Risk Management

The Company implements the “9-AA-05 Risk Evaluation Procedure”. Annually we conduct discussions based on changes in the macro-environment (e.g., considering resources such as the Horizon Scan Report and Global Risks Report, etc.), select priority issues, and decide on appropriate responses. Each plant also carries out risk assessments and adopts preventative measures in accordance with various management systems (ISO 9001, IATF 16949, ISO 14001, ISO 45001, ISO 22301, TIPS, GMP, etc.).

To adequately address risks from pandemics and climate change, we aim to achieve organizational resilience within risk management objectives. We include human resource management, information security management, supply chain management, and operational continuity of critical business activities into the scope of assessments to ensure that the Company has proper risk management mechanisms to maintain operations.

Risk Management Committee and Decision-Making Management Levels

The Company’s Risk Management Committee is chaired by the Chairman of the Board and its members include the General Manager and heads of departments such as Production and Finance.

The responsibilities of the Risk Management Committee are as follows:

  • Review risk management policies, procedures, and frameworks, and regularly assess their suitability and effectiveness of implementation.
  • Approve risk appetite (risk tolerance) and guide resource allocation.
  • Ensure that the risk management mechanisms are capable of adequately addressing the risks faced by the Company and integrate them into daily operating processes.
  • Approve the priorities and levels of risk control.
  • Review the execution of risk management, make necessary suggestions for improvement, and report to the board of directors regularly (at least annually).

Implement the risk management decisions of the board of directors.

Risk impact assessment and identification

The Company refers to the COSO framework “Enterprise Risk Management—Integrating with Strategy and Performance,” particularly its application to environmental, social, and governance (ESG) risks. We categorize enterprise risks into five major types.

After assessing the impact of various risks, we have more detailed management strategies of operational risks, including responses to climate risks within environmental risks. For more details on our approach to climate change—both mitigation and adaptation—please refer “Climate Action: Mitigation and Adaptation.” This chapter will also describe our management practices for handling operational risks.

2023 Implementation Results

ESG Risk

0 points

2022

0 points

2023

to be announced in December 2024

Supply Chain Management

0%
Delivery Accuracy
0%
Med/High- Risk Suppliers

2022

0%
Delivery Accuracy
0%
Med/High- Risk Suppliers

2023

0%
Delivery Accuracy
0%
Med/High- Risk Suppliers

Information and communication management

0%

monthly availability rate of critical information systems and network services

2022

0%

monthly availability rate of critical information systems and network services

2023

0%

monthly availability rate of critical information systems and network services

BCM

0
Number of Improvements for Med/High- Risk Events

2022

0
Number of Improvements for Med/High- Risk Events

2023

0
Number of Improvements for Med/High- Risk Events

Human resources management

0%
Annual turnover rate

2022

0%
Annual turnover rate

2023

0%
Annual turnover rate

Risk Management Process

The Company has formulated the “Risk Management Process” based on “ISO 31000:2018 Risk Management – Guidelines”, “Best Practice Principles on Risk Management for TWSE/TPEx Listed Companies”, and “Enterprise Risk Management: Integrating”. We categorize risks into five major types: strategic risk, compliance risk, financial risk, operational risk and other risks. Each responsible unit shall conduct assessments (including risk identification, risk analysis and risk assessment), report and implement response/preventive measures within its business scope in accordance with the risk management process detailed in the “Risk Management Process” to mitigate the impact of potential risks.

1

Information Gathering

Collect information about changes in the internal and external environment.

2

Risk Identification

Recognize sources of risk and their relevance to the Company.

3

Risk Assessment

Risk Evaluation: Assess the probability and severity of occurrence.
Risk Measurement: Determine the level of the risk.
Risk Prioritization: Rank risks according to their levels.

4

Risk Response Implementation

Employ strategies such as avoidance, transfer, mitigation, or acceptance.

5

Risk Reporting and Improvement

Document/report with appropriate integrity and continuous improvement.

6

Risk Information Communication

Communicate internally and externally through the use of tools and channels.

7

Disclosure of Risk Management Performance

Through the official website, annual reports, and ESG reports.

8

Risk Monitoring

Ongoing monitoring of internal and external environments.