• About Quanta
  Company Profile Executives Organization Structure Company Information News
  Awards & Accomplishments Key Milestone Global Major Operating Sites
• Investor Relations
  Financials Annual Reports Shareholders Services Shareholders' Meeting
• Corporate Governance
  Corporate governance organizational structure Board of Directors Functional Committee Internal Control System Risk Management

  Major Internal Policies Top Ten Shareholders
• ESG
  ESG Sustainability Policies Latest Sustainability Report Stakeholder Communication and Grievance Mechanisms
• Products
  Notebook Server Camera Smarter Healthcare
• Subsidiaries/Affiliates
  QSMC QCT Quanta Storage Inc. RoyalTek International Quanta Culture & Education Foundation Quanta Arts Foundation

Risk Management Policy and Implementation Guidelines

Quanta Computer Risk Management Policy and Implementation Guidelines

Policy

• To mitigate the potential impacts of risk events on the Company and ensure that enterprise-wide operational risks remain within controllable thresholds, Quanta Computer Inc. (hereinafter referred to as “the Company”) is committed to establishing and maintaining a comprehensive risk management system. This approach enables the Group to focus on business growth and operational efficiency enhancement, while safeguarding shareholders’ interests. The scope of risk management covers the entire corporate group, including all subsidiaries.
• To ensure the integration of sustainability into the Group’s business practices, the Company not only complies with its multi-level internal management and internal control systems but also incorporates risk considerations into all operational processes. The Company commits to Board-level oversight and systematic risk management to assess the potential impacts of various risks on business operations, thereby strengthening corporate governance, achieving sustainable operations, and safeguarding stakeholders’ rights and interests. This policy and related procedures have been established to guide implementation.
• The Company continuously identifies and evaluates risks that may affect long-term business sustainability, including but not limited to climate change, resource constraints, social instability, and regulatory changes. Such assessments cover short-, medium-, and long-term horizons and are regularly reviewed and updated.
• The Company proactively communicates with stakeholders regarding potential strategic, operational, and financial risks that may affect business operations or profitability, aiming to reduce the potential adverse impacts of risk events on the Company and its stakeholders.
• In accordance with this policy, the Company has established a Risk Management Procedure, which was approved by the Board of Directors in December 2020. The General Manager serves as the convener to oversee planning, promotion, and implementation, and all employees are expected to actively participate and cooperate.
• Risk Management Governance Structure
• Board of Directors: The highest governance body responsible for approving risk management policies and related regulations, and for overseeing the overall effectiveness of risk management implementation, ensuring that risks are effectively controlled.
• Sustainability Steering Committee and its Risk Management Subcommittee: Assists the Board in performing risk oversight duties related to sustainability and enterprise risk management (ERM).
• Risk Management Committee: Composed of functional heads who serve as risk management members to ensure the implementation of the risk management system within their business units. They appoint risk management officers within each unit and coordinate with relevant personnel to implement risk management procedures, establish, operate, maintain, and review risk management mechanisms.
• Internal Audit Department: An independent unit under the Board of Directors responsible for developing an annual audit plan based on this policy, procedures, and risk management regulations. It conducts independent audits to evaluate the effectiveness of risk management activities, and provides improvement recommendations, and regularly report audit results to the Board, ensuring the effective operation of the internal control system.
• Implementation Guidelines and Scope
• The Company conducts risk management based on five major processes:
  risk identification, risk assessment, risk monitoring, risk reporting & disclosure, and risk response, and implement these in accordance with the Risk Management Procedure.
  The Company communicates and discloses identified risks and management outcomes to stakeholders and discloses relevant risk management information in the Annual Report, ESG Report, and on the corporate website.
• Each year, based on risk incidents that occur within the Group and external expert opinions, the Company identifies and defines material emerging risks at the end of each year or the beginning of the next year that may affect the operations of the Company and its consolidated subsidiaries.
• These risks are used as the basis for enterprise-wide risk assessments and prioritization, and after approval, risk control plans and mitigation measures are implemented to monitor and manage such risks.
• Risk response tools include but are not limited to:
• Risk retention (adopting internal control measures to manage risks internally)
• Risk transfer (purchasing appropriate insurance coverage)