Risk Management
The Company implements the “9-AA-05 Risk Evaluation Procedure”. Annually we conduct discussions based on changes in the macro-environment (e.g., considering resources such as the Horizon Scan Report and Global Risks Report, etc.), select priority issues, and decide on appropriate responses. Each plant also carries out risk assessments and adopts preventative measures in accordance with various management systems (ISO 9001, IATF 16949, ISO 14001, ISO 45001, ISO 22301, TIPS, GMP, etc.).
To adequately address risks from pandemics and climate change, we aim to achieve organizational resilience within risk management objectives. We include human resource management, information security management, supply chain management, and operational continuity of critical business activities into the scope of assessments to ensure that the Company has proper risk management mechanisms to maintain operations.
▍Risk Management Committee and Decision-Making Management Levels
The Company’s Risk Management Committee is chaired by the Chairman of the Board and its members include the General Manager and heads of departments such as Production and Finance.
The responsibilities of the Risk Management Committee are as follows:
- Review risk management policies, procedures, and frameworks, and regularly assess their suitability and effectiveness of implementation.
- Approve risk appetite (risk tolerance) and guide resource allocation.
- Ensure that the risk management mechanisms are capable of adequately addressing the risks faced by the Company and integrate them into daily operating processes.
- Approve the priorities and levels of risk control.
- Review the execution of risk management, make necessary suggestions for improvement, and report to the board of directors regularly (at least annually).
Implement the risk management decisions of the board of directors.
▍Risk impact assessment and identification
The Company refers to the COSO framework “Enterprise Risk Management—Integrating with Strategy and Performance,” particularly its application to environmental, social, and governance (ESG) risks. We categorize enterprise risks into five major types.
After assessing the impact of various risks, we have more detailed management strategies of operational risks, including responses to climate risks within environmental risks. For more details on our approach to climate change—both mitigation and adaptation—please refer “Climate Action: Mitigation and Adaptation.” This chapter will also describe our management practices for handling operational risks.
▍2023 Implementation Results
ESG Risk
2022
2023
to be announced in December 2024
Supply Chain Management
2022
2023
Information and communication management
monthly availability rate of critical information systems and network services
2022
monthly availability rate of critical information systems and network services
2023
monthly availability rate of critical information systems and network services
BCM
2022
2023
Human resources management
2022
2023
▍Risk Management Process
The Company has formulated the “Risk Management Process” based on “ISO 31000:2018 Risk Management – Guidelines”, “Best Practice Principles on Risk Management for TWSE/TPEx Listed Companies”, and “Enterprise Risk Management: Integrating”. We categorize risks into five major types: strategic risk, compliance risk, financial risk, operational risk and other risks. Each responsible unit shall conduct assessments (including risk identification, risk analysis and risk assessment), report and implement response/preventive measures within its business scope in accordance with the risk management process detailed in the “Risk Management Process” to mitigate the impact of potential risks.