Risk Management

Risk Management Policies

The Company has established a risk management team under Corporate Social Responsibility Committee, which is in charge of risk related activities. The risk management framework consists of external risks like political economy, environment and compliance; as well as internal ones like manufacturing, R&D, information security and finance. From the perspective of business continuity, the company conducts quantitative assessments of the frequency of occurrence, impact and degree of control for potential risks in each dimension, and collects risk analysis reports from professional institutions and topics designated by top management to identify and manage short, medium and long term risks covering strategic, operational, financial and hazard aspects, as well as emerging risks that may have a significant impact on the company's operations in the future. In regard to risk identification, prevention, monitor, or other major risk management topics, the team would report to the Board of Directors at least once a year.



Risk Management Framework

The Company's risk management organization takes the board of directors as the highest management unit. The Corporate Governance Committee, composed of the Chairman and all independent directors, supervises risk management and establishes risk management procedures. Through ESG & Climate Committee and Business Risk management responsible for risk management policy and procedures, including reviewing the company's risk identification processes and addressing risk control related issues. The management scope includes strategy, financial, operations and hazards as well as emerging risks that may impact the company's operations in the future. Moreover to coordinate the overall implementation and operations. Risk management department responsible for monitoring and reviewing the efficiency of risk management auditing. Risk Governance Subcommittee should report to the Board of Directors at least once a year on issues such as risk identification, prevention, monitoring, major risk controlling and risk management operation efficiency.



The Organization of the Risk Management Team

Risk Management Operation

Business Continuity Plan, BCP

From 2008 to date, the Company has had its BCP in place. Centering business continuity as its core value, the Company continuously monitors and invests in risk control, preparing for potential external and internal risks that may influence its operation. The Company has carried out various drills including fires, earthquakes, chemical spills, infectious diseases, information security and supply shortages. Risk management strategies were also in place, in order to ensure that, the Company could maintain key business operations at acceptable levels in the event of an incident.


Risk identification activities

In order to monitor internal and external risks and reduce overall corporate operational risks, the risk management team of Corporate Social Responsibility Committee leads the annual risk identification. After quantitatively assessing the risks of each aspect, execute the matrix-based prioritization, and develop corresponding strategies to mitigate, transfer or prevent risk. In 2021, we expanded the participating units of risk identification team in response to climate change risks, so as to fully control the possible impacts and responses to climate change. From 2022, we collected major domestic and foreign risk issues and projects designated by top management, and consolidated as the company's annual focused risks. Relevant functions are invited to formulate risk management indicators and implementation strategies.


Accomplishments in 2023

We have completed a total of 349 risk identification items in 2023. External ones mostly surrounded geopolitics, water and electricity supply for production, reputation management, industry competition and supply chain management; internal parts included corporate governance, production management, technology R&D and compliance. Managements would structure its core operating strategy based on those identified risks, implementing BCP to increase adaptability to potential impacts, so to make the systematic structure more complete.


Assigning Global Risk & Business Continuity as a compulsory course for directors, and 128 senior managers have finished the training session. This year, a risk management basic thinking course was launched for all colleagues to build up their basic understanding of risk management and strengthen the breadth and depth of the company's risk management through relevant courses.


In 2023, annual focused risks list 5 items, including operational, strategic, financial, and hazard aspects. Relevant functions are requested to formulate risk indicators for monitoring, or regularly collect risk-related information to explain to top management.