Corporate Governance
Structure of Internal Control System
The Group has had its internal control system developed and gradually perfected. Principally, the internal control system is composed of three lines of defense under the following model:
First line of defense
Executive levels at the Parent Company and its member units are Petrolimex’s first line of defense. Management All processes and operations shall observe the internal control principles and the legal provisions to minimize errors arising from daily operations.
Second line of defense
These are Petrolimex’s control on finance, quality management, process supervision, operations, and risk management.
Third line of defense
Refers to the Internal Audit Division. The Internal Audit Division provides independent assessments of the first and second lines of defense to assist the Board of Management and Board of General Directors in the design and the effectiveness of the Internal Control System for better corporate governance.
Structure of
Risk management system
Board of Management
The BOM takes the ultimate responsibility for the orientation and supervision of all risk management activities.
Risk Management Department
The Risk Management Department assists the BOM and together takes responsibility for supervising risk management activities across the Group in accordance with the policies and risk appetite.
General Director
The General Director takes the ultimate responsibility for the Group’s risk management, including giving direction to his management activities.
Deputy General Director in charge of risk management
The Deputy General Director in charge of risk management takes responsibility for the orientation of developing and performing risk management activities across the Group.
Risk Management Division
The Risk Management Division is responsible for developing and implementing risk management activities among the entire risk management department.
Audit Department
The Audit Department is responsible for independently evaluating the effectiveness of risk management processes and activities, timely providing independent assessments to the BOM on the effectiveness of risk management and control.
