|Internal Audit System
AUO's internal Auditing Administration Division is an independent unit directly reporting to the Board of Directors. The unit consists of eight people, including the auditing executive and full-time audit staff. In addition to making audit report to the Board of Directors at regular meetings, reporting also takes place periodically or as needed basis to the Chairman of the Board (CEO) and the Audit Committee.
AUO follows the law to establish an internal control system. Based on the system, the Auditing Administration Div. stipulates the internal audit implementation details. Then, the control systems and procedures are implemented, with their effectiveness and observance evaluated. The scope includes the whole company and its subsidiaries.
Audit affairs primarily involve the execution of the audit plan developed by the Board of Directors with identified risk, and the implementation of audit project or review if required. The execution of general and project audit plan can provide the operational status of the internal control system to the management, and help them identify the existing weaknesses or potential risks in time.
|Business Continuity Plan (BCP)
The goal of the Business Continuity Plan (BCP) is to prevent interruption to business operations. Preventive and recovery measures/procedures are incorporated to reduce potential interruptions to operations to an acceptable level.
|Risk Identification and Management
Risk identification is conducted every year by the Risk Governance Subcommittee of the Sustainability Committee to monitor and reduce overall operating risks. Assigned units assess the frequency, impact and level of control then use the risk chart to identify and arrange each risk type by frequency and level of impact. The top three risk events identified by each department are then evaluated in four main perspectives: strategy, finance, operations, and hazard. The risks are mainly in the strategic and operational aspects, followed by financial and disasters. AUO has developed risk management and response strategies aimed at mitigating, transferring or avoiding high risk factors.