Home»Corporate Governance»Risk Management»Risk Management Policies and Procedures

Risk Management Policies and Procedures

• The Company has established the "Risk Management Guidelines" and was approved by the Board of Directors in December 2020 as the guiding principles for risk management and to facilitate the identification, analysis, evaluation and control of operational risks. The Board of Directors is responsible for establishing and overseeing the risk management structure of the Group, including the Company and important production sites. The President is responsible for the development and control of the Consolidated Companies’ risk management policies and reports regularly to the Board of Directors on its operations. The most recent reporting date was December 16, 2022.

Scope of Risk Management

• The main objective is to mitigate the impact of risks on the enterprise, to ensure that the operational risks of the Group are under the scope of control, to enable the Group's overall operations to focus on business growth and operational efficiency, and to help safeguard shareholders' equity.
• Based on the risk events that occurred in the previous year and the opinions of external experts, the Group deliberates on the issues that may adversely affect the operations of the Company and the Consolidated Companies in the current year at the beginning of the period, and use them as the basis for the overall assessment and risk ranking of operational risks in the following year. Planned risk control items then undergo proposed risk management measures after approval for overall monitoring or mitigation.
• The monitoring and control tools mentioned above include, but are not limited to, the use of self-risk management as a risk control/risk retention, or risk transfer/insurance.
• The Company's risk management procedures include: risk identification, risk measurement, risk monitoring, risk reporting and disclosure, and risk response.

• A summary of the operations and results for FY2022 is as follows:
• ● Asset Risk Management
• Aside from following past practices of insuring tangible assets (e.g., buildings, equipment, inventories, logistics cargo) and intangible assets (e.g., information security, accounts receivable) against risks in accordance with or exceed industry standards, the Company has also facilitated sound self-risk management practices and conducted risk audits and training. During the year, asset risk management tasks that the team has completed are outlined as follows：
• A. Tangible Asset Management:
• • Risk audit on the Company’s operations in Taiwan: considering the pandamic has gradually eased off, asset risk audits on the Company’s R&D complex and production plant in Taiwan were completed in 4Q FY2022. Based on the audit results, external experts confirmed that relevant risk management of the Company’s operations in Taiwan was not impacted by the pandemic. Thus, external experts still rated the Company’s operations in Taiwan above industry standards.
• • Risk audit on the Company’s operations in Mainland China and Mexico: consideirng evolvement of the pandemic and distance of the two overseas operations, the Company has entrusted local risk management experts to conduct supervision and inspection for fire safety and major power equipment on both sites to avoid relevant issues to increase operational risks.
• B.Intangible Asset Management:
• • In response to stakeholders’ expectation and to strengthen the Company’s information security standards, the Company has entrusted international information security assessment experts to perform “Red Team Assessment” in FY22. Commendar of the Red Team experts has confirmed that the Company’s act on boarder information security protection and investment in relevant software and deployment of hardware equipment are above industry standards. The assessment retults concluded by external experts match that of the Company’s internal assessement on information security risk.
• • The assessemet results would also provide guidelines for the Company’s improvement target and reaffirm the Company’s believe in strengthening the Group’s united defense and the need to realize supply chain management. All of the aforementioned tasks will mark the Company’s focal tasks on information security in coming years.

• ● ESG Related Risk Management
• The Company has established an “Sustainability Steering Committee”. The task force would assess and manage the short-term, medium-term and long-term impacts on the environment, society and corporate governance every year. The committee would then propose improvement plans for high-risk items. Upon approval of evaluation results and improvement plan from the management team of each production site, the plans are submitted to the Board of Directors with the approval from the President of the Company as a reference for promotion and implementation. Main operations in FY22 are as follows:

Risk Identified	Countermeasures
Environmental Risks: Global warming and damage to the environment caused by climate change would further disrupt business operations and environment if no actions taken.	Establish “Climate Change Management Committee", responsible for promoting and raising awareness across diffferent departments. Encourage participation and involvement in climate change topics. Pledge to implement the SBT scientific approach to carbon reduction, and establish a carbon reduction target which will help limit global warming to 1.5 degrees Celsius. Implement TCFD (Task Force on Climate-related Financial Disclosures) to disclose relevant risks and opportunities associated with climate change and finance.
Order Losing Risks: In response to customers’ net-zero target, the Company that is currently at scope 3 was requested to provide relevant countermeasures. If the Company failed to satisfy customers’ expectation, we may face operational risks.	Conduct greenhouse gas inventories in each site in accordance with ISO 14064 to verify actual carbon emission as the foundation for gradual improvement. Taiwan site is the first site to incorporate ISO 50001 in order to improve the Company’s efficiency in energy consumption. Established annal plan to purchase green energy. Gradually promote the methodology of LCA (Life Cycle Assessment) to calculate hot spots of carbon emmission in the production process as a reference to manage carbon emission. Establish “Carbon Management Platform” to digitialize carbon management and to reduce possible human errors. Leverage clear presentation of carbon emission data as an important reference to promote carbon management.
Human Rights Awareness Risks: In response to the rising importance of human rights topics, if there’re concerns of violating human rights in the process of product design, manufacturing, sales, and providing customers after-sales services, the Company’s reputation would be damaged and normal operation would also be impacted.	Become a member of the RBA (Responsible Business Alliance), strengthen RBA audit items in all sites and SA8000 certification to ensure complicance of human rights requirements. Establish labor and human rights policies as the standard procedures for the Company to execute human rights related matters. Regulated various procedures on human rights in order to identify potential risks or timely response in the event of human rights related risks. Conduct annual examination and risk assessment on major human rights issues. If high risk items are identified, prevention measures are then proposed.
Supply Chain Risks (A): Using conflict minerals provided by suppliers sourcing from conflict-affected and high-risk regions would adversely cause social, environmental or human rights degradation.	Strictly comply with the “OECD Mineral Due Dilligence Guidelines” and the RMI (Responsible Mineral Initiative) framework and the responsible minerals procurement due diligence survey required by our customers to carry out responsible minerals procurement and investigation. Request suppliers to sign responsible minerals procurement statement and request suppliers to upload certificates and reports in the responsible procurement reporting system to ensure no conflict minerals are used. Through educational training and maintain communication with suppliers to strictly request them not to source conflict minerals and inform them of the consequences if failed to comply.
Supply Chain Risks (B): Suppliers not complying with ESG regulations and engage in activities that violate ethical labor management, occupational safety, and environmental protection leading to disrupted operation would indirectly cause supply chain disruption for the Company.	Periodically communicate with suppliers to coordiate on regulatary items to follow, and further require suppliers to follow the same procedure to manage their suppliers. Encourage suppliers to obtain a RBA VAP audit and conduct on-site supplier audits to ensure compliance with RBA code of conducts.
Employees Ethical Risks: Employees not complying with workplace ethics and engage in corruption or bribery would damage the Company’s reputation and put overall operation in danger.	Established “Employment Ethics Regulations” to educate employees to comply and employees are required to fill in the “conflict of interest avoidance declaration” every year. Through comprehensive internal audit system to provide channels of complaints that is public and provide guaranteed protection of complainees to handle matters that may violate the principle of integrity.

• ● Other Risks
• Potential risk In response to COVID-19 and specific measures are outlined as follows:

Identified Risks	Countermeasures
Poteintal health risk to employees if cluster infection were to happen internally.	Establish mask production lines and provide complimentary masks for all employees of the Group. Enhance environmetnal disinfection, install infrared ray body temperature detectors at all entrances, setup alcohol spray and hand sanitizers in various areas, and require all personnel to disinfect their hands when entering and leaving the office building. When status of the pandemic becomes severe, employees would be prohibited from cross building or cross section movements, common areas would be closed, visitors would be prohibited from entering the office building, flexible work hours would be expanded to reduce the possibility of group gathering. Provide periodic COVID-19 tests for migrant workers and initiate dormitory adjustments plan when possible risks increase.
Operation disruption or production line suspension due to employees infected with COVID-19 jid	Establish the pandemic prevention risk management plan for special contagious pneumonia. Establish internal pandemic prevention platform for employees tested positive for COVID-19 to complete self-reporting assessment, so as to understand employees infected with COVID-19, their close contacts, potenital risks to employees in the nearby area, and to further control possible impact that could endanger the Company and the health of our employees. In the event of any abnormality, medical staff of the Company would provide care and follow-up to ensure the physical and mental health of our employees. Employees are encouraged to receive vaccination to achieve the goal of community immunity as early as possible, thus the Company provides employees one-day of paid leave for vaccination. Prepared production line adjustment plan to strengthen flexibility in response to the outbreak.
Increase the risks of employees being infected with COVID-19 due to lack of pandemic prevention knowledge.	Epidemic surveys are conducted and pandemic hotline is setup for employees to make inquires on epidemic prevention matters. Follow instructions and public announcements provided by the CDC (Taiwan Centers For Disease Control) and strengthen internal health education program.