Risk Management Organization Structure

The companys risk management organizational structure includes the Board of Directors, Risk Management Team, Auditing Office and Accountability Unit.

Risk management organizationResponsibilities
Board of DirectorsThe Board of Directors is the supervisor of risk management and the highest governance body. With the goal of complying with laws and regulations, promoting and implementing risk management, it elevates risk management policies, and continuously supervises the effective operation of the risk management mechanism, and is responsible for the ultimate responsibility of the risk management system.
Risk Management TeamThe Risk Management Team is a functional organization under Sustainable Development Committee, and is responsible for reviewing risk identification and results of materiality assessment, including risk appetite or tolerance, reviewing implementation plans for major risk issues and supervising the implementation of relevant matters, reviewing management reports on major risk issues, supervising improvement mechanisms, and reviewing the appropriateness of overall risk management structure in sustainable development.
Auditing OfficeThe Auditing Office is directly affiliated with the Board of Directors. Its responsibilities are independent supervision and quality assurance, internal control system revision and promotion, and auditing business planning and execution. It submits an annual audit plan based on the results of the risk assessment every year, and reports the execution results to the audit committee and the Board of Directors.
Accountability UnitEach Accountability Unit is responsible for the actual implementation of risk management, and the head of the accountability unit is responsible for analyzing, monitoring and reporting the risks faced by the business under its jurisdiction, and ensuring that the risk management mechanism and procedures can be effectively implemented.

Risk Management Policy

For the purpose of enforcing the companys risk management mechanisms and strengthening corporate governance while reasonably assuring the Companys strategies, plans, and targets are achieved, the Board of Directors passed the risk management policy on January 5, 2021. The policy provides the top principles for risk management. The policy covers the purpose of management, the scope of risks, organizational structure and responsibilities, management procedures, risk categories, and risk management operations and implementation evaluation. Risks arising from the business activities are kept within the range of tolerance in order to achieve sustainability and stability.

Risk Management Procedures

A risk management environment should be established for all operations to effectively identify, assess, monitor, and control various risks. The potential risks should be controlled within an acceptable level to achieve the goal of rationalizing risks and rewards.
I. Risk identification:
Risk identification should cover the company’s various businesses and operating activities. By confirming the company’s operating, strategic, and profit goals, the company shall review past risk incident records, collect various industry and economic research reports, survey and identify risks that may have an impact on operations and profits, and confirm risk attributes and types.
II. Risk assessment:
Risk assessment should determine quantitative or other feasible qualitative standards based on the different risk types. It should consider the nature, scale, and complexity of the various businesses and operating activities, and regularly review them.
Risk assessment refers to the reasonable analysis and evaluation of the characteristics of risks that may cause potential loss or affect potential loss. For quantifiable risk characteristics, appropriate quantifying methods should be used for analysis and management, in order to assess the degree of risk. For unquantifiable risk characteristics, appropriate qualitative methods should be used to express the possibility and impact of risk occurrence.
III. Risk monitoring and report:
Each department should monitor the risks associated to their operations. When the degree of exposure exceeds the risk limit, the relevant department shall propose response measures and report the risk and response measure to the suitable management level. The risk shall be reported to the Sustainable Development Committee according to the severity of the risk.
The Sustainable Development Committee should report its operations to the Board of Directors at least once a year. If major risks that endanger finances, business operations, or legal compliance are found, appropriate measures should be adopted immediately, and the risks should be reported to the Board of Directors.
IV. Risk response:
After assessing and compiling the risks, each unit should properly record the risk management procedures and adopt response measures for the risks they face.

Risk Management Category

Risk categoryRisk management process
Operational risksMarket structure and demand, industry development and competition, sales or procurement concentration, product and raw material prices, product development and services, business model changes, organizational structure adjustment, talent recruitment, public relations, patent application and maintenance, intellectual property protection, etc.
Financial risksInflation, financing, liquidity management, dividend distribution, exchange rate, interest rate hedging, financial investment, strategic investment, leases and material capital expenditures, etc.
Legal compliance riskThe risks that may arise from failure to comply with various laws and regulations or the legal risks that may infringe on the company's rights and interests.
Information security risksInformation assets may suffer unbearable risks, and the confidentiality, integrity and availability of the information cannot be guaranteed, including unauthorized persons who can still access the information, and cannot ensure that the information content and information processing methods are correct, complete. When authorized users need it, they cannot access information and use related assets in a timely manner, resulting in possible losses.
Environmental risksThe impact of environmental issues such as climate change and natural disasters on business operations and financial impacts, and identification of greenhouse gas emission management, carbon credit management, energy management, and compliance with international and local environmental protection laws and regulations caused by climate change.
Other risksIn addition to the above risks, if there are other risks that may cause the company to incur significant losses appropriate risk control procedures should be established based on the characteristics of the risks and the degree of impact.

Risk Management Operation Situation

WT set up a risk management committee in 2020 to actively implement the risk management mechanism. The risk management committee meets at least once a year, and may convene at any time as needed, and reports to the Board of Directors on the operation of risk management once a year. In order to strengthen the assessment and analysis of risks related to sustainable development and enable each functional committee to effectively perform its functions, the "Sustainable Development Committee" was established under the Board of Directors on November 15, 2023. The governance mechanism of the Risk Management Committee will be merged into the Sustainable Development Committee to continuously improve the Company's risk management system. The "Risk Management Committee" was abolished on the same day.
The operation of risk management is as below:
  • The Risk Management Committee formulated the risk management policy on January 5th 2021 and submitted it to the Board of Directors for approval. It also assessed the risk of exchange rate fluctuations and the trade war between China and the United States submitted it to the Board of Directors for discussion.
  • The Risk Management Committee on January 5th 2021 and it report to the Board of Directors on the operation of the 2020 Risk Management Committee.
  • The Risk Management Committee on March 18th 2021 submit an evaluation on information security risk assessment and management response to the board of directors for discussion.
  • The Risk Management Committee on November 5th 2021 submit an evaluation on information security improvement and the information security plan of 2022 to the board of directors for discussion.
  • The Risk Management Committee on January 6th 2022 and it report to the Board of Directors on the operation of the 2021 Risk Management Committee.
  • The Risk Management Committee on August 5th 2022 submit an evaluation on management and risks of group's cash flow requirements to the board of directors for discussion.
  • The Risk Management Committee on January 6th 2023 and it report to the Board of Directors on the operation of the 2022 Risk Management Committee.
  • The Risk Management Committee on November 14th 2023 submit an evaluation on management and risks of group's cash flow requirements to the board of directors for discussion.