In order to improve corporate governance, implement risk management for business operations, and carry out risk management for uncertainties that may threaten the Company’s operations, the Company’s Sustainability Committee and Board of Directors approved the “Risk Management Policy and Procedures” in August 2023, which mainly include risk management policies and culture, risk management organization structure and responsibilities, risk management processes, risk information disclosure, and risk management aspects in order to effectively control the risks generated from business activities, and to report to the Sustainability Committee and the Board of Directors at least once a year on the status of the operation of risk management in the current year.
Risk management policy and procedure
Article 1 Purpose
To fully establish the Company’s corporate governance plan and implement risk management measures in our business operations, we have formulated management policies and procedures designed to tackle any unforeseeable factors that could potentially threaten our business operations.
Article 2 Risk management objective
The objective of the Company’s enterprise risk management is to manage various risks that may affect the achievement of the Company’s objectives through a comprehensive risk management framework, and by integrating risk management into operational activities and daily management processes, the Company will achieve the following objectives:
- Achieving company goals.
- Enhancing management efficiency.
- Providing dependable information.
- Allocating resources efficiently.
Article 3 Risk Management Policy and Culture
The Company’s risk management policy is to create a business strategy and organizational culture that emphasizes risk management, to establish a comprehensive risk management system, and to involve the Board of Directors of the Company and its subsidiaries, as well as managers and employees at each level, in its joint promotion and implementation. This management process is upheld throughout the Company at all levels. In accordance with the Company’s overall business policy, we define various risks and establish a risk management mechanism for early identification, accurate assessment, effective monitoring, and strict control of potential risks. This is to manage the risks that may arise during operational activities within a controllable range, prevent potential losses, and serve as a reference for the establishment of business strategies with the aim of reasonably ensuring the achievement of the Company’s strategic goals.
Article 4 Risk management organization structure and responsibility
- Board of Directors:
As the top supervisory unit for the Company’s risk management, it ensures that the Company complies with the law, approves the Company’s risk management policies and procedures based on the overall business strategies and business environment, and establishes the risk related organization structure to ensure the risk management mechanism is effectively implemented.
- Sustainable Development Committee:
The Company has established the Sustainable Development Committee under the Board of Directors as the highest advisory body for the Company’s risk management The Executive Office under the Sustainable Development Committee has the responsibility of managing risks. It is responsible for analyzing and monitoring the relevant risks of each business unit to ensure the successful implementation of risk control mechanisms and procedures.
- Executive Office:
The Corporate Social Responsibility and Corporate Governance Committee is accountable for executing, promoting, and coordinating the risk management activities of the Company. This involves organizing risk management meetings, supporting the Sustainable Development Committee in developing risk management policies and procedures, sharing risk information with different business units, and compiling and incorporating risk management reports from designated business units, as directed by the Sustainable Development Committee.
- All Business Units:
Each business unit serves as a participant in the Risk Management Meeting and bears the responsibility of executing its own risk prevention plan, including risk identification, risk analysis, risk assessment, risk response and control, as well as self-monitoring. Each business unit shall report the status of the implementation of risk management for each type of risk to the Sustainability Committee on a regular basis or as requested by the Sustainability Committee and consolidated by the Executive Office.
- Auditing Office:
Regularly reviews the implementation of internal controls and audit plans in each business unit in accordance with the risks monitored by the subcommittee of the Corporate Governance and Sustainable Development Committee, and submits follow-up improvement reports based on the audit results.
Article 5 Risk management process
To optimize risk management functionality, the Company’s risk management process includes five key elements: risk identification, risk analysis, risk assessment, risk response, and supervision and review mechanisms. This allows the scope of each risk to be clearly understood and appropriate measures to be taken to ensure the proper management of relevant risks, so that limited resources can be efficiently allocated to relevant risk management activities.
- Risk identification:
(1) The Company should identify internal and external risk factors and use appropriate and feasible methods to consolidate past experiences and predict potential future risks. This will allow for classification and further evaluation, monitoring and management of risks.
(2) The c=Company has identified various risk categories, including but not limited to governance risk, operational risk, strategic risk, financial risk, hazard event risk, legal compliance risk, information security risk, and climate risk. Each business unit conducts risk management in line with its functions and responsibilities, while consistently monitoring global and domestic risk management developments to recognize emerging risks.
- Risk analysis:
After identifying potential risk factors for each business unit, the Company analyzes the likelihood and negative impact of their occurrences to comprehensively understand their impact on the organization and create the basis for risk management.
- Risk assessment:
The Company prioritizes risk events based on comparing the results of risk analysis with risk tolerance. We then use the results as a reference for subsequent response actions.
Each business unit should compare the results of the risk analysis with the risk appetite approved by the Sustainable Development Committee, and plan and implement subsequent risk response measures according to the level of risk.
The results of relevant risk analysis and assessment should be accurately recorded and submitted to the Sustainable Development Committee for approval.
The Company shall establish appropriate risk response plans, ensure that they are fully understood and implemented by relevant personnel, and monitor the implementation of such plans on an ongoing basis.
The Company should consider its strategic goals, the viewpoints of internal and external stakeholders, risk appetite, and available resources to select a risk response approach that balances achievement of objectives and cost-effectiveness.
Each business unit shall submit risk management statements in a timely and proactive manner to the Executive Office of the Sustainable Development Committee on a regular basis for compilation and reporting to the Sustainable Development Committee. The implementation of risk management operations is reported to the Board of Directors at least once a year by the Convener of the Sustainability Committee or his/her designee.
Risk supervision and review:
The risk review and supervision mechanism should be well-defined within the risk management process to review risk management procedures and assess the effectiveness of related risk measures. Additionally, it should incorporate relevant results into performance measurement and reporting.
Risk management should be integrated into crucial processes within the organization to ensure effective supervision and to increase the benefits of the implementation of risk management.
(1) Each risk factor is displayed in Annexed Table I. Any further risk factors can be added to the “Other” category of the risk consideration level without the approval of the Board of Directors. Each business unit should monitor its risk exposure and promptly report the risks and strategies to the Executive Office of the Sustainable Development Committee. This will aid in the implementation of risk management measures (risk acceptance/risk avoidance/risk reduction/risk transfer). Additionally, it will enable tracking and evaluating the execution status after the implementation of risk management measures.
Article 6 Risk information disclosure
In addition to disclosing relevant information in accordance with regulatory requirements, the Company should also disclose risk management information on its annual report or website.
Article 7 Amendment to risk management policies
The Executive Office of the Sustainable Development Committee should review this risk management policy annually and keep up-to-date with the progress of international and domestic risk management systems. By reviewing and enhancing this policy, we can boost the efficiency of risk management implementation for the Company and its subsidiaries.
Article 8 The risk management policy and procedures undergo review and approval by the Sustainable Development Committee before being ratified by the Board of Directors. This process also applies to any revisions made.
Article 9 The operation procedure was established on August 3, 2023.
Sitronix Technology Corp.
Risk management scope
Annexed Table I
|Risk of insufficient information disclosure
|Directors’ and Managers’ Management Responsibility Risks
|Major internal regulations
|Integrity in business operations
|Damage on reputation/brand
|Lack of innovation/failure to meet customer needs
|Intellectual property rights/loss of data
|Execution or strategic communication less than expected
|Computer crime/Hackers/Malware viruses
|The system and facilities are unable to meet business needs.
|Technology/System malfunction/Data center security
|In response to the strategy
|External Industry Changes
|External technological changes
|Internal business model changes
|Market demand and production capacity expansion
|Domestic and international policy and legal changes (Trade protectionism)
|Organization structure adjustment
|Supply chain disruption and management
|Over-concentration of purchases/sales
|Property equipment damage
|Product defect recall
|Responsibility of outsourcing / associate vendor
|Research and development technology
|Over/under inventory level
|The product’s functionality and performance meet the specification requirements
|Interest rate, exchange rate, currency inflation
|Volatility risk in short-term financial markets and instruments
|Operational regulation and management risk of long-term investments in investee companies
|Capital credit and solvency
|High-risk/high-leverage financial investments, derivative trading
|Asset value fluctuation
|Talent development management (recruitment/retention/nurturing)
|Difficulty in attracting and retaining employees
|Workplace harassment/Discrimination/Gender equality
|Insufficient manpower/Labor shortage
|Immoral behavior/Crime, theft and fraud
|Poor safety protection and emergency response
|Other human mismanagement or errors
|Occupational safety and health hazards
|Risk of widespread infectious disease
|Government corruption/administrative delays
|Climate change and natural disasters
|Climate change/Extreme climate/Droughts and floods
|Climate change/Extreme climate/Droughts and floods
|Greenhouse gas emissions, energy consumption standards change
|Change in international and local environmental regulation
|Net zero carbon emission/Carbon neutrality/Green power adoption
|Military conflicts, trade wars, civil wars, embargoes, economic sanctions, tariff barriers, regime changes, religious conflicts, racial conflicts, financial crises, etc.
|External factor risk
|The risks that are not part of the above, but would cause the Company to incur significant losses, such as emerging risks, policy and regulatory adjustments, and other major external hazards.