Risk Management Organization Structure

The companys risk management organizational structure includes the Board of Directors, Risk Management Committee, Auditing Office and Accountability Unit.

Risk management organizationResponsibilities
Board of DirectorsThe Board of Directors is the supervisor of risk management and the highest governance body. With the goal of complying with laws and regulations, promoting and implementing risk management, it elevates risk management policies, and continuously supervises the effective operation of the risk management mechanism, and is responsible for the ultimate responsibility of the risk management system.
Risk Management CommitteeRisk Management Committee reports to the Board of Directors directly, and is responsible for reviewing the appropriateness of risk management policies and risk management structures, reviewing major risk management strategies, including risk appetite or tolerance, reviewing management reports on major risk issues, supervising improvement mechanisms, and regularly reporting to the Board of Directors implementation of risk management.
Auditing OfficeThe Auditing Office is directly affiliated with the Board of Directors. Its responsibilities are independent supervision and quality assurance, internal control system revision and promotion, and auditing business planning and execution. It submits an annual audit plan based on the results of the risk assessment every year, and reports the execution results to the audit committee and the Board of Directors.
Accountability UnitEach Accountability Unit is responsible for the actual implementation of risk management, and the head of the accountability unit is responsible for analyzing, monitoring and reporting the risks faced by the business under its jurisdiction, and ensuring that the risk management mechanism and procedures can be effectively implemented.

Risk Management Policy

For the purpose of enforcing the companys risk management mechanisms and strengthening corporate governance while reasonably assuring the Companys strategies, plans, and targets are achieved, the Board of Directors passed the risk management policy on January 5, 2021. The policy provides the top principles for risk management. The policy covers the purpose of management, the scope of risks, organizational structure and responsibilities, management procedures, risk categories, and risk management operations and implementation evaluation. Risks arising from the business activities are kept within the range of tolerance in order to achieve sustainability and stability.

Risk categoryRisk management process
Operational risksMarket structure and demand, industry development and competition, sales or procurement concentration, product and raw material prices, product development and services, business model changes, organizational structure adjustment, talent recruitment, public relations, patent application and maintenance, intellectual property protection, etc.
Financial risksInflation, financing, liquidity management, dividend distribution, exchange rate, interest rate hedging, financial investment, strategic investment, leases and material capital expenditures, etc.
Legal compliance riskThe risks that may arise from failure to comply with various laws and regulations or the legal risks that may infringe on the company's rights and interests.
Information security risksInformation assets may suffer unbearable risks, and the confidentiality, integrity and availability of the information cannot be guaranteed, including unauthorized persons who can still access the information, and cannot ensure that the information content and information processing methods are correct, complete. When authorized users need it, they cannot access information and use related assets in a timely manner, resulting in possible losses.
Environmental risksThe impact of environmental issues such as climate change and natural disasters on business operations and financial impacts, and identification of greenhouse gas emission management, carbon credit management, energy management, and compliance with international and local environmental protection laws and regulations caused by climate change.
Other risksIn addition to the above risks, if there are other risks that may cause the company to incur significant losses appropriate risk control procedures should be established based on the characteristics of the risks and the degree of impact.