Risk Management

The Company implements the “Risk Management Practice Principles”. Annually we conduct discussions based on changes in the macro-environment (e.g., considering resources such as the Horizon Scan Report and Global Risks Report, etc.), select priority issues, and decide on appropriate responses. Each plant also carries out risk assessments and adopts preventative measures in accordance with various management systems (ISO 9001, IATF 16949, ISO 14001, ISO 45001, ISO 22301, ISO27001, ISO50001, TIPS, GMP, etc.).

In order to properly respond to the impact of climate change and various internal and external risks, we aim to achieve organizational resilience within risk management objectives. We include human resource management, information security management, supply chain management, and operational continuity of critical business activities into the scope of assessments to ensure that the Company has proper risk management mechanisms to maintain operations.

Risk Management Policy

Risk Management Committee and Decision-Making Management Levels

The Company has set up a Risk management committee affiliated with the Board of Directors to supervise the operation mechanism related to risk management. The number of members of this committee shall not be less than three, and more than half of the members shall be independent directors. The independent directors shall elect one person from each other to serve as the chairman. The Risk Management Committee is responsible to the Board of Directors and submits proposed proposals to the Board of Directors for resolution. The responsibilities of the Risk Management Committee are as follows:

  • Review risk management policies, procedures, and frameworks, and regularly assess their suitability and effectiveness of implementation.
  • Approve risk appetite (risk tolerance) and guide resource allocation.
  • Ensure that the risk management mechanisms are capable of adequately addressing the risks faced by the Company and integrate them into daily operating processes.
  • Approve the priorities and levels of risk control.
  • Review the execution of risk management, make necessary suggestions for improvement, and report to the board of directors regularly (at least annually).
  • Implement the risk management decisions of the board of directors.

Risk ​​Management Office

The company has set up the Risk Management Office. The general manager convenes the heads of production, finance and other departments to participate in operations. It is responsible for planning, executing and supervising risk management related matters, and reporting to the Risk Management Committee. The responsibilities of the Risk Management Office are as follows:

  1. Develop risk management policies, procedures and structures.
  2. Formulate risk appetite and establish qualitative and quantitative measurement standards.
  3. Analyze and identify the sources and categories of company risks, and regularly review their applicability.
  4. Compile and submit company risk management execution reports regularly (at least once a year).
  5. Assist and supervise the execution of risk management activities of various departments.
  6. Coordinate cross-departmental interaction and communication for risk management operations.
  7. Implement the risk management decisions of the Risk Management Committee.
  8. Plan risk management-related training to enhance overall risk awareness and culture.

Risk impact assessment and identification

The Company refers to the COSO framework “Enterprise Risk Management—Integrating with Strategy and Performance,” particularly its application to environmental, social, and governance (ESG) risks. We categorize enterprise risks into five major types.

After assessing the impact of various risks, we have more detailed management strategies of operational risks, including responses to climate risks within environmental risks. For more details on our approach to climate change—both mitigation and adaptation—please refer “Climate Action: Mitigation and Adaptation.” This chapter will also describe our management practices for handling operational risks.

2023 Implementation Results

ESG Risk

0 points

2022

0 points

2023

to be announced in December 2024

Supply Chain Management

0%
Delivery Accuracy
0%
Med/High- Risk Suppliers

2022

0%
Delivery Accuracy
0%
Med/High- Risk Suppliers

2023

0%
Delivery Accuracy
0%
Med/High- Risk Suppliers

Information and communication management

0%

monthly availability rate of critical information systems and network services

2022

0%

monthly availability rate of critical information systems and network services

2023

0%

monthly availability rate of critical information systems and network services

BCM

0
Number of Improvements for Med/High- Risk Events

2022

0
Number of Improvements for Med/High- Risk Events

2023

0
Number of Improvements for Med/High- Risk Events

Human resources management

0%
Annual turnover rate

2022

0%
Annual turnover rate

2023

0%
Annual turnover rate

Risk Management Process

The Company has formulated the “Risk Management Practice Principles” based on “ISO 31000:2018 Risk Management – Guidelines”, “Best Practice Principles on Risk Management for TWSE/TPEx Listed Companies”, and “Enterprise Risk Management: Integrating”. We categorize risks into five major types: strategic risk, compliance risk, financial risk, operational risk and other risks. Each responsible unit shall conduct assessments (including risk identification, risk analysis and risk assessment), report and implement response/preventive measures within its business scope in accordance with the risk management process detailed in the “Risk Management Practice Principles” to mitigate the impact of potential risks.

1

Information Gathering

Collect information about changes in the internal and external environment.

2

Risk Identification

Recognize sources of risk and their relevance to the Company.

3

Risk Assessment

Risk Evaluation: Assess the probability and severity of occurrence.
Risk Measurement: Determine the level of the risk.
Risk Prioritization: Rank risks according to their levels.

4

Risk Response Implementation

Employ strategies such as avoidance, transfer, mitigation, or acceptance.

5

Risk Supervision and Review

The Risk Management Committee supervises and reviews the applicability and implementation effectiveness of the risk management mechanism.

6

Risk Recording and Reporting

Record the process and results of risk management execution and communicate internally/externally.

7

Disclosure of Risk Management Performance

Through the official website, annual reports, and ESG reports.

8

Risk Monitoring

Ongoing monitoring of internal and external environments.