PTG has established a corporate risk management policy as a guideline for Company's directors, executives, and employees at all levels to follow and participate in the implementation of standard risk management along with the organizational strategy formulation process. It defines risk management as a duty of directors, executives and employees at all levels as they all need to be aware of risks involved in their work. The principles and processes of risk management should be applied as part of their work to enhance opportunities and reduce uncertainties in the overall performance of the organization.

PTG requires enterprise risk management in accordance with the risk management framework COSO-ERM 2017 be in place. The company has reviewed, developed, and improved the corporate risk management process on a yearly basis in order to respond to the changing business environment. The Company has identified and assessed risks in the organizational context and various factors that shall affect the organization, especially in the ESG aspects,preparing Key Risk Indicators (KRIs), including monitoring, and reporting on risk management results to the Risk Management Committee and those related. It is to ensure that risk management shall be efficient and optimized and enable the Company to operate its business uninterruptedly under potential changes. The Company has identified corporate risks, categorized by sustainability dimensions, as follows:

The company is dedicated to fostering and promoting a culture of risk management by continuously educating the board of directors, executives, and employees on risk management processes and strategies. It regularly creates and distributes educational materials on risk management and various risk factors to employees at all levels to enhance their understanding. Additionally, updates on the current risk landscape are shared with executives to keep them informed. Risk management topics are also incorporated into the new employee orientation program, ensuring that employees gain an understanding of risk management from the very beginning of their tenure with the company.

The risk management task force, consisting of representatives from various departments, works closely with the risk management team to implement and communicate risk management policies and processes across the organization. This ensures that these policies are effectively integrated into the operations of each department. The task force also oversees the compliance process, ensuring that departments identify, analyze, assess, and manage risks, while continuously monitoring and reporting on risk management outcomes. This approach helps raise awareness of potential risks in daily operations and fosters a culture where employees at all levels recognize the importance of risk management. By encouraging active participation, the organization aims to integrate risk management into its core activities, creating added value for the organization and its stakeholders.

In 2024, a risk management training program was conducted to enhance the understanding of integrating risk management practices into the organization’s operations. This training targeted the Board of Directors (including non-executive directors) and senior management. Furthermore, the risk management department organized its annual training session to provide employees and the risk management task force with knowledge about internal risk management. The training aimed to foster understanding of risk management within the organization. The effectiveness of the training was assessed through a risk awareness evaluation, which yielded a score of 89.46%.

To manage enterprise risk, PTG has established Key Risk Indicators (KRIs) to monitor and evaluate enterprise risk management results. The KRIs include both financial and non-financial indicators. In terms of financial KRIs, most of them are consistent with the indicators used to assess corporate performance, which will also be applied to the executives of all levels. Therefore, the financial KRIs are in line with financial incentives that drive everyone in the organization toward the focus on risk management and achieve the goals set. In this regard, for enterprise risk management, risk reduction targets will be set according to the metrics used to assess the risk level. The results of the risk management measures applied are monitored quarterly, or whenever there are significant changes to ensure that the risk management is effective and efficient, and in line with the organization's strategies and goals, both financial and non-financial.

evaluating investment opportunities across various projects, the company incorporates risk management as a critical criterion in the decision-making process. This involves analyzing, identifying, and assessing potential risks associated with each investment, along with developing comprehensive risk management plans for each project. The results of these risk assessments are presented to management, the Investment Committee, the Board of Directors, and the Executive Committee to guide their decisions on investment projects. Furthermore, when developing new processes or products, management and the relevant committees conduct thorough risk evaluations to inform their decision-making.