1. Objectives and Scope
Alucon Public Company Limited realizes that the Company is faced with various risks and uncertainties in its business operations. Effective risk management is therefore important in enabling the Company to achieve its objectives, success and sustainable growth. This policy aims to set a framework for the Company’s risk management in accordance with the principles of good corporate governance.

2. Definition of Risk
Risk refers to uncertainty that affects the Company’s achievement of its goals. Such impact may result in positive (opportunities) or negative (obstacles) deviations from the Company’s expectations.

3. Risk Management Principles
Alucon realizes that risks can result in both positive outcomes (creating opportunities) and negative outcomes (obstacles and damage). Creating opportunities can result in better returns and outcomes when risks are well assessed and risks are mitigated through careful management decisions. The company believes that risk management should have the following characteristics:
1. Create value, respond to risks in a manner consistent with the company's acceptable risk level, and consider the associated costs and benefits.
2. Be part of the organization's processes.
3. Be part of the decision-making process by providing the best possible information.
4. Clearly deal with uncertainty and assumptions.
5. Be a systematic process.
6. Be transparent and comprehensive.
7. Be agile and responsive to change.
8. Be continuously or periodically evaluated for improvement and efficiency.

4. Sources of risk factors
Resulting from 2 factors: internal factors and external factors, which are divided as follows:
1. Internal factors are factors that occur within the organization, such as the organization's objectives, policies and strategies, operations, work processes, organizational structure and management systems, finance, organizational culture and information technology.
2. External factors are factors that occur outside the organization and cannot be controlled by internal management, such as government policies, economic/social/political conditions, operations of related external agencies, competition (business competitors), suppliers or suppliers of goods/services (Suppliers), natural disasters, epidemics, and war or riots, etc. The risks in this policy cover the following:
1. Strategic risks
2. Operational risks
3. Financial risks
4. Legal and organizational commitment risks
5. Emerging risks
6. Business interruption risks
7. Environmental risks
8. Technology risks
9. Health and food safety and consumption risks

5. Implementation of this Policy
The implementation of this Policy is the responsibility of the Risk Management Committee, whose Chairman is responsible for implementing the Policy and its continuous implementation. The Risk Management Committee and the Risk Management Working Group are responsible for supporting the responsibilities of all relevant business units and divisions. The implementation of the Policy includes setting the guidelines for risk management processes and providing adequate resources for executives and employees to enable them to fully implement the Policy.

6. Roles and Responsibilities
1. The Risk Management Committee is responsible for establishing and overseeing and managing risk management to ensure the effectiveness of the risk management system, considering the balance between risk and return under the strategic plan and the integrity of the risk management system.
2. The Risk Working Group is assigned by the Risk Committee to assist in the implementation of the risk management obligations. Its assigned responsibilities are to monitor, supervise and advise on the organization's risk management approach. The Risk Management Working Group is responsible for monitoring, preparing and updating the risk management register to align with the approved risk levels and strategies.
3. The Risk Management Committee is responsible for the overall oversight of risk management operations for the entire Group to ensure that material risks are identified and effectively managed.
4. The business units (departments) are the owners of risks and have primary responsibility for promoting risk awareness within the organization and Effective risk management on a daily basis
5. The role of the risk coordinator is to support the business group in using risk management processes and techniques with the aim of increasing awareness, ownership and risk management leading to better business performance.
6. The risk management team will analyze internal and external factors that positively (opportunities) and negatively (obstacles) affecting the business. In the analysis, when the results of the analysis are obtained, the organization's strategic direction must be determined. It is set to be done once a year or when internal and/or external factors that affect the business change. When the business strategy direction is determined, the risk management team must prepare an action plan to support the business strategy, including contingency plans for each situation.
7. The risk management team is responsible for proposing and improving the risk management policy, creating a risk awareness culture in the organization, including appropriate education and training, setting internal risk policies and structures for business units, designing, reviewing and advising on internal risk management processes, and preparing risk reports to the risk management committee and the board of directors every year.
8. The internal auditor is responsible for overseeing internal audit work to identify significant risk factors in accordance with the management guidelines, inspecting to assess the effectiveness of risk reduction operations of all units, and assisting the risk management committee in reviewing the appropriateness and adequacy of overall risk management, and reporting the results to senior executives and the audit committee to find opportunities for improvement.

7. Policy exceptions
In the event that the Management believes that any Policy is not suitable for implementation, the matter shall be referred to the Risk Management Committee and forwarded to the Board of Directors for consideration in advance of any obligations to be undertaken by the Company.

8. Policy Maintenance
This Policy and the underlying procedures shall be reviewed annually to ensure their continued application and consistency. Periodic and independent reviews of the application and effectiveness of this Policy shall be conducted to provide information to the Board of Directors for continuous improvement. Any changes to the Risk Management Policy shall be submitted to the Board of Directors for consideration and approval.