Risk Management Policies

The Company's risk management policies have been approved by the Board of Directors in 2020, and were set to be our supreme guiding principles in controlling risk. In accordance with the risk management standards and guidelines of ISO 31000, the Company has formulated corresponding procedures and systems. Through annual risk evaluation and identification, the Company would develop plans to mitigate, transfer or avoid potential risks, aiming for a solid internal structure, hence achieving sustainable operation.


Risk Management Framework

The Company has established a risk management team under Corporate Social Responsibility Committee, which is in charge of risk related activities. The risk management framework consists of external risks like political economy, environment and compliance; as well as internal ones like manufacturing, R&D, information security and finance. From the perspective of business continuity, our risk management mechanisms consist of identification, analysis, and evaluation, aiming to quantify the frequency, along with the magnitude of impact and control of risk. In regard to risk identification, prevention, monitor, or other major risk management topics, the team would report to the Board of Directors at least once a year.


The Organization of the Risk Management Team




Risk Management Operation


Business Continuity Plan, BCP

From 2008 to date, the Company has had its BCP in place. Centering business continuity as its core value, the Company continuously monitors and invests in risk control, preparing for potential external and internal risks that may influence its operation. The Company has carried out various drills including fires, earthquakes, chemical spills, infectious diseases, and supply shortages. Risk management strategies were also in place, in order to ensure that, the Company could maintain key business operations at acceptable levels in the event of an incident.


Risk identification activities

In the direction of consistently control and reduce both external and internal risks so to ensure continuity of operations, the risk management team under Corporate Social Responsibility Committee started to implement risk identification since 2016. After quantifying operational risk levels, the team would execute matrix-based prioritization, and carry out corresponding strategies to mitigate, transfer or prevent risk.


Accomplishments in 2020

The Company has assessed 23 risk scenarios that we may encounter in 2020. External ones mostly surrounded COVID-19, industry competition and supply chain management; internal parts included information security, technology R&D and compliance. Managements would structure its core operating strategy based on those identified risks, implementing BCP to increase adaptability to potential impacts, so to make the systematic structure more complete.


Assigning Global Risk & Business Continuity as a compulsory course for directors, 81 senior managers have finished the 1 hour training session this year. The course aims for a better control of external information, intensifying the broadness of risk management and make it more practical at the same time.