enterprise risk management system for sustainable development according to COSO and good practices. By assessing the gap between the current status and the practice, the Company can identify the next actions to be implemented, towards building a risk management framework integrating sustainable development risks, including statement of risk appetite, risk tolerance and risk metrics, as well as identifying and proposing action plans to respond to major risks in 03 aspects of Environment - Society - Governance adhering to the Company’s strategic goals and production and business plans in the coming time.
