Risk and Crisis Management

Importance And Mission

PTTEP attaches great importance to Risk Management which is part of the Company’s main components of Governance, Risk Management, and Compliance (GRC) under the Sustainability Framework to ensure the achievement of our vision, mission, strategy, and business objectives as well as appropriate responses to stakeholders’ expectations. This approach contributes to sustainable growth and value creation for stakeholders in both the short and long term. Therefore, to ensure robust risk governance, PTTEP has established a risk management framework and policy which all management members and employees to are required to comply with.

GOALS

High-impact Risk Identification with Effective Mitigation. This goal was approved by the Board Level.

Management Approach

Risk Governance

Having effective and efficient risk management as its commitment, the Board of Directors approved the Risk Governance Framework to define oversight responsibilities and authorities that demonstrate strong coordination, collaboration and communication among the board level, the management and business unit level for managing all aspects of risk in accordance with PTTEP’s policies effectively. In addition, the Board of Directors also approves the Risk Appetite Statement to be used as a framework for all PTTEP business operations and seeking business opportunities with acceptable risks. Ultimately, PTTEP intends to ensure that strategic risks, risks with high impact to corporate level (Corporate Risk), and emerging risks are well managed to prevent the arising of negative surprises, to reduce potential losses, and to minimize recurrence risks.

In 2025, PTTEP expanded the scope of Strategic Risk Management at both the corporate strategy and execution strategy levels to cover three-pillars under the sustainability framework: High Performance Organization (HPO), Governance, Risk Management and Compliance (GRC), and Sustainable Value Creation (SVC). This approach ensures alignment with changing business contexts and sustainability objectives. PTTEP also emphasizes integrating Environmental, Social, and Governance (ESG) considerations into the risk management process and has strengthened the management of Emerging Risks that the organization may face in the future by monitoring and assessing weak signals that could lead to new risk factors. Furthermore, to enhance risk management effectiveness, PTTEP fosters a strong risk culture as part of its corporate values by promoting the constructive exchange of perspectives and enhancing personnel capabilities to strengthen risk management competencies. PTTEP has also developed a framework for managing issues that do not yet qualify as risks under the risk management process. These issues are called Look-Alike Risks. This framework enables appropriate screening and response methods tailored to each issue’s nature, ensuring that resources remain focused on managing risks that could pose real threats.

PTTEP establishes its Enterprise Risk Management Policy and Framework approved by the Board Level Risk Management Committee that emphasize proactive risk management practices and a strong risk culture and establishes systematic Risk Management Process that is aligned with international standard ISO 31000:2018. In addition, the frameworks of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management – Integrating with Strategy and Performance (COSO ERM 2017) and COSO Enterprise Risk Management – Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks (COSO ESG 2018) have been applied to enhance integration of enterprise risk management, strategic planning, and ESG-related risk management. PTTEP management and employees at all levels have responsibility with regard to effective risk management and promoting comprehensive risk management to contractors, suppliers, and business partners, to assure the achievement of PTTEP’s vision, mission, strategy and business objectives.

Enterprise Risk Management Framework

Our risk management process is developed based on ISO Standard 31000:2018. and consists of 6 key steps as shown below. The process are scalable – It can be applied at most levels within an organization.

PTTEP aims to integrate risk management into its business activities and decision-making which cover core business activities including products and services of PTTEP such as strategic planning management, investment and divestment decision-making, capital project management, operations and business process management including business continuity management, and ESG management. In addition, the Company implements risk management both in the corporate level and operational level to ensure that all key risks are managed in accordance with risk appetite, allocates necessary resources for managing risk in proportion to the level of risk and cost benefit consideration, and monitors the progress of risk mitigation plans together with Key Risk Indicators (KRIs) which serve as a tool for early warning for timely executing prevention activities and properly setting up additional mitigation measures.

Risk Management Process

1. Scope, Context, Criteria

PTTEP provides a foundation for understanding how risks may impact our operations and guides subsequent risk management activities. Establishing the scope, the context and criteria is the process to define the objectives and understand the external and internal business context. A common understanding of these points is the key to success in risk management.

2. Risk Assessment

PTTEP conducts comprehensive risk assessments covering Strategic & Portfolio Risks, Financial & Market Risks, Political and Legal/Regulatory Risks, Operational Risks, and Emerging Risks. We evaluate the levels of identified risks using criteria based on impact and likelihood:

Risk Rating Scale

PTTEP establishes common rating scales for two dimensions which are impact and likelihood to align understandings among relevant parties regarding how to measure as per the rating scales.

Likelihood criteria : Llikelihood of some kind of risks is rated based on comparable occurrence to normal situation or experiences of risk owner. The degree of likelihood is subjective and possibly not in line with frequency probability but make sense in term of risk management. The 5-rating scale below provide brief criteria scale of likelihood.
- Almost certain (5) : Event has occurred frequently in E&P industry OR occurred more than once per year at the same location OR is expected to occur in PTTEP.
- Likely (4) : Event has occurred several times per year in the E&P industry OR more than once per year in PTTEP OR occurred at the same location OR is likely to occur in PTTEP
- Possible (3) : Event has occurred several times in the E&P industry OR occurred once in PTTEP OR may occur in PTTEP
- Unlikely (2) : Event has occurred few times in the E&P industry OR is unlikely to occur in PTTEP
- Rare (1) : Event occurrence is remote and/ or never heard of in the E&P industry
Impact category : PTTEP identifies 7 key categories of impact with 5-point rating scale to examine a level of severity. Impact is categorized as 1) Net Income/Net Present Value/Expected Monetary Value 2) People 3) Property damage 4) Project cost & schedule 5) Legal and compliance 6) Environment and 7) Image and reputation.

3. Risk Treatment

The process of risk treatment is developed to Take, Treat, Transfer and Terminate, in line with our risk appetite and tolerance levels.

4. Monitoring and Review

PTTEP continues monitoring risks and mitigation measures which are integral to our risk management process, ensuring that we remain vigilant to changing circumstances and adapt our strategies accordingly. In addition, we also review the risk exposure at least on a quarterly basis. This emphasis on agility allows PTTEP to promptly adjust its responses to incorporate newly identified risks with significant impacts, ensuring we are well-prepared to address risk in a timely, reasonable, and efficient manner.

Moreover, PTTEP conducts both internal audit and external assessment. From the last three years, Internal audit focused on Risk Management Process. In addition, PTTEP engaged independent expert to conduct ERM Maturity Assessment in line several global standards, including ISO31000 and COSO. The scope of the assessment covers Governance & Framework, Process, Culture, and Special Topics such as 3rd-party & partnership risk management. Risk Management Tool and Software and Business Continuity Management The maturity assessment results mostly range from Level 3 (Established) to Level 4 (Embedded).

5. Communication and Consultation

PTTEP ensures all employees are informed, engaged, and empowered to contribute to the success of the risk management program.

6. Recording and reporting

The risk management process and its outcomes shall be documented and reported through risk register tool and system. Risk report supports management and committee in meeting their responsibilities by ensuring that concerned parties can make decision, manage risks effectively and efficiently. Handling the sensitive risk information should be taken into account, but not be limited to their use.

Risk Management Structure

To ensure all key risks are thoroughly and completely identified and effectively managed in accordance with the Three Lines Model, the risk management unit advises and works with the First Line Roles, which carry out their duties and concurrently manage risks as risk owners. The risk management unit also coordinates with other functions especially the Second Line Roles, which support risk management assistance in their own areas of expertise. One of them is a compliance unit which shall monitor regulatory changes that may cause new risks or change risk levels. The internal audit unit, in accordance with the Third Line Roles which is made up of audit functional unit and external auditors, is responsible for independently auditing the overall performance of various management systems under the First and Second Line Roles. This includes ensuring effective and efficient implementation of risk management and providing recommendations for continuous improvement. Furthermore, the risk management unit and the internal audit unit shall exchange information to ensure that key risks are identified and managed continually.

Strategic Risk, Corporate Risk and Emerging Risk

PTTEP integrates strategic risk management into the strategic planning process. This involves assessing strategies from a risk perspective to support the selection of strategies that align with and drive the achievement of the company’s objectives within an acceptable risk level. Strategic risk management also encompasses the ongoing monitoring and reporting of key strategic assumptions, as well as the progress of relevant situations, to evaluate whether the implemented strategies remain viable in a dynamic environment. Furthermore, the Risk Management Department closely monitors emerging situations that may affect the organization’s strategies and provides quarterly reporting to the management and relevant committees. This enables timely review, adjustment, or revision of strategies in response to changing circumstances.

In the process of corporate risk management, PTTEP considers both internal and external contexts that affect the achievement of the Company’s objectives and strategies and may cause risks with high impact at the corporate level, such as significant global events, audit findings, and Risk Management Committee and management concerns. Meanwhile, key risks that are identified and assessed by risk owners will be simultaneously considered to escalate with corporate criteria. All Corporate Risks will be consolidated to formulate our Corporate Risk Profile (CRP) for monitoring and reporting to the management, Management Committee (MC) and Risk Management Committee (RMC). If there is any significant change, it will be promptly alerted to all relevant committees for managing risks in a timely manner. In addition, emerging risks with potential impacts on future business operations are regularly monitored and reported.

PTTEP has successfully implemented and benefited from the web-based Risk Register System (RR System). The system enables risk owners to quickly identify and analyze risks and enhance risk information communication throughout the organization. It also helps the Company to easily consolidate and escalate key risks to Corporate Risks. In 2025, the Company enhanced the Risk Register system by introducing a strategic risk module, perspective on risks beyond those arising from work plan implementation. This improvement has enabled the Company to effectively manage risks and avoid any major issues (No Surprise Problems) due to unregistered risks and to allow all relevant parties to monitor the risk management anywhere and anytime promptly and conveniently. In addition, PTTEP continues to strive for more efficient and faster risk management including developing a Chat Bot to suggest risks and to search for complete risk information leads to manage risks that may arise as a problem and thus will affect the organization's goals.

In 2025, we leveraged a risk matrix to assess key threats to our organization. This matrix considered both the likelihood of a risk occurring and the potential impact it could have. Based on this analysis, we identified mitigation actions to ensure each risk falls within our acceptable risk tolerance level. Furthermore, this example demonstrates our ongoing commitment to proactive risk management through this cyclical process.

Key Risk and Prioritization	Description	Risk Appetite & Tolerance	Risk Mitigating Actions (Current Control)
Strategic & Portfolio Risks: New Investment Risks Prioritization (Likelihood and Impact): HIGH	PTTEP aims to maintain reserves-to-production ratio by seeking new business opportunities with strategic partners. Core areas include Thailand, Myanmar and Malaysia and the Middle East, considering factors like petroleum potential, project characteristics, political stability, and economic conditions.	PTTEP accepts investment risks in oil and gas exploration, recognizing them as part of our core business. We also invest in businesses aligned with our strategies, balancing risks with potential returns and benefits for stakeholders. The example of Risk metrics and Limits aligned with Risk Appetite are set. Gas: Oil ratio Country risk	PTTEP has established a risk management process to assess each investment in various aspects, ranging from petroleum potential, size and project characteristics, acquisition procedures, additional reserves, operator’s capability and performance, attractiveness of the fiscal regime, geographical conditions, related laws and regulations, political stability, issues concerning international relations, and economic and financial stability. Moreover, the Company also seeks advice from consultants who have expertise in such countries. Risk management measures are determined in advance of the selection of projects. Such risks are then integrated into a return-on-investment analysis or a sales and purchase agreement/ joint venture agreement. Moreover, PTTEP considers new investments that align with the Net Zero Greenhouse Gas Emissions target, with a focus on natural gas investments, where greenhouse gas intensity is taken into account in the decision-making process. Projects are screened by the Investment Committee, Management Committee, Risk Management Committee endorsement prior to Board of Directors’ approval.
Operational Risk: Exploration Risks Prioritization (Likelihood and Impact): HIGH	Exploring new petroleum sources is vital to PTTEP's growth. Risks include geological risks and resource volume uncertainty. Key factors affecting decisions are success chances, resource estimation, costs, and contract terms.	PTTEP accepts investment risks in oil and gas exploration, recognizing them as part of our core business. We also invest in businesses aligned with our strategies, balancing risks with potential returns and benefits for stakeholders. The example of Risk metrics and Limits aligned with Risk Appetite are set. Exploration budget Country risk	PTTEP employs a clear and systematic approach to exploration and production (E&P) project evaluation, ensuring that each phase of the E&P lifecycle is underlined by clear processes, guidelines, and criteria to maximize exploration success and minimize risks. The approach comprises potential petroleum basin evaluation and selection, in-depth subsurface studies of targeted blocks, and above-ground investment risk analysis. The Geosciences, Subsurface, and Exploration Group of PTTEP evaluates the global target areas to identify those with the highest potential for selection in bidding or joint venture opportunities. Once projects are secured, the group plans short-term and long-term exploration activities within the exploration budget set by the Company. PTTEP’s exploration strategies are reviewed and refined annually. These processes are reviewed annually, with target areas and exploration strategies adjusted to align with the results of previous exploration activities. In addition, PTTEP has established a Technical Assurance Committee as an additional layer of review and oversight in the exploration preparation process. This ensures that key technical aspects are thoroughly analyzed and that exploration assessments align with PTTEP’s internal standards and guidelines, supporting well-informed investment decisions that contribute to both current and future production targets.

Key Risk and Prioritization

Description

Risk Appetite & Tolerance

Risk Mitigating Actions (Current Control)

Strategic & Portfolio Risks: New Investment Risks

Prioritization (Likelihood and Impact): HIGH

PTTEP aims to maintain reserves-to-production ratio by seeking new business opportunities with strategic partners. Core areas include Thailand, Myanmar and Malaysia and the Middle East, considering factors like petroleum potential, project characteristics, political stability, and economic conditions.

PTTEP accepts investment risks in oil and gas exploration, recognizing them as part of our core business. We also invest in businesses aligned with our strategies, balancing risks with potential returns and benefits for stakeholders. The example of Risk metrics and Limits aligned with Risk Appetite are set.

Gas: Oil ratio
Country risk

PTTEP has established a risk management process to assess each investment in various aspects, ranging from petroleum potential, size and project characteristics, acquisition procedures, additional reserves, operator’s capability and performance, attractiveness of the fiscal regime, geographical conditions, related laws and regulations, political stability, issues concerning international relations, and economic and financial stability. Moreover, the Company also seeks advice from consultants who have expertise in such countries. Risk management measures are determined in advance of the selection of projects. Such risks are then integrated into a return-on-investment analysis or a sales and purchase agreement/ joint venture agreement. Moreover, PTTEP considers new investments that align with the Net Zero Greenhouse Gas Emissions target, with a focus on natural gas investments, where greenhouse gas intensity is taken into account in the decision-making process.

Projects are screened by the Investment Committee, Management Committee, Risk Management Committee endorsement prior to Board of Directors’ approval.

Operational Risk: Exploration Risks

Prioritization (Likelihood and Impact): HIGH

Exploring new petroleum sources is vital to PTTEP's growth. Risks include geological risks and resource volume uncertainty. Key factors affecting decisions are success chances, resource estimation, costs, and contract terms.

Exploration budget
Country risk

PTTEP employs a clear and systematic approach to exploration and production (E&P) project evaluation, ensuring that each phase of the E&P lifecycle is underlined by clear processes, guidelines, and criteria to maximize exploration success and minimize risks. The approach comprises potential petroleum basin evaluation and selection, in-depth subsurface studies of targeted blocks, and above-ground investment risk analysis. The Geosciences, Subsurface, and Exploration Group of PTTEP evaluates the global target areas to identify those with the highest potential for selection in bidding or joint venture opportunities. Once projects are secured, the group plans short-term and long-term exploration activities within the exploration budget set by the Company. PTTEP’s exploration strategies are reviewed and refined annually. These processes are reviewed annually, with target areas and exploration strategies adjusted to align with the results of previous exploration activities.

In addition, PTTEP has established a Technical Assurance Committee as an additional layer of review and oversight in the exploration preparation process. This ensures that key technical aspects are thoroughly analyzed and that exploration assessments align with PTTEP’s internal standards and guidelines, supporting well-informed investment decisions that contribute to both current and future production targets.

Changes in the environment, technology, laws, and regulations, as well as the global energy crisis, affect business operations. PTTEP, therefore, continuously monitors relevant developments and assesses emerging risks that may affect the Company’s business operations in the future. The Company then reports them to relevant executives and committees for follow-up and the update of risk mitigation plans to be consistent with the changing context that may affect our three key operational strategies – Drive Value, Decarbonize, and Diversify to enable the company to respond to emerging challenges in a timely manner.

Based on the enterprise risk factors, PTTEP has identified emerging risks. Hence, the prioritization of these emerging risks is based on the existing risk factors. Currently, PTTEP has identified and is monitoring two emerging risks as follows:

1. Accelerated Development of the Upcoming Biodiversity Regulatory Landscape

Following the Conference of the Parties (COP15) held in Montreal, Canada, in 2022, global attention has intensified on nature conservation and ecosystem resilience, leading to the establishment of the Global Biodiversity Framework. In line with these objectives, Thailand announced the National Biodiversity Strategies and Action Plans (NBSAPs) and, in 2025, published a draft Biodiversity Act. Recognizing the critical importance of Biodiversity and Ecosystem Services (BES), PTTEP is committed to ensuring that its operations contribute to global and national efforts to conserve, protect, and restore BES.

PTTEP conducts BES risk assessment for operations located in or near areas of key biodiversity importance by using internationally recognized assessment tools, such as the Integrated Biodiversity Assessment Tool (IBAT), the WWF Biodiversity Risk Filter, and results from Environmental Impact Assessment (EIA) studies. This approach enables PTTEP to more effectively identify ecological sensitivities, potential project impacts, and long-term environmental dependencies.

Timeframe: 3-10 years
Risk category: Environmental
Prioritization (Likelihood and Impact): Medium

Scenario and Impact to PTTEP:

BES risk assessment highlights key risks, including the potential loss of biodiversity, degradation of ecosystem services, and impacts on habitats that support endangered species, as well as broader pressures on biodiversity from changes in land, freshwater, and sea use and pollution. PTTEP also recognizes the socioeconomic risks affecting local communities as a result of biodiversity loss, which may lead to decreased cultural values, reduced livelihood resources, and a decline in quality of life in both the short and long term. Failure to properly manage biodiversity impacts could lead to reputational risks and financial exposure due to remediation costs in the short term, as well as higher investment budgets required for BES programs over short and long term.

Mitigation plan:

PTTEP continues to conduct assessments to identify not only BES risks but also potential impacts on natural ecosystems and dependencies on ecosystem services through the BES Value Assessments for projects with a high level of biodiversity risk.

To ensure effective management of BES-related risks, PTTEP has developed the Biodiversity and Ecosystem Services Management Guideline, which is aligned with IPIECA’s Guide to Developing Biodiversity Action Plans for the Oil and Gas Sector and the International Finance Corporation (IFC) Performance Standard 6: Biodiversity Conservation and Sustainable Management of Living Natural Resources. These frameworks guide PTTEP in managing BES risks and identifying priority biodiversity values, assessing potential project impacts, and implementing measures in accordance with the mitigation hierarchy (Avoid, Minimize, Restore, Offset).

Furthermore, PTTEP actively contributes to the development of environmental regulations by engaging with regulators, NGOs, and other stakeholders through collaborative platforms and sustainability networks to drive policies related to BES, as highlighted in the following initiatives:

The Office of Natural Resources and Environmental Policy and Planning under the Memorandum of Understanding (MOU) for a 5-year collaboration (2023–2028) in promoting biodiversity conservation and ecosystem services, synchronizing local and national data platforms, and enhancing social and environmental balance for biodiversity and supporting national sustainability goals.
The Department of Marine and Coastal Resources, under the Memorandum of Understanding (MoU) on Ocean for Life, aims to conserve, restore, and manage marine resources and biodiversity for ocean sustainability, as well as to promote public participation to enhance the quality of life and generate income for local communities in 17 provinces around the Gulf of Thailand where PTTEP operates. This cooperation covers a 10-year period, from 2020 to 2030, and extends until 2039 for mangrove forest conservation and restoration for carbon credits.

2. AI Adoption and Operational Risks in the Organization

Utilizing AI technology in organizations to enhance operational efficiency, while presenting new opportunities, may also introduce new risks that organizations are actively taking steps to address. This is particularly crucial in the oil and gas industry, characterized by its complexity and demand for high data accuracy. PTTEP acknowledges these risks and has implemented AI risk management to continuously monitor, establish preventive measures, respond to, and mitigate these risks as follows:

Timeframe: 3-10 years
Risk category: Technology.
Prioritization (Likelihood and Impact): Medium

Scenario and Impact to PTTEP:

Data Security Risks: Similar to general cyber threats, AI usage increases the possibility of novel cyberattacks, such as direct attacks on AI models (Model Poisoning, Adversarial Attacks) or the use of AI to attack other systems. PTTEP prioritizes the security of data used for AI training and the resulting AI output. Comprehensive preventive measures are in place, ranging from access control and data encryption to verifying the accuracy of data inputs to AI models. Around-the-clock cyber threat monitoring is conducted through the Cyber Security Operation Center (CSOC), connected to the Security Information and Event Management (SIEM) system.
Credibility and Accuracy Risks: AI can generate content that appears credible but is inaccurate, potentially leading to flawed decision-making. PTTEP emphasizes rigorous verification of the data used for AI training and the resulting outputs. The PTTEP AI Platform serves as the central platform for controlling and managing AI models, from data retrieval and training to monitoring and evaluating model quality. Guidelines for human–AI collaboration (Human Oversight) have also been established to ensure human involvement in verifying and validating AI results before practical application.
Data Privacy Risks: AI usage may involve processing personal data that is subject to laws and regulations. PTTEP has established a comprehensive Data Governance framework encompassing data access, quality control, and privacy protection to ensure that AI usage complies with all applicable regulations and laws.
Bias Risks: AI can learn and reflect biases present in training data, potentially leading to unfair outcomes. PTTEP is collaborating with consultants to develop policies and guidelines for ethical and responsible use of AI to mitigate bias-related risks and promote fairness in AI applications.
Human-AI Collaboration Risks: Collaboration between humans and AI can lead to misunderstandings or communication errors. PTTEP focuses on fostering understanding and developing necessary skills through training programs for working with AI. Clear roles and responsibilities have been defined for human-AI collaboration.
Operational Risks: Risks from inappropriate decisions based on incorrect AI recommendations can impact various operational processes. PTTEP therefore emphasizes the importance of Human Oversight, ensuring human involvement in reviewing and validating AI recommendations before implementation. Collaboration guidelines (Human Oversight) have been defined to ensure a significant human role in supervision and final decision-making.
Revenue Loss Risk: Incorrect AI decisions can lead to revenue or profit loss. PTTEP prioritizes careful evaluation of the impact of AI usage. AI models are tested and evaluated using simulated real-world data before deployment. Continuous monitoring and evaluation of AI performance are conducted on an ongoing basis through the PTTEP AI Platform.

Mitigation plan:

PTTEP has begun monitoring these AI-related risks to ensure the organization can effectively manage situations and respond to risks arising from AI usage.

Risk Culture

PTTEP is committed to embedding risk management as an integral part of its corporate culture by fostering risk awareness among all PTTEP personnel while encouraging constructive exchanges of perspectives and developing competencies through training courses and various activities. In this regard, management at all levels serves as leaders and role models in promoting the implementation of risk management as a corporate culture and supports employees in regularly reviewing and improving risk management by applying lessons learned and knowledge management for continual development of efficient and effective risk management. In addition, risk coordinators are assigned to each business unit and project, both domestically and internationally, to work in coordination with risk owners and risk management units to drive the implementation of risk assessment and management throughout the organization.

Throughout 2025, PTTEP has reinforced risk management as an important part of its corporate culture by fostering risk awareness across all employees. The Company organized activities to communicate the risk management culture under the concept “Know the Risk, Manage the Risk, Achieve your Goals,” aiming to ensure that risk management is not merely a policy or a decision-making tool, but a systematic practice involving cross-functional communication and shared learning to enhance effectiveness across all dimensions and levels of the organization. Communication was carried out through meetings with senior executives from all business groups, as well as managers and employees from the S1 Project, Petroleum Development Support Base (Songkhla), Sinphuhorm Project, and Thai Offshore Project.

Additionally, risk-related topics were shared through activities such as the “GRC Visit by Floor x Anti-Fraud and Anti-Corruption” activity, providing opportunities for executives and employees at headquarters to listen, exchange views, and learn best practices and precautions to prevent errors in corporate governance, risk management, and compliance within each business group.

Furthermore, PTTEP communicated key risk management concepts such as Risk Appetite, Look-Alike Risk, and Strategic Risk through live sessions, enabling employees to ask questions and share feedback.

Focused Risk Management Training and Capacity Building

All Levels

PTTEP has implemented training programs focused on risk management principles and risk assessment. For example, Risk Management Concept and Risk Register Training to Risk Coordinators, Risk Management Concept (Risk VS. Look Like Risk) Training to all staffs, Risk Management Workshop to Malaysia asset relevant management and working team, etc.

On one hand, PTTEP also ties financial incentives to risk management goals to build a strong culture of risk awareness among senior, line managers or relevant personnel. We set specific key performance indicators (KPIs) such as related completion of SSHE plans, deployment of GRC (Governance, Risk management and Compliance) plans that directly impact pay and evaluations. This creates a unified culture focused on risk awareness and continuous improvement

Board Level

Furthermore, our non-executive directors possess experience in Enterprise Risk Management, and we conduct regular risk management education sessions for them. These sessions are designed to enhance their understanding and expertise in enterprise risk management.

Regular Risk Management Education for Directors

Risk Management	List of Directors Attended
Specific training Summary of PTTEP’s 40 Years of Exploration Journey	13 non-executive directors attended. (9 of them are independent director)

Risk Management

List of Directors Attended

Specific training

Summary of PTTEP’s 40 Years of Exploration Journey

13 non-executive directors attended. (9 of them are independent director)

Business Continuity Management (BCM)

PTTEP has developed a Business Continuity Management System (BCMS) which is part of the enterprise risk management. A business continuity framework and the Business Continuity Management Policy have been issued in accordance with the international standard for business continuity management ISO 22301:2019 with the following objectives:

1 To build the organization’s capability to be resilient and develop a Business Continuity Plan (BCP) to prepare the Company to operate under emergency or crisis situations.
2 To protect our people, organization, brand and reputation, the interests of our stakeholders and the wider community.
3 To mitigate the risks of disruptive incidents, ensure mitigation, strategy & solution in accordance with PTTEP policies.
4 To minimize risks of non-compliance with government regulations and laws including any contract or agreement with our partners, customers, suppliers and contractors.
5 To continuously improve the organization’s business continuity capabilities.

The Business Continuity Plan (BCP) is regularly reviewed and exercised to ensure relevance and that those involved are able to apply the plan in an accurate and timely manner.

PTTEP has developed a Business Continuity Management System (BCMS) which is part of the enterprise risk management. A business continuity framework has been developed in accordance with the international standard for business continuity management ISO 22301:2019 to build the organization’s capability to be resilient and to develop a Business Continuity Plan (BCP) to prepare the Company to operate under emergency or crisis situations. The Business Continuity Plan (BCP) is regularly reviewed and exercised to ensure relevance and that those involved are able to apply the plan in an accurate and timely manner. Since 2023, PTTEP has strengthened our BCMS by centralizing it through the establishment of PTTEP ONE BCMS, which is certified by the British Standards Institution (BSI). In 2024, we began leveraging the BCMS Digital Platform to further enhance our business continuity management capabilities.