Risk Management Policies and Procedures & Operational Situation
Home Corporate Governance Risk Management Policies and Procedures & Operational Situation
The Company has formulated the "Risk Management Policy", which was approved by the Board of Director in 2020 as the highest guiding principle for the Company's risk management; The Company regularly evaluates risks every year, and formulates risk management policies for various risks, covering management objectives, organizational structure, ownership of rights and responsibilities, and risk management procedures and other mechanisms and implement them to effectively identify, measure and control the Company's various risks, control the risk to an acceptable range.
Risk Management Scope

The Company integrates and manages all potential risks of various strategies, operations, finance and hazards that may affect operations and profits, and evaluates the frequency of risk events and the severity of the impact on the Company's operations, and defines the priority of risks. and risk level, and adopt corresponding risk management strategies according to the risk level.
1.Hazard risk: Refers to the risk of loss to the Company caused by the occurrence of major natural or man-made disasters (such as earthquakes, fires, chemical spills, and epidemics).
2.Operational risk: Refers to the risk that uncertain factors in the Company's operation process affect the normal operation of the Company, such as operation risk (material shortage, improper scheduling, etc.), quality risk, information system risk, contract performance risk and safety risk.
3.Financial risk: The Company's financial and business impacts, such as interest rate, exchange rate, liquidity and credit risks, are caused by factors such as domestic and foreign economic and industrial changes.
4.Strategic risk/political risk: Risk of loss due to business strategy considerations, such as the risk of excessive customer concentration, the risk of not obtaining contracts, and the risk of cooperating with policy investment capacity to prepare for development and other risks, and regularly arrange activities to enhance risk awareness.

Risk Management Committee Organization

The Company's risk management organizational structure includes the Board of Director, the risk management team (including the President, Vice Presidents, SRB meetings and Audit Office) and the Company's various Divisions. The relevant authority and responsibility are as follows:

Hierarchy Scope of responsibility
Board of Director → Risk Oversight The highest decision-making unit of the Company's risk management is responsible for approving, reviewing and supervising the Company's risk management policies to ensure the effectiveness of risk management.
Risk management team (including the President, Vice Presidents, SRB meetings and Audit Office) → Risk management The risk management team is the authority responsible for the implementation of risk management, and is mainly responsible for the monitoring, measurement and evaluation of corporate risks and other executive-level affairs. The risk management team conducts risk management through various meetings, including:
1.Assist in the formulation of the Company's risk management policy, identify company risks and review them annually.
2.Ensuring the implementation of risk management policies approved and implemented by the Board of Director.
3.Assist and supervise all risk management activities within the Division.
4.Depending on the external environment and internal strategy changes, determine the type of risk and suggest ways to take it.
5.Aggregate the results of the execution of risk management activities, and conduct risk-adjusted performance measurement and coordination.
6.The Audit Office supervises the execution units to follow the approval authority and related management methods and procedures, and should carry out risk control and management operations every year, and require each unit to issue a self-assessment report. In addition, according to the risk assessment of the appointed managers, the annual audit plan is formulated accordingly, and audits are conducted regularly and an audit report is issued, which is reported to the Board of Director.
Divisions of the Company → Risk control 1.Responsible for analyzing and monitoring the relevant risks within the affiliated unit, and ensuring the effective implementation of risk management and control mechanisms and procedures.
2.Conduct a self-assessment of risk management activities.
Operational situation

The Company has established a Safety Management System (SMS) in 2009, which provides suggestions and improvement decisions for potential risk factors and assessment of high-risk projects. At the same time, the safety policy and goals are revised in a timely manner according to the current situation. The review will review the Company's various risks and countermeasures.
The Company's "Risk Management Policy" was approved by the Board of Director in Dec. 2020 as the highest guiding principle of the Company's risk management. According to the resolution of the Board of Director, starting from the end of 2020, the Audit Committee and the Board of Director will report on the Company's risk management and control status quarterly. The risk management operation in 2020 has been submitted to the Board of Director report on Feb. 23, 2021.
In 2020, the Company is equipped with SMS training, which includes risk management, training for new employees and irregular personnel retraining, and strengthening the Company's cultural awareness and awareness of operational risks. The Company has a total of 457 people for SMS General Introduction training, and a total of 1,038 people for SMS manual update and study.
In 2021, it has been submitted to the Audit Committee and the Board of Director on Feb. 23, May 4, Aug. 3 and Nov. 2, respectively. The Company's risk assessment items include hazard risk, operational risk, strategic risk, financial risk and the adopted risk control measures.
In 2021, with the SMS training, a total of 117 people have completed the SMS General Introduction training (234 hours), a total of 25 people have completed the SMS General Introduction Recurrent training (25 hours), and a total of 948 people have studied the 12th edition of the SMS Manual (948 hours). In addition, with ISO27001 information security management training, 1,118 person (2,236 hours) of information security awareness education training have been completed.