Golden Lime Public Company Limited

“A leading producer of lime and mineral processing in Southeast Asia,” delivering maximum value to shareholders and stakeholders. The Company engages in the manufacturing and distribution of its core products: quicklime, or Calcium Oxide (CaO), and hydrated lime, or Calcium Hydroxide (Ca(OH)₂). The Company operates four manufacturing plants located in Lopburi and Saraburi provinces.

Golden Lime Public Company Limited No. 89 Cosmo Office Park, 6th Floor, Unit H, Popular Road, Banmai, Pakkret, Nonthaburi 11120: THAILAND.
02 017 - 7461 - 3

+66 (0) 2017 7461 - 3

info@goldenlime.efinancethai.com

Sustainability Menu

Economy

Environment

Social

Economy

Environment

Social

Sustainability

Sustainability

Internal Control

Document Download

Download

Internal Control

Internal Control

Internal Control Policy and Objectives

SUTHA values a strong internal control system that safeguards and monitors operations. This system fosters collaboration between management and employees, building trust and ensuring compliance with standards. Effective internal controls identify weaknesses, enabling improvements that enhance resource efficiency and support operational goals while promoting good corporate governance. Guidelines:

Guidelines

  1. Awareness: All departments must recognize the vital role of internal control in effective management by evaluating the cost-benefit of control measures. Weak controls can lead to damage, revenue loss, asset depletion, or reputational harm.
  2. Board Responsibilities: The board mandates that internal control be part of each unit's duties, covering all financial and critical activities. Departments should create manuals and identify key control areas to ensure operations meet standards and responsibilities are clearly communicated to management and staff.
  3. Audit Committee Role: The audit committee monitors internal control, while the governance committee handles policy development. The risk and sustainability committee manages risk and sustainability efforts. Management must ensure internal controls are adequate, effective, and compliant with laws to prevent conflicts of interest and enhance resource efficiency.
  4. Effectiveness and Suitability: Internal control systems should be effective and suitable for the organization's activities, with independent audits by external firms. Internal audits should be conducted by relevant management, establishing standardized control frameworks for organization-wide implementation.

Framework/Standards

To ensure compliance with established standards, the organization has adopted the COSO framework, tailored to fit its control practices and systems, incorporating five principles and 17 key components. This manual references the COSO IFIC 2013 standards for developing internal control systems.

 

Framework for COSO IFIC 2013 Standards: 

Each unit within the organization can evaluate the components based on the five principles and 17 elements as follows:

1. Control Environment 

The company and its subsidiaries have established a framework for managing internal controls and risk, based on the "Three Lines of Defense" model. Responsibilities are clearly defined along reporting lines to enhance operations, supported by policies that uphold integrity and ethics. Strong corporate governance is essential for sustainable growth. Key activities include:

1.Policy and Direction Setting: Defining clear business policies and strategic goals that align with governance practices, grounded in core corporate governance principles.

 

2. Ethics and Conduct: Creating ethical guidelines for all levels of the organization, ensuring compliance and awareness among stakeholders.

 

3. Organizational Structure: Clearly defining the organizational structure and reporting lines to facilitate effective governance.

 

4. กJob Descriptions and Manuals: Developing and regularly updating job descriptions and operational manuals to ensure compliance and efficiency, with subcommittees overseeing governance as directed by the board.

 

5. Employee Responsibilities and Training: Assigning internal control tasks to employees and providing regular training to enhance awareness and operational effectiveness.

2. Risk Assessment 

6. Objectives and Goals: Every major activity is defined by clear and adequate objectives or goals.

 

7. Risk Identification: Each major activity recognizes potential risks or impacts that could hinder the achievement of objectives or key performance indicators. These risks are analyzed to develop risk management strategies, which are tracked using Key Risk Indicators (KRI) to ensure risks are kept within acceptable limits.

 

8. Fraud Risk Assessment: Assessing the potential for fraud and associated risks in major activities. This includes implementing internal controls and risk management practices, along with documented guidelines for prevention.

 

9. Change Assessment: Recognizing and evaluating changes that could significantly affect internal control.

3. Control Activities 

10. Control Activities Management: Control activities are established for both primary and other significant activities. Operational manuals are created for the company's main processes, detailing the authority, responsibilities, goals, and objectives in writing.

 

11. Technology-Related Control Activities: Activities impacting key business objectives are selected, and control activities related to technology are developed to support the achievement of organizational objectives.

 

12. Policy Implementation: Activities are implemented through policy setting (defining expectations and work plans), budgeting, and operational procedures for key activities. This ensures that management and employees at all levels correctly follow these guidelines, avoiding significant regulatory or directive violations. Clear separation of duties is established to enable mutual checks and prevent fraudulent activities.

4. Information and Communication 

13. Effective Information System: An efficient information system is established, allowing timely access to data and the generation of reports beneficial for management and operations. This system ensures accurate and prompt submission of information or reports to relevant regulatory bodies.

 

14. Internal Communication: Necessary internal communication supports the functioning of internal control, including the objectives and responsibilities of internal control.

 

15. External Communication: Communication with external parties on matters significantly impacting the functioning of other internal control components.

5. Monitoring Activities

16. Monitoring and Evaluation: Rules are established for timely monitoring and evaluation of each activity to assess and prevent risks in advance. The adequacy of the internal control system is evaluated, and the audit committee reviews the adequacy before presenting it to the audit committee meeting for consideration.

 

17. Communication of Deficiencies: Evaluating and communicating internal control deficiencies appropriately involves communication within departments, senior management, reporting to the executive committee meeting, the audit committee, and the board of directors. This ensures that relevant parties are informed of any deficiencies or impacts, with guidelines as follows:

1. Responsibilities of Heads and Managers: Heads or managers of each unit, along with appointed internal audit members, are responsible for controlling and auditing operations, evaluating internal control and compliance with standards such as ISO. Management and unit executives oversee and monitor relevant controls, reporting audit findings to management. If weaknesses are identified, management will establish control measures to systematically and continuously address them. Audit reports are reviewed by the audit committee, which assesses the adequacy of the company's internal control system and its subsidiaries to prevent misuse of assets, ensuring compliance with the Stock Exchange of Thailand regulations and relevant laws, avoiding conflicts of interest.

 

2. Follow-Up on Recommendations: Units under audit, if advised to improve operations or tighten controls, must appoint internal control coordinators or auditors. Management and executives are responsible for monitoring, evaluating, and regularly reporting results to the executive committee, management, and audit committee. The audit committee reviews the adequacy and effectiveness of the company's internal control system.

 

3. Auditor's Evaluation: Auditors assess the adequacy and robustness of the company's internal control system, ensuring no significant deficiencies. If improvements are recommended, relevant management must follow up with accepted standards, considering the cost-effectiveness of investments.

Organizational structure for Internal Control and Risk Management

The organization has established a structure and defined roles for internal control and risk management based on the "Three Lines of Defense" model. This model helps delineate responsibilities and operational patterns within the framework of internal control.

The organization's internal control and risk management structure includes the board of directors approving the internal control and risk management policy framework. Various subcommittees are appointed to oversee and review the organization's business operations. These subcommittees operate according to their charters and responsibilities. For internal control oversight, the board has appointed the Risk Management and Sustainability Development Committee (RM_SD). This committee is responsible for overseeing and controlling risk management and sustainability development within the organization. They ensure that risk management processes are implemented at the departmental level, managing and controlling risks related to critical infrastructure in each division. They also oversee operational units to ensure compliance with responsibilities, guidelines, standards, procedures, and relevant laws and regulations.

Roles and Responsibilities in Internal Control and Risk Management

Stakeholders :

The Board of Directors (BOD)

Roles and Responsibilities :

  • Approve policy frameworks, charters, and reports. Understand risks that may significantly impact the organization and ensure appropriate actions are taken to manage those risks.

Stakeholders :

The Audit Committee (AC)

Roles and Responsibilities :

  • Ensure the company has adequate internal control and risk management across the organization.
  • Independently oversee and monitor risk management.
  • Follow-up the effectiveness of the Internal Control Auditor’s operation
  • Monitoring the Performance of Internal Auditors
  • Report to the board and shareholders on the effectiveness of internal controls, providing insights to the Risk Management Committee on key risks related to internal control.

Stakeholders :

The Executives Committee (COMEX)

Roles and Responsibilities :

  • Manage operations to meet the company's objectives. 
  • Oversee and monitor management to ensure business processes achieve goals, including evaluating management performance and ensuring internal control, risk prevention, and risk management processes are in place. 

Stakeholders :

The Risk Management and Sustainability Development Committee (RM_SD)

Roles and Responsibilities :

  • Review and set policies for organizational risk management and crisis management related to business operations.
  • Promote risk management, risk assessment, reporting, and forecasting future risks.
  • Define acceptable risk levels (Risk Appetite) considering strategic goals and organizational value creation.
  • Ensure internal control activities align with business strategies and goals, managing crises and changes impacting business operations.
  • Suggest and monitor risk management measures, including mitigation plans for continuous improvement.
  • Oversee management's implementation of risk management plans, ensuring adequate and appropriate risk management.
  • Support and develop risk management across all levels, engaging stakeholders to collaboratively reduce risks and impacts on business operations.
  • Report significant factors or events impacting the company to the board, using urgent communication channels if necessary.

Stakeholders :

Managing Director (MD) 

Deputy Managing Director (Deputy MD)

Roles and Responsibilities :

  • Implement internal control and risk management policies across the organization.
  • Allocate budgets to support adequate and appropriate internal control and risk management.
  • Monitor internal control and key risk prevention measures, ensuring effective management plans.
  • Track strategic, sustainability, financial, operational, emerging, and key operational risks, ensuring appropriate internal control and risk prevention plans.
  • Promote internal control and risk management policies, ensuring processes are implemented organization-wide, emphasizing the importance of internal control and risk management.
  • Monitor internal control and strategic and operational risks, ensuring appropriate planning and management.
  • Promote a culture of internal control and risk management, ensuring managers and heads of units prioritize these aspects. Identify and control key activities, assess risks, and develop plans to manage and mitigate impacts.

Stakeholders :

HR department

Roles and Responsibilities :

  • Develop communication channels to instill awareness among company personnel, ensuring that internal control and risk management are integral parts of business processes. This includes organizing training programs to enhance knowledge and skills, promoting sufficient understanding of internal control and risk management principles. Additionally, develop employees' capabilities to effectively apply these principles in managing internal control and risk within their respective areas of responsibility.

Stakeholders :

Manager or Head of Department

Roles and Responsibilities :

  • Study and understand the internal control and risk management manuals, ensuring that personnel in the unit are knowledgeable and understand the principles of internal control and risk management to apply them in their work processes.
  • Ensure that operational reports include evaluations, the creation of internal control manuals, and appropriate reporting of internal control and risk management information.
  • Report risks and internal controls adequately and promptly, including regular assessments and reviews.
  • Promote awareness among employees in the department about the importance of internal control and risk management.

Stakeholders :

Supervisor and Employees

Roles and Responsibilities :

  • Identify and create manuals for key work processes, including reports that highlight critical control points and risks. Develop and implement measures related to operations, reporting to the department manager, and participating in the creation and execution of internal control and risk management plans.

Stakeholders :

Subcommittees Appointed

Roles and Responsibilities :

  • Welfare Committee
  • Safety and Environment Committee
  • Appointed Representatives for Standard System Audits
  • Governance Committee for Social, Environmental, and Sustainability Oversight 
  • Appointed work panel to oversee and control company projects

Stakeholders :

Internal Control Auditors Selected and Approved by the Audit Committee Internal Audit (IA)

Roles and Responsibilities :

  • Review the effectiveness of internal controls through annual internal audits, which include examining key business processes and following up on identified deficiencies to ensure improvements are made.

Stakeholders :

Internal Control Coordinators Appointed by the Audit Committee Meeting

Roles and Responsibilities :

  • Oversee the development of internal control audit plans and coordinate with external internal control auditors and those appointed by the audit committee meeting for annual internal control audits. This includes selecting and evaluating auditors, presenting proposals to the audit committee meeting for consideration and appointment for annual internal control audits.

Stakeholders :

External Auditor

Roles and Responsibilities :

  • Companies that conduct assessments for certification of various standards used by the company in relevant systems, such as ISO 9001, ISO 14001, and ISO 45001. External auditors perform these assessments every 3 years.

Stakeholders :

Auditor

Roles and Responsibilities :

  • Review and audit financial statements and reports, evaluating deficiencies in internal control processes. Ensure the accuracy of financial information and compliance with accounting standards.

Stakeholders :

Activities Owner

Roles and Responsibilities :

  • Implement controls or identify control points, monitor controls to ensure processes can prevent or reduce risks that may impact activities. Ensure effective internal control and risk management.

Stakeholders :

Employees

Roles and Responsibilities :

  • Study policies or manuals on internal control and risk management. Use this knowledge to enhance work processes by analyzing and managing risks related to duties. Stay alert to changes in internal and external factors to assess control and prevent risks. Mitigate impacts quickly