Status of Risk Management

Status of Risk Management

  • Home
  • ESG
  • Corporate Governance
  • Status of Risk Management

Risk Management Policy

 

The risk management policies and procedures of the Company and its subsidiaries were approved by the Board of Directors at the 15th meeting of the 9th Board on August 9, 2024. In line with the Company’s overall operating strategies, various types of risks are identified and defined, and a risk management framework is established to enable early identification, accurate assessment, effective supervision, and rigorous control of risks. Within an acceptable level of risk tolerance, the Company seeks to prevent potential losses and continuously adjusts and improves best risk management practices in response to changes in internal and external environments. These efforts aim to safeguard the interests of employees, shareholders, business partners, and customers, enhance corporate value, and achieve optimal allocation of corporate resources.

Scope of Risk Management

 

The Company’s risk management is conducted through a systematic process encompassing risk identification, risk assessment, risk response, risk monitoring, and risk reporting, in order to define the scope of operational risks and adopt appropriate measures to ensure effective management of related risks. The scope of the Company’s risk management covers the management of operational risks, financial risks, environmental risks, and business risks.

Organizational Structure


Operational Status in 2025 (Reported to the Board of Directors on December 16, 2025)


Operational Scope
Financial Scope
Risk Item Risk Level Risk Identification and Assessment Risk Response or Control Measures Operational Status in 2025
Reputation Risk Low Bad debt losses from accounts receivable
  • Conduct customer credit evaluations
  • Suspend shipments to customers with bad debts
  • Strengthened accounts receivable management, including due-date reminders and overdue account reviews
  • No new material bad debt losses
Strategic Planning Risk Medium Over-concentration of sales
  • Diversification of customer base to avoid over-reliance on a single customer
  • Actively expanding new customer base
Legal Compliance Risk Medium Unintentional violation of laws and regulations
  • Daily operations conducted in compliance with domestic and international laws and regulations
  • Continuous monitoring of policy and regulatory developments
  • Strengthened compliance and insider trading prevention through training
  • Assessment concluded that regulatory changes had no material impact on financial or operational activities
  • Automated quarterly email reminders on blackout periods for insider trading
  • Monthly compliance reminders covering legal compliance, ethical management, material information handling, confidentiality, and disclosure obligations
  • Directors and senior executives attended internal and external compliance training programs
Green Procurement Risk High Suppliers failing to comply with environmental, occupational safety, or labor rights requirements
  • Established supplier management procedures and regular audits to ensure regulatory compliance
  • New suppliers required to sign compliance declarations
  • On-site audits conducted periodically for key suppliers
  • Investment in new materials and processes to support low-carbon manufacturing
Talent Recruitment and Training Risk High Difficulties in talent recruitment and loss of key personnel
  • Enhanced internal training and professional skill development
  • Adoption of automation to reduce reliance on labor
  • Strengthening corporate competitiveness to attract talent
  • Procurement of automated equipment
  • Focused employee training and promotion of a family-friendly workplace
Occupational Health and Safety Risk Low Labor safety and health
  • Regular safety education and awareness programs
  • Fire safety and occupational safety training
  • Routine inspection, testing, maintenance, and upkeep of fire safety equipment
  • Employee health and construction safety management
  • Periodic safety reminders and seminars
  • Fire evacuation drills conducted
  • Regular self-inspections and outsourced maintenance of fire safety equipment
  • Implementation of employee health care programs and occupational medical services
Information Processing and Technology Risk High Data leakage or damage due to cyberattacks
  • Network access control implementation
  • Enhanced network segmentation and endpoint protection
  • Vulnerability scanning and penetration testing
  • Deployment of behavior management and NDR tools
  • Regular data backup and recovery drills
  • Implementation of NAC tools to restrict non-compliant devices
  • Firewall deployment and MDR endpoint monitoring
  • Regular vulnerability scans and penetration testing
  • Network behavior monitoring and threat detection
  • Regular backup and disaster recovery drills
Information Processing and Technology Risk High Insufficient employee information security awareness
  • Mandatory signing of information security clauses
  • Quarterly cybersecurity awareness campaigns
  • Social engineering drills and follow-up training
  • New employees sign IT usage policies
  • Ongoing internal cybersecurity communications
  • Phishing email simulations and targeted training
Information Processing and Technology Risk Medium Inadequate cybersecurity protection and incident response
  • Regular cybersecurity meetings
  • Periodic audits by the information security officer
  • Adoption of ISO 27001 or third-party cybersecurity audits
  • Weekly and monthly cybersecurity meetings
  • Regular audits across group entities with reporting mechanisms
  • Engagement of external cybersecurity consultants
Information Processing and Technology Risk Medium Cybersecurity vulnerabilities arising from AI development
  • Regular awareness campaigns on responsible AI use
  • Company-wide discussions on AI usage and prohibition of sensitive data input
Risk Item Risk Level Risk Identification and Assessment Risk Response or Control Measures Operational Status in 2025
Investment Risk Medium Derivative transactions and long- and short-term investments
  • Execution in accordance with asset acquisition and subsidiary supervision procedures
  • Short-term investments subject to evaluation and stop-loss/stop-gain mechanisms
  • Derivative transactions disclosed on the Market Observation Post System
  • Monthly management reports submitted by investee companies
Exchange Rate and Interest Rate Risk Medium
  • Impact of interest rate, exchange rate, and inflation fluctuations
  • Impact of regulatory and policy changes
  • Profit and loss analysis
  • Strengthened group cash management
  • Foreign currency exposure control
  • Close monitoring of interest rate trends and global economic developments
  • Active debt repayment to reduce interest burden
  • Enhanced procurement analysis to reduce material costs
  • Monthly tracking of accounts receivable and cash flow planning