Issue Date:August 01, 2024
In order to understand the internal and external risks that the company may face, we conduct risk identification to identify the scope of risk management. We continuously monitor potential risks and implement preventive measures based on the latest developments and regulatory requirements in internal audit. This strengthens risk management, enhances crisis response capabilities, and achieves the goal of risk control. By doing so, we aim to promote shareholder value, maintain competitiveness, and establish a foundation for sustainable business operations.
Scope of Risk Management
Risk Management Organization
The "Risk Management Team" integrates various risk management units, under the ESG Committee. The Chief Financial Officer leads the operations of the Risk Management Team, which identifies and manages risk factors according to the Risk Management Policy approved by the Board of Directors in 2020. This ensures more efficient command and control, self-assessment, and execution of the risk management organization. The 2023 operational status was reported to the 11th Board of Directors at the 7th meeting on July 31, 2023.
Implementation
The Company has actively promoted the implementation of risk management mechanisms since 2017. From 2020, the Company has provided regular annual reports to the BOD on the operation. As of July 2023, the Company annually reports to the Audit Committee and the BOD. The Audit Office will also be responsible for submitting risk assessments as part of the annual audit plan and reporting the Company's risk management implementation to the Audit Committee and the BOD. The following shows the implementation from every year:
- The scope, organization, and structure of the risk management were established in 2017.
- The risk management organization was re-structured based on the organizational change in 2018. Each risk management unit was combined into a “Risk Management Team” that is subordinated to the ESG Committee and led by the Chief Financial Officer for identification of risk factors and risk control. This makes the command and control, self-evaluation, and operation of the risk management organization become more efficient.
- The risk detection, analysis, and identification for the risk management had been continuously implemented in 2019. In addition, the emerging risk issues, such as the information security and climate change risk, were included in the management policies for effective control. The Company offered the risk management courses about quality, products, and information security. A total of 253 people attended them with a total of 114 training hours.
- In 2020, the risk management policy of the Company has been developed and approved by the Board of Directors. The Company will continue the risk detection, analysis, and identification for the risk management to enhance the crisis response abilities to prevent and solve them and the ability to quickly recover after crises for effective risk control. Moreover, the Company offered the risk management courses about quality, information security, and climate change. A total of 83 people attended them with a total of 116 training hours.
- In 2021, the Company offered the risk management courses about quality, information security, climate change and RBA. A total of 2,591 people attended them with a total of 3,362 training hours. Furthermore, to enforce the detection, analysis, and identification of risks within the scope of risk management to capture the internal and external risks that the Company will face in business operations, we conducted the biennial risk factor identification at the end of 2021 to achieve advance assessment, countermeasure establishment, and prevention.
- In 2022, we have conducted risk management courses related to risk identification, information security, climate change, and occupational health and safety. These courses include "Safety Risk Identification and Control," "Environmental Issues Identification," "Production Safety Management and Occupational Safety and Health Products Use and Management," "Occupational Disease Prevention and Control," "Handling of Occupational Accidents," and "Information Security." These courses aim to enhance employees' risk awareness. The total number of participants was 2,658, with a total training duration of 1,718 man-hours.
- In 2023, we have offering risk identification, information security, climate change, and occupational safety andhealth-related risk management courses, such as: "Safety Risk Identification and Control," "Environmental Issues Identification," "Production Safety Management and Occupational Safety and Health Products Use and Management," "Occupational Disease Prevention and Control," "Handling of Occupational Accidents," and "Information Security" etc., to enhance employees' risk awareness. A total of 3,784 people participated in the training, with a total of 5,841 personhours of training. Furthermore, to enforce the detection, analysis, and identification of risks within the scope of risk management to capture the internal and external risks that the Company will face in business operations, we conducted the biennial risk factor identification at the end of 2023 to achieve advance assessment, countermeasure establishment, and prevention.
- In 2024, three risk-related issues have been implemented in the company's operations. First, introduce the Task Force on Climate-related Financial Disclosures (TCFD) framework, conduct climate change risk and opportunity identification and impact analysis, and develop energy-saving and carbon-reduction strategies centered on low-carbon products and green operations to mitigate the greenhouse effect. Second, set annual information security management objectives, develop evaluation data based on their characteristics, and use data-driven indicators and standardized processes to propose improvement suggestions for non-compliance or identified risks, and track their implementation. Third, based on the latest risk identification results, monitor potential risks, develop management strategies, and implement preventive measures to strengthen risk management, enhance crisis response capabilities, and achieve the goal of risk control.
Risk Identification
- To implement the detection, analysis, and identification of risk-related issues in the risk management domain, and to grasp the internal and external risks that the Company’s operations may face, a biennial risk factor identification process will be carried out by the end of 2023 with the aim of conducting prior assessments, establishing countermeasures, and taking preventive measures.
- The Risk Management Team listed 40 risk issues for a questionnaire survey: In the first stage, 276 mid-level and above managers were asked to fill out a questionnaire on "The main risks they had faced," "The risks that had occurred in the past 12 months," and "The top five risks they might face in the next three years," to generate the top 20 risk issues. Then, the top 20 risk issues were screened by 20 senior executives participating in the group's senior management meeting to identify Coretronic' top 10 risk issues.
| Top 10 Risk Topics in 2023 | |
|---|---|
| 1 | External factors- geopolitical volatility or material scarcity |
| 2 | External factors- political risks/uncertainties |
| 3 | External factors- rapid changes in market trends |
| 4 | External factors- dramatic changes in technology and industry |
| 5 | External factors- economic slowdown/slow recovery |
| 6 | Information technology- technical/system failure/data center security |
| 7 | Enterprises- unable to innovate or meet customer needs |
| 8 | External factors- disruptive technologies |
| 9 | External factors- intensifying competition |
| 10 | Information technology- network attacks/data breaches |
Risk Assessment
| Topic | Item | Strategy |
|---|---|---|
| Environmental | Climate Change | Support and introduce TCFD, and investigate the financial risks of climate change through the climate change risk questionnaire, and then set and plan annual goals, budgets and plans by the environmental safety and plant management units. After submitting to the Environmental Protection Committee for review, the corresponding plan will be implemented in accordance with ISO 14001 environmental management system, ISO 14064-1 greenhouse gas inventory standard, and ISO 50001 energy management system. In response to the trend of net zero emissions, apart from joining the Taiwan Climate Partnership, making an open commitment to net-zero emissions (carbon reduction by 25% by 2025, 50% by 2030, and net zero by 2050), and actively answering the CDP Climate Change Questionnaire, we have even set the 1.5°C science-based target (SBT) and submitted the commitment letter approved by the SBTi. |
| Green Solutions | The 'Projector Product Green Development Team' and the 'Green Product Research and Development Team,' set the plans of annual goals and budgets. After review and approval, these are introduced into the R&D level, and their execution is regularly reviewed to continue advancing related projects. Additionally, the ISO 14067 product carbon footprint assessment is implemented and passed, using this standard as the basis for future development of green products and the establishment of product carbon footprint assessment platforms. | |
| Human Rights | Friendly Workplace | Created multiple and unfettered two-way communication channels (quarterly labor-management meeting, annual business officer communication meeting) and labor/human rights grievance channels dedicated to building a friendly workplace. |
| Information Security | Taking ISO 27001 as the reference standard, the Company has established an Information Security Committee and formulates information security policies according to the actual management needs of the Company. In response to actual needs and development trends, it formulates corresponding information security strategies and visions to improve the information security protection system. A safe and trustworthy information security environment is thus established through a risk-oriented security protection mechanism, supplemented by continuous training and enhancement of employees’ information security awareness. | |
| Occupational Health and Safety | For occupational safety, the occupational safety unit sets and plans annual goals, budgets and plans, and submits them to the Occupational Safety and Health Committee for review to implement relevant strategies through ISO 45001 and CNS 45001 verification of the occupational safety and health management system. For occupational health, the Health Management Department analyzes the health problems of colleagues through the results of regular health examinations, and plans appropriate health promotion activities. It has also established a group pandemic prevention team for COVID-19 to implement relevant pandemic prevention policies. | |
| Labor and Management Relations | The Company notifies employees four weeks in advance of significant changes to operations that may cause serious impacts on employees. | |
| Governance | Socioeconomic Compliance | By establishing a governance organization and implementing internal control mechanisms, we ensure that all personnel and operations actually comply with relevant laws and regulations. |
