Risk Management

Risk Management Policies

The Company's risk management policies have been approved by the Board of Directors in 2020, and were set to be our supreme guiding principles in controlling risk. In accordance with the risk management standards and guidelines of ISO 31000, the Company has formulated corresponding procedures and systems. Through annual risk evaluation and identification, the Company would develop plans to mitigate, transfer or avoid potential risks, aiming for a solid internal structure, hence achieving sustainable operation.



Risk Management Framework

The Company has established a risk management team under Corporate Social Responsibility Committee, which is in charge of risk related activities. The risk management framework consists of external risks like political economy, environment and compliance; as well as internal ones like manufacturing, R&D, information security and finance. From the perspective of business continuity, our risk management mechanisms consist of identification, analysis, and evaluation, aiming to quantify the frequency, along with the magnitude of impact and control of risk. In regard to risk identification, prevention, monitor, or other major risk management topics, the team would report to the Board of Directors at least once a year.



The Organization of the Risk Management Team

Risk Management Operation

Business Continuity Plan, BCP

From 2008 to date, the Company has had its BCP in place. Centering business continuity as its core value, the Company continuously monitors and invests in risk control, preparing for potential external and internal risks that may influence its operation. The Company has carried out various drills including fires, earthquakes, chemical spills, infectious diseases, and supply shortages. Risk management strategies were also in place, in order to ensure that, the Company could maintain key business operations at acceptable levels in the event of an incident.


Risk identification activities

In order to monitor internal and external risks and reduce overall corporate operational risks, the risk management team of Corporate Social Responsibility Committee leads the annual risk identification. After quantitatively assessing the risks of each aspect, execute the matrix-based prioritization, and develop corresponding strategies to mitigate, transfer or prevent risk. In 2021, we expanded the participating units of risk identification team in response to climate change risks, so as to fully control the possible impacts and responses to climate change.


Accomplishments in 2021

We have completed a total of 260 risk identification items, and assessed 24 Medium/High risk scenarios in 2021. External ones mostly surrounded COVID-19, water and electricity supply for production, industry competition and supply chain management; internal parts included information security, technology R&D and compliance. Managements would structure its core operating strategy based on those identified risks, implementing BCP to increase adaptability to potential impacts, so to make the systematic structure more complete.


Assigning Global Risk & Business Continuity as a compulsory course for directors, and 73 senior managers have finished the training session. The course aims for a better control of external information, intensifying the broadness of risk management and make it more practical at the same time.