Risk Management»Policies, Procedures and Scope

Risk Management and Intellectual Property Management Plan and Operational Report

• The Company has established the "Risk Management Guidelines" and was approved by the Board of Directors in December 2020 as the guiding principles for risk management and to facilitate the identification, analysis, evaluation and control of operational risks. The Board of Directors is responsible for establishing and overseeing the risk management structure of the Group, including the Company and important production sites. The President is responsible for the development and control of the Group' risk management policies and reports regularly to the Board of Directors on its operations.
• The Company has further established the “Sustainability Steering Committee” under the Board of Directors, whose working group conducts short-term, medium-term and long-term risk identification, risk analysis, and risk assessment for environmental, social, and corporate governance aspects every year, and proposes improvement plans for high-risk items. Risk response is based on the assessment results and improvement plans, which are approved by the management representatives of each site, agreed upon by the President, and submitted to the Board of Directors for approval, and then promoted and implemented accordingly. Implementation of risk reporting and supervision are regularly reported to the Board of Directors. The most recent reporting date was December 27, 2024. The Company should communicate and disclose risks identified and management outcomes to all stakeholders, and provide information related to risk management in its annual report, sustainability report, and on its website.

Scope of Risk Management

• The main objective is to mitigate the impact of risks on the enterprise, to ensure that the operational risks of the Group are under control, so that the Group's overall operations can focus on business growth and operational efficiency, and to further safeguard shareholders' rights. Year by year, with reference to the risk incidents that occurred in the previous year and the opinions of external experts, the Group deliberates on the issues that may adversely affect the operations of the Company and the Group in the current year at the beginning of the period as the basis for the overall risk assessment and ranking for the following year. Once the planned risk control items and proposed risk management measures are approved, risk monitoring or implementation will be carried out accordingly.
• The monitoring and control tools mentioned above include, but are not limited to, the use of self-risk management as a risk control/risk retention, or risk transfer/insurance. The Company's risk management procedures include risk identification, risk measurement, risk monitoring, risk reporting and disclosure, and risk response.