Issue Date:July 28, 2022
 

The Company has established the “Risk Management Policy”, which was approved by the Board of Directors in 2020 as the highest guiding principle for the Company's risk management. Our management philosophy is "technology-based, sustainable management". In order to command the economic, social and environmental risks that the Company may face in its operations, the risk management team conducts risk factor identification to differentiate the relevant risks that may affect the sustainable development of the Company, defines risk management scopes, and monitors potential risks and implements preventive measures in accordance with the requirements of the latest internal audit development and standards in order to strengthen risk management, enhance crisis response capability, and achieve the goal of risk control, thereby promoting shareholder value, maintaining competitiveness, and laying the foundation for sustainable management.

Risk Management Team

The “Risk Management Team” led by the CFO integrates all risk management units under the ESG Committee to identify risk factors and control risks to make the command, dispatch, self-assessment, and duty implementation of the risk management organization more efficient. The risk management organizations at all levels and their duties as follows:

Implementation

Since 2017, the Company has actively promoted and put into practice a risk management mechanism. Since 2020, it has reported its implementation to the Board of Directors once every year. The reporting was performed on July 27, 2020. The following shows the implementation from every year:

  • The scope, organization, and structure of the risk management were established in 2017.
  • The risk management organization was re-structured based on the organizational change in 2018. Each risk management unit was combined into a “Risk Management Team” that is subordinated to the ESG Committee and led by the Chief Financial Officer for identification of risk factors and risk control. This makes the command and control, self-evaluation, and operation of the risk management organization become more efficient.
  • The risk detection, analysis, and identification for the risk management had been continuously implemented in 2019. In addition, the emerging risk issues, such as the information security and climate change risk, were included in the management policies for effective control. The Company offered the risk management courses about quality, products, and information security. A total of 253 people attended them with a total of 114 training hours.
  • In 2020, the risk management policy of the Company has been developed and approved by the Board of Directors. The Company will continue the risk detection, analysis, and identification for the risk management to enhance the crisis response abilities to prevent and solve them and the ability to quickly recover after crises for effective risk control. Moreover, the Company offered the risk management courses about quality, information security, and climate change. A total of 83 people attended them with a total of 116 training hours.
  • In 2021,  the Company offered the risk management courses about quality, information security, climate change and RBA. A total of 2,591 people attended them with a total of 3,362 training hours. Furthermore, to enforce the detection, analysis, and identification of risks within the scope of risk management to capture the internal and external risks that the Company will face in business operations, we conducted the biennial risk factor identification at the end of 2021 to achieve advance assessment, countermeasure establishment, and prevention.

Risk Identification

  • The Risk Management Team listed a total of 35 risk issues in the questionnaire. At stage 1, 230 intermediate and senior officers answered the questionnaire in terms of “principal risks faced in the past”, “risks occurred in the last 12 months”, and “the top 5 risks that may occur in the next 3 years” to locate the top 20 risk issues. At stage 2, 31 officers participating in the senior management meeting screened the top 10 risk issues that Coretronic faced among the said top 20 risk issues.
  • In 2022, we will assess the potential counteractions for the top 3 risk issues, draw up management strategies, and implement risk control.
Top 10 Risk Topics in 2021
1 External factors – the rapid changes in technology and the industry
2 Operations – discontinuity of the supply chain
3 Human Resources - difficult to attract and retain employees
4 Enterprise – lack of innovation/unable to fulfill customers' needs
5 External factor – Pandemic Spread / Health Hazard
6 External factor - economic downturn/slow recovery
7 External factor - increase of competition
8 Human Resources – lack of employees
9 External factor – political risks / uncertainty
10 Enterprise – implementation or strategy communication failure

Risk Assessment

Topic Item Strategy
Environmental Climate Change Investigate the financial risks of climate change through the climate change risk questionnaire, and then set and plan annual goals, budgets and plans by the environmental safety and plant management units. After submitting to the Environmental Protection Committee for review, the corresponding plan will be implemented in accordance with ISO 14001 environmental management system,  ISO 14064-1 greenhouse gas inventory standard,  and ISO 50001 energy management system.
Social Labor-management Relations Conducted through diverse and smooth two-way communication channels, e.g: holding quarterly labor-management meetings and annual business executive communication meetings to strengthen labor-management relations. 
Occupational Health and Safety For occupational safety, the occupational safety unit sets and plans annual goals, budgets and plans, and submits them to the Occupational Safety and Health Committee for review to implement relevant strategies through ISO 45001 verification of the occupational safety and health management system. For occupational health, the Health Management Department analyzes the health problems of colleagues through the results of regular health examinations, and plans appropriate health promotion activities. It has also established a group pandemic prevention team for COVID-19 to implement relevant pandemic prevention policies.
Information Security Taking ISO 27001 as the reference standard, the Company has established an Information Security Committee and formulates information security policies according to the actual management needs of the Company. In response to actual needs and development trends, it formulates corresponding information security strategies and visions to improve the information security protection system. A safe and trustworthy information security environment is thus established through a risk-oriented security protection mechanism, supplemented by continuous training and enhancement of employees' information security awareness.
Governance Socioeconomic Compliance By establishing a governance organization and implementing internal control mechanisms, we ensure that all personnel and operations actually comply with relevant laws and regulations.