Risk and Crisis Management

Importance And Mission

PTTEP attaches great importance to Risk Management which is part of the Company’s main components of Governance, Risk Management, and Compliance (GRC) under the Sustainability Framework to ensure the achievement of our vision, mission, strategy, and business objectives as well as to respond appropriately to stakeholders’ expectations. The main aim is to promote sustainable growth and create short-term and long-term value for stakeholders. Therefore, risk management framework and policy have been established to ensure that the Company adopts good risk governance and risk management policy that all members of the management and employees must adhere to.

GOALS

100% High-impact Risk Identification with Effective Mitigation. This goal was approved by the Board Level.

Management Approach

Risk Governance

Having effective and efficient risk management as its commitment, the Board of Directors approved the Risk Governance Framework to define oversight responsibilities and authorities that demonstrate strong coordination, collaboration and communication among the board level, the management and business unit level for managing all aspects of risk in accordance with PTTEP’s policies effectively. In addition, the Board of Directors also approves the Risk Appetite Statement to be used as a framework for all PTTEP business operations and seeking business opportunities with acceptable risks. Ultimately, PTTEP intends to ensure that key risks, especially risks with high impact to corporate level (Corporate Risk), and emerging risks are well managed to prevent the arising of negative surprises, to reduce potential losses, and to minimize recurrence risks.

PTTEP establishes its Enterprise Risk Management Policy and Framework approved by the Board Level Risk Management Committee that emphasize proactive risk management practices and a strong risk culture and establishes systematic Risk Management Process that is aligned with international standard ISO 31000:2018. In addition, the frameworks of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management – Integrating with Strategy and Performance (COSO ERM 2017) and COSO Enterprise Risk Management – Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks (COSO ESG 2018) have been applied to enhance integration of enterprise risk management, strategic planning, and ESG-related risk management. PTTEP management and employees at all levels have responsibility with regard to effective risk management and promoting comprehensive risk management to contractors, suppliers, and business partners, to assure the achievement of PTTEP’s vision, mission, strategy and business objectives.

Enterprise Risk Management Framework

Our risk management process is developed based on ISO Standard 31000:2018. and consists of 6 key steps as shown below. The process are scalable – It can be applied at most levels within an organization.

PTTEP aims to integrate risk management into its business activities and decision-making which cover core business activities including products and services of PTTEP such as strategic planning management, investment and divestment decision-making, capital project management, operations and business process management including business continuity management, and ESG management. In addition, the Company implements risk management both in the corporate level and operational level to ensure that all key risks are managed in accordance with risk appetite, allocates necessary resources for managing risk in proportion to the level of risk and cost benefit consideration, and monitors the progress of risk mitigation plans together with Key Risk Indicators (KRIs) which serve as a tool for early warning for timely executing prevention activities and properly setting up additional mitigation measures.

Risk Management Process

1. Scope, Context, Criteria

PTTEP provides a foundation for understanding how risks may impact our operations and guides subsequent risk management activities. Establishing the scope, the context and criteria is the process to define the objectives and understand the external and internal business context. A common understanding of these points is the key to success in risk management.

2. Risk Assessment

PTTEP conducts comprehensive risk assessments covering Strategic & Portfolio Risks, Financial & Market Risks, Political and Legal/Regulatory Risks, Operational Risks, and Emerging Risks. We evaluate the levels of identified risks using criteria based on impact and likelihood:

Risk Rating Scale

PTTEP establishes common rating scales for two dimensions which are impact and likelihood to align understandings among relevant parties regarding how to measure as per the rating scales.

Likelihood criteria : Llikelihood of some kind of risks is rated based on comparable occurrence to normal situation or experiences of risk owner. The degree of likelihood is subjective and possibly not in line with frequency probability but make sense in term of risk management. The 5-rating scale below provide brief criteria scale of likelihood.
- Almost certain (5) : Event has occurred frequently in E&P industry OR occurred more than once per year at the same location OR is expected to occur in PTTEP.
- Likely (4) : Event has occurred several times per year in the E&P industry OR more than once per year in PTTEP OR occurred at the same location OR is likely to occur in PTTEP
- Possible (3) : Event has occurred several times in the E&P industry OR occurred once in PTTEP OR may occur in PTTEP
- Unlikely (2) : Event has occurred few times in the E&P industry OR is unlikely to occur in PTTEP
- Rare (1) : Event occurrence is remote and/ or never heard of in the E&P industry
Impact category : PTTEP identifies 7 key categories of impact with 5-point rating scale to examine a level of severity. Impact is categorized as 1) Net Income/Net Present Value/Expected Monetary Value 2) People 3) Property damage 4) Project cost & schedule 5) Legal and compliance 6) Environment and 7) Image and reputation.

3. Risk Treatment

The process of risk treatment is developed to Take, Treat, Transfer and Terminate, in line with our risk appetite and tolerance levels.

4. Monitoring and Review

PTTEP continues monitoring risks and mitigation measures which are integral to our risk management process, ensuring that we remain vigilant to changing circumstances and adapt our strategies accordingly. In addition, we also review the risk exposure at least on a quarterly basis. This emphasis on agility allows PTTEP to promptly adjust its responses to incorporate newly identified risks with significant impacts, ensuring we are well-prepared to address risk in a timely, reasonable, and efficient manner.

Moreover, PTTEP conducts both internal audit and external assessment. From the last two years, Internal audit focused on Risk Management Process. In addition, PTTEP engaged independent expert to conduct ERM Maturity Assessment in line several global standards, including ISO31000 and COSO. The scope of the assessment covers Governance & Framework, Process, Culture, and Special Topics such as 3rd-party & partnership risk management. Risk Management Tool and Software and Business Continuity Management The maturity assessment results mostly range from Level 3 (Established) to Level 4 (Embedded).

5. Communication and Consultation

PTTEP ensures all employees are informed, engaged, and empowered to contribute to the success of the risk management program.

6. Recording and reporting

The risk management process and its outcomes shall be documented and reported through risk register tool and system. Risk report supports management and committee in meeting their responsibilities by ensuring that concerned parties can make decision, manage risks effectively and efficiently. Handling the sensitive risk information should be taken into account, but not be limited to their use.

Risk Management Structure

To ensure all key risks are thoroughly and completely identified and effectively managed in accordance with the Three Lines Model, the risk management unit advises and works with the First Line Roles, which carry out their duties and concurrently manage risks as risk owners. The risk management unit also coordinates with other functions especially the Second Line Roles, which support risk management assistance in their own areas of expertise. One of them is a compliance unit which shall monitor regulatory changes that may cause new risks or change risk levels. The internal audit unit, in accordance with the Third Line Roles which is made up of audit functional unit and external auditors, is responsible for independently auditing the overall performance of various management systems under the First and Second Line Roles. This includes ensuring effective and efficient implementation of risk management and providing recommendations for continuous improvement. Furthermore, the risk management unit and the internal audit unit shall exchange information to ensure that key risks are identified and managed continually.

Corporate Risk and Emerging Risk

In the process of Corporate Risk identification and assessment, PTTEP considers both internal and external contexts that affect the achievement of the Company’s objectives and strategies and may cause risks with high impact at the corporate level, such as significant global events, audit findings, and Risk Management Committee and management concerns. Meanwhile, key risks that are identified and assessed by risk owners will be simultaneously considered to escalate with corporate criteria. All Corporate Risks will be consolidated to formulate our Corporate Risk Profile (CRP) for monitoring and reporting to the management, Management Committee (MC) and Risk Management Committee (RMC). If there is any significant change, it will be promptly alerted to all relevant committees for managing risks in a timely manner.

PTTEP has successfully implemented and benefited from the web-based Risk Register System (RR System). The system enables risk owners to quickly identify and analyze risks and enhance risk information communication throughout the organization. It also helps the Company to easily consolidate and escalate key risks to Corporate Risks and allows all relevant parties to monitor the risk management anywhere and anytime promptly and conveniently. In addition, PTTEP continues to strive for more efficient and faster risk management including developing a Chat Bot to suggest risks and to search for complete risk information leads to manage risks that may arise as a problem and thus will affect the organization's goals.

In 2023, we leveraged a risk matrix to assess key threats to our organization. This matrix considered both the likelihood of a risk occurring and the potential impact it could have. Based on this analysis, we identified mitigation actions to ensure each risk falls within our acceptable risk tolerance level. Furthermore, this example demonstrates our ongoing commitment to proactive risk management through this cyclical process.

Key Risk and Prioritization	Description	Risk Appetite & Tolerance	Risk Mitigating Actions (Current Control)
Strategic & Portfolio Risks: New Investment Risks Prioritization (Likelihood and Impact): HIGH	PTTEP aims to maintain reserves-to-production ratio by seeking new business opportunities with strategic partners. Core areas include Thailand, Myanmar and Malaysia and the Middle East, considering factors like petroleum potential, project characteristics, political stability, and economic conditions.	PTTEP accepts investment risks in oil and gas exploration, recognizing them as part of our core business. We also invest in businesses aligned with our strategies, balancing risks with potential returns and benefits for stakeholders. The example of Risk metrics and Limits aligned with Risk Appetite are set. Unconventional project M&A of producing asset Country risk	PTTEP establishes a risk management process, consults with experts, conducts due diligence, monitors situational changes, considers regulatory requirements and counterparty risks, and integrates risks into investment analysis. Projects are screened by the Investment and Management Committees before Risk Management Committee endorsement and Board approval.
Operational Risk: Exploration Risks Prioritization (Likelihood and Impact): HIGH	Exploring new petroleum sources is vital to PTTEP's growth. Risks include geological risks and resource volume uncertainty. Key factors affecting decisions are success chances, resource estimation, costs, and contract terms.	PTTEP accepts investment risks in oil and gas exploration, recognizing them as part of our core business. We also invest in businesses aligned with our strategies, balancing risks with potential returns and benefits for stakeholders. The example of Risk metrics and Limits aligned with Risk Appetite are set. Exploration activity Country risk	PTTEP evaluates exploration areas, conducts geological studies, seismic acquisition, and well appraisals. The Geosciences, Subsurface, and Exploration Group manages strategy and budget, reviewed annually. Exploration studies are reviewed by the Technical Assurance Committee. PTTEP diversifies investment and partners with experts.

Key Risk and Prioritization

Description

Risk Appetite & Tolerance

Risk Mitigating Actions (Current Control)

Strategic & Portfolio Risks: New Investment Risks

Prioritization (Likelihood and Impact): HIGH

PTTEP aims to maintain reserves-to-production ratio by seeking new business opportunities with strategic partners. Core areas include Thailand, Myanmar and Malaysia and the Middle East, considering factors like petroleum potential, project characteristics, political stability, and economic conditions.

PTTEP accepts investment risks in oil and gas exploration, recognizing them as part of our core business. We also invest in businesses aligned with our strategies, balancing risks with potential returns and benefits for stakeholders. The example of Risk metrics and Limits aligned with Risk Appetite are set.

Unconventional project
M&A of producing asset
Country risk

PTTEP establishes a risk management process, consults with experts, conducts due diligence, monitors situational changes, considers regulatory requirements and counterparty risks, and integrates risks into investment analysis. Projects are screened by the Investment and Management Committees before Risk Management Committee endorsement and Board approval.

Operational Risk: Exploration Risks

Prioritization (Likelihood and Impact): HIGH

Exploring new petroleum sources is vital to PTTEP's growth. Risks include geological risks and resource volume uncertainty. Key factors affecting decisions are success chances, resource estimation, costs, and contract terms.

Exploration activity
Country risk

PTTEP evaluates exploration areas, conducts geological studies, seismic acquisition, and well appraisals. The Geosciences, Subsurface, and Exploration Group manages strategy and budget, reviewed annually. Exploration studies are reviewed by the Technical Assurance Committee. PTTEP diversifies investment and partners with experts.

With the current situations, such as changes in business environment and advanced technology as well as the rising of stakeholder expectations regarding the Company’s regulations compliance and more intensive environmental impact mitigation measures, PTTEP, therefore, keeps monitoring situations and assessing emerging risks that may affect the Company’s business operations in the future and report to the management and relevant committees in order to follow up and update risk mitigation plans as well as to adjust corporate strategy efficiently. These would also enhance our competitiveness and create an opportunity to continue our business with sustainable growth.

Based on the enterprise risk factors, PTTEP has identified emerging risks. Hence, the prioritization of these emerging risks is based on the existing risk factors. Currently, PTTEP has identified and keeps monitoring emerging risks as follows.

1. Risks from Rapid Changes of Low-Carbon Technologies and Global Needs for Renewable Energy to Replace Fossil Fuels (Natural Resource Shortage)

A shortage of natural resources, particularly oil and gas, could limit PTTEP’s ability to meet production targets, affecting profitability. Increased competition for resources might also lead to higher costs. Both scenarios illustrate different challenges and opportunities for PTTEP. The first scenario necessitates a rapid and adaptive response to shifting energy markets, while the second offers a more gradual approach but with the risk of delayed adaptation to inevitable global energy transitions.

Timeframe: 3-10 years
Risk category: Strategy / Environmental
Prioritization (Likelihood and Impact): HIGH

Scenario and Impact to PTTEP:

Scenario: Peak Oil and Gas - A Shift to Renewables

This scenario involves a quick transition from fossil fuels to renewable energy. The International Energy Agency (IEA) predicts that global oil demand could peak by the end of this decade as the world adopts more renewable energy sources. By 2030, nearly half of the world's electricity is expected to come from wind and solar power, and electric cars will become much more common. For PTTEP, this trend introduces risks due to uncertainties in oil and gas demand and supply. Environmental policies and global political issues could create revenue unpredictability, making it important for PTTEP to adjust production strategies for profitability.
Scenario: Technological Advancements and Slower Depletion

In this scenario, technological advancements will slow down the depletion of oil and gas resources. New technologies can make it easier to extract hard-to-reach resources like shale oil and gas, potentially delaying the decline in global oil demand for decades. For PTTEP, this offers an opportunity to secure more reserves and meet production goals. However, extending reliance on fossil fuels may slow down renewable energy adoption and affect PTTEP's ability to adapt.

Mitigating Actions:

Diversification of Energy Sources: Expanding into renewable energy projects, such as wind, to reduce dependence on traditional hydrocarbons. Additionally, PTTEP is increasing natural gas production as a cleaner alternative to other fossil fuels, aligning with energy security during the transition to renewables. Furthermore, PTTEP is investing in new environmentally friendly energy businesses and technologies.
Efficiency Improvements: Implementing initiatives to improve operational efficiency and resource utilization, such as advanced production optimization and asset performance management.
Strategic Reserves Management: Managing reserves effectively to ensure long-term sustainability and mitigate the risks associated with resource depletion.

2. Physical Risks and Risks from Changes in Laws, Regulations, and International Standards Related to Climate Change (Critical Change to Earth System)

Changes to Earth System can directly impact the frequency and severity of natural disasters like storms, flooding, and temperature extremes. Many associations worldwide reflect concerns over how shifts in climate can affect business operations due to increased physical and operational disruptions. For the Critical Change to Earth Systems, the potential impact on PTTEP can vary significantly depending on whether the transition to manage these changes is rapid or slow.

Additionally, Climate change continues to be an issue of global importance, as evidenced by the Conference of States Parties to the United Nations Framework Convention on Climate Change (UNFCCC) where every sector contributes to driving efforts to achieve the goal of keeping the global average temperature at a level not to exceed 1.5-2.0 degrees Celsius. Conference of the Parties (COP) is held annually to follow up and seek mutual agreement on climate action. Thailand has announced its intention to upgrade its climate solutions to achieve carbon neutrality by 2030 and the target of Net Zero Greenhouse Gas Emissions by 2065. The energy sector is one of the key businesses that play an important role in driving the country towards this goal. Moreover, the investors and financial institutions have also taken into consideration the climate change factors and relevant risk management as one of the key factors for investment/lending decision, especially to petroleum exploration and production business, which has high impact to the environment.

PTTEP realizes the risks arising from applicable government policies and regulations to control GHG emissions that may affect PTTEP business operations under the announcement of the intention of Thailand’s net zero GHG emissions target, including in other countries where PTTEP has business operations such as the Climate Change Act, the National Greenhouse Gas Inventories, the carbon tax mechanism, which includes the introduction of a carbon tax as a tool to set up trade barriers through Carbon Border Adjustment Mechanism (CBAM). In addition, PTTEP considers risks arising from standards or operational manuals defined by international standards institute to achieve net zero greenhouse gas emissions related to the energy sector business such as ISO and Science Based Targets initiative (SBTi). These could affect the enforcement of greenhouse gas emission reductions between the year and the target year 2050 and also offset greenhouse gas emissions with specific types of carbon credits, all of which may affect the Company’s operations.

Timeframe: 3-10 years
Risk category: Environmental
Prioritization (Likelihood and Impact): MEDIUM

Scenario and Impact to PTTEP:

Scenario: Rapid Transition

This scenario addresses abrupt and severe climate changes that could occur within the next five years. Scientists warn that Earth might reach critical climate thresholds soon, leading to irreversible effects if global temperatures rise by 1.5oC above pre-industrial levels. This could trigger the rapid melting of ice sheets, significant sea level rises, and altered weather patterns, increasing the frequency and severity of extreme weather events such as heatwaves and heavy rainfall.
Scenario: Slow Transition

This scenario reflects gradual but persistent shifts in the climate system due to ongoing human activities and greenhouse gas emissions. Over the next decade, a continued increase in global temperatures is expected including more pronounced sea level rise, and further loss of Arctic Sea ice. These changes will likely exacerbate existing climate trends, leading to longer and more severe droughts, shifts in monsoon patterns, and widespread disruptions to ecosystems.

Mitigating Actions:

Infrastructure Resilience: Mitigating the risks posed by extreme weather events through a combination of immediate actions and proactive strategies and technological investments. These include adjusting working hours, gear, and breaks for heatwaves; monitoring equipment and enhancing cyclone response plans; improving flood barriers and drainage; and integrating climate risk assessments into enterprise management.
Low Carbon Portfolio Development: Adopting GHG Criteria for Investment Decision Guidelines to minimize greenhouse gas emissions and achieve net-zero targets.
Emission Reduction Initiatives: Implementing projects aimed at reducing greenhouse gas emissions, such as the Carbon Capture and Storage (CCS) project. PTTEP is also investing in advanced R&D in emission reduction technologies such as low flare recovery and exploring direct air capture (DAC) technology.
Offsetting Strategy: Set offsetting strategy for net zero greenhouse gas emissions by obtaining long-term carbon credits. This is to ensure that the Company can achieve its net zero greenhouse gas emissions target. It focuses on generating carbon credits from the Nature-Based Solution projects and the Carbon Removal Type projects, specifying that the amount of carbon credits to be used to compensate for greenhouse gas emissions must not exceed 10 percent of the greenhouse gas amount of the (Business as usual: BAU) and discloses the Company’s greenhouse gas inventory transparently and accurately in accordance with international standards.

Risk Culture

As PTTEP focuses on building a strong risk culture to strengthen risk management in the organization and ensure its sustainability, risk awareness is fostered among all PTTEP personnel together with competency development via training courses and various activities. The management at all levels are committed to serving as leaders and role models, as well as promoting the implementation of risk management as a corporate culture. In addition, the management also supports employees on regular reviews and improvement of risk management by applying lessons learned and knowledge management for continual development of efficient and effective risk management. The risk coordinators are assigned to each business unit and project both in domestic and international areas to work in coordination between risk owners and risk management units to drive the implementation of risk assessment and management throughout the organization.

In 2023, PTTEP continued its communication campaigns to build an understanding of risk management and business continuity management for all employees in the organization throughout the year through training courses, workshops both in domestic and international operating areas, and various online media channels, such as the series of the podcast “Low-Risk High Return”, poster and E-Learning, etc., together with live broadcast channels to share important information on issues ranging from natural disasters like earthquakes to area and country-specific issues such as the background of the Palestine-Israeli war, and Mozambique from past to present, etc., to increase employees’ awareness of the up-to-date important global issues that may be the cause of risks to the Company and themselves.

Focused Risk Management Training and Capacity Building

All Levels

PTTEP has implemented training programs focused on risk management principles and risk assessment. For example, Risk Management Concept and Risk Register Training to Risk Coordinators, Risk Management Concept (Risk VS. Look Like Risk) Training to all staffs, Risk Management Workshop to Malaysia asset relevant management and working team, etc.

On one hand, PTTEP also ties financial incentives to risk management goals to build a strong culture of risk awareness among senior, line managers or relevant personnel. We set specific key performance indicators (KPIs) such as related completion of SSHE plans, deployment of GRC (Governance, Risk management and Compliance) plans that directly impact pay and evaluations. This creates a unified culture focused on risk awareness and continuous improvement

Board Level

Furthermore, our non-executive directors possess experience in Enterprise Risk Management, and we conduct regular risk management education sessions for them. These sessions are designed to enhance their understanding and expertise in enterprise risk management.

Regular Risk Management Education for Directors

Risk Management	List of Directors Attended
Risk training during board level risk management committee orientation comprising general risk management process RMC Charter – Duties & Responsibilities and Authorities Risk Management Document e.g. Risk Appetite Statement, Corporate Level Risk Metrics & Limits, Risk Governance Framework, Enterprise Risk Management Policy Risk Management for PTTEP Core Business Area Corporate Risk Profile Oil Price Hedging overview	All non-executive, executive and independent directors are required to attend. In 2023: 2 non-executive directors attended. (1 of them is independent director)
Specific training The risk management topic: the future of fraud and red flags	8 non-executive directors attended. (7 of them are independent director) 1 Executive director attended.

Risk Management

List of Directors Attended

Risk training during board level risk management committee orientation comprising general risk management process

RMC Charter – Duties & Responsibilities and Authorities
Risk Management Document e.g. Risk Appetite Statement, Corporate Level Risk Metrics & Limits, Risk Governance Framework, Enterprise Risk Management Policy
Risk Management for PTTEP Core Business Area
Corporate Risk Profile
Oil Price Hedging overview

All non-executive, executive and independent directors are required to attend. In 2023:

2 non-executive directors attended. (1 of them is independent director)

Specific training

The risk management topic: the future of fraud and red flags

8 non-executive directors attended. (7 of them are independent director)
1 Executive director attended.

Business Continuity Management (BCM)

PTTEP has developed a Business Continuity Management System (BCMS) which is part of the enterprise risk management. A business continuity framework and the Business Continuity Management Policy have been issued in accordance with the international standard for business continuity management ISO 22301:2019 with the following objectives:

1 To build the organization’s capability to be resilient and develop a Business Continuity Plan (BCP) to prepare the Company to operate under emergency or crisis situations.
2 To protect our people, organization, brand and reputation, the interests of our stakeholders and the wider community.
3 To mitigate the risks of disruptive incidents, ensure mitigation, strategy & solution in accordance with PTTEP policies.
4 To minimize risks of non-compliance with government regulations and laws including any contract or agreement with our partners, customers, suppliers and contractors.
5 To continuously improve the organization’s business continuity capabilities.

The Business Continuity Plan (BCP) is regularly reviewed and exercised to ensure relevance and that those involved are able to apply the plan in an accurate and timely manner.

In 2023, PTTEP enhanced its BCMS to be more centralized by establishing PTTEP ONE BCMS, by consolidating standards that have been certified by the British Standards Institution (BSI) which constitutes an international standard for business continuity management. Five ISO 22301 Certifications are those for PTTEP Headquarters, Petroleum Development Support Base (Songkhla Branch), Zawtika Production Operations and Business Support (Myanmar), S1 Project and the Malaysia Asset. They were combined into ONE Certification. This initiative enhances efficiency in the coordination of management, planning, and operations, ensuring alignment and cohesive direction. It also strengthens interconnections among business units that require support during crises.