Risk Management

Risk Management Policies

The Company's risk management policies have been approved by the Board of Directors in 2020, and were set to be our supreme guiding principles in controlling risk. In accordance with the risk management standards and guidelines of ISO 31000, the Company has formulated corresponding procedures and systems. Through annual risk evaluation and identification, the Company would develop plans to mitigate, transfer or avoid potential risks, aiming for a solid internal structure, hence achieving sustainable operation.



Risk Management Framework

The Company has established a risk management team under Corporate Social Responsibility Committee, which is in charge of risk related activities. The risk management framework consists of external risks like political economy, environment and compliance; as well as internal ones like manufacturing, R&D, information security and finance. From the perspective of business continuity, the company conducts quantitative assessments of the frequency of occurrence, impact and degree of control for potential risks in each dimension, and collects risk analysis reports from professional institutions and topics designated by top management to identify and manage coverage strategies potential risks in aspects such as business, operation, finance and hazard. In regard to risk identification, prevention, monitor, or other major risk management topics, the team would report to the Board of Directors at least once a year.



The Organization of the Risk Management Team

Risk Management Operation

Business Continuity Plan, BCP

From 2008 to date, the Company has had its BCP in place. Centering business continuity as its core value, the Company continuously monitors and invests in risk control, preparing for potential external and internal risks that may influence its operation. The Company has carried out various drills including fires, earthquakes, chemical spills, infectious diseases, information security and supply shortages. Risk management strategies were also in place, in order to ensure that, the Company could maintain key business operations at acceptable levels in the event of an incident.


Risk identification activities

In order to monitor internal and external risks and reduce overall corporate operational risks, the risk management team of Corporate Social Responsibility Committee leads the annual risk identification. After quantitatively assessing the risks of each aspect, execute the matrix-based prioritization, and develop corresponding strategies to mitigate, transfer or prevent risk. In 2021, we expanded the participating units of risk identification team in response to climate change risks, so as to fully control the possible impacts and responses to climate change. From 2022, we collected major domestic and foreign risk issues and projects designated by top management, and consolidated as the company's annual focused risks. Relevant functions are invited to formulate risk management indicators and implementation strategies.


Accomplishments in 2022

We have completed a total of 318 risk identification items in 2022. External ones mostly surrounded COVID-19, water and electricity supply for production, reputation management, geopolitics, industry competition and supply chain management; internal parts included information security, technology R&D and compliance. Managements would structure its core operating strategy based on those identified risks, implementing BCP to increase adaptability to potential impacts, so to make the systematic structure more complete.


Assigning Global Risk & Business Continuity as a compulsory course for directors, and 116 senior managers have finished the training session. The course aims for a better control of external information, intensifying the broadness of risk management and make it more practical at the same time.


In 2022, annual focused risks list 7 items, including operational, strategic, financial, and hazard aspects. Relevant functions are requested to formulate risk indicators for monitoring, or regularly collect risk-related information to explain to top management.