Internal Audit System

AUO's internal Auditing Administration Division is an independent unit directly reporting to the Board of Directors. The unit consists of eight people, including the auditing executive and full-time audit staff. In addition to making audit report to the Board of Directors at regular meetings, reporting also takes place periodically or as needed basis to the Chairman of the Board (CEO) and the Audit Committee.


AUO follows the law to establish an internal control system. Based on the system, the Auditing Administration Div. stipulates the internal audit implementation details. Then, the control systems and procedures are implemented, with their effectiveness and observance evaluated. The scope includes the whole company and its subsidiaries.


Audit affairs primarily involve the execution of the audit plan developed by the Board of Directors with identified risk, and the implementation of audit project or review if required. The execution of general and project audit plan can provide the operational status of the internal control system to the management, and help them identify the existing weaknesses or potential risks in time.

The Division audits the self-examinations done by the various units and subsidiaries, including checking how self-examination is executed, reviewing the documents to ensure implementation quality, and compiling the self-examinations results. Then the internal audit system reports to the Audit Committee and Board of Directors as the basis to evaluate the effectiveness of the overall internal control system, and issue the internal control system statement.


Business Continuity Plan (BCP)

The goal of the Business Continuity Plan (BCP) is to prevent interruption to business operations. Preventive and recovery measures/procedures are incorporated to reduce potential interruptions to operations to an acceptable level.

As risks go global, AUO is prone to broader and more complex risk factors. Risk management is considered by AUO to be a component in our competitive advantage. Since the BCP was introduced at AUO in 2008, exercises have been conducted on the potential impact of hardware losses due to fire or earthquake, supply chain shortages, manpower shortages due to epidemics, as well as shortages of water, electricity and communications infrastructure. We hope to realize the ideal of sustainable development by using these exercises and reviews to continue strengthening AUO’s emergency response and disaster recovery capabilities.


Risk Identification and Management

Risk identification is conducted every year by the Risk Governance Subcommittee of the Sustainability Committee to monitor and reduce overall operating risks. Assigned units assess the frequency, impact and level of control then use the risk chart to identify and arrange each risk type by frequency and level of impact. The top three risk events identified by each department are then evaluated in four main perspectives: strategy, finance, operations, and hazard. The risks are mainly in the strategic and operational aspects, followed by financial and disasters. AUO has developed risk management and response strategies aimed at mitigating, transferring or avoiding high risk factors.