Risk Management Policies and Procedures
To ensure the robust operating performance and sustainable development of the Company, various risks were defined based on the Company’s operating strategies and objectives. Potential losses shall be restricted within the tolerable range, and an overall risk management organization framework and risk management mechanism shall be established.
The “Guidelines for Risk Management” of the Company were approved by the Board of Directors on December 27, 2013, as the top guiding principles of the Company’s risk management. On December 24, 2018, Guidelines for BCP Risk Control Procedures were promulgated and amended. The Company regularly assesses risks annually, and promulgates risk management policies for each type of risk covering management objectives, organizational structures, accountability, and risk management procedures to effectively identify, measure, and control the Company’s various risks arising from business activities and restrict them within a tolerable range.
I. Important Risk Categories
Overall, the risks the Company may encounter are divided into the following five categories:
[Strategic Risks] The impact on the Company’s financial business due to changes in the overall domestic and foreign economic situation, and/or important policies and laws.
[Operational Risks] Including risks of sales concentration, procurement concentration, legal regulations, talent recruitment and retaining, and impacts of technological and industrial changes, etc.
[Financial Risks] Interest rate changes, exchange rate changes, inflation, deflation, as well as impacts on the Company’s profits and losses due to policies for high-risk/high-leverage investment, capital loans to other parties, endorsements, and derivative commodity transactions.
[Information Security Risks] The risks of information disclosure of the Company’s major operating information, personal data, and/or client data required to be protected under contract provisions due to computer viruses, hacking, and/or various internal and external information security threats.
[Other Risks] Risks that are not specified in Subparagraphs 1 to 4 of the preceding Paragraph, such as climate change or environmental protection agreements, are expected to have a certain level of impact on the Company’s financial and business performance.
II. Organizational Structure
III. Mechanism for Risk Management
|Organizations for Risk Management||Responsibilities|
|Board of Directors||The top unit of risk management, with the goal of complying with laws and regulations, promoting and implementing the Company’s overall risk management, ensuring the effectiveness of risk management, and assuming the overall responsibility for risk management.|
|Department of Finance||Establish a high-efficiency and high-quality financial platform to provide transparent and credible financial information, operation analysis, and improvement plans. Adopt strict control, and legal tax planning, credit risk control, and financial crisis prediction models to mitigate corporate risks.|
|Audit Office||Review the existing or potential risks of each operation based on the risk-oriented annual audit plans. Assume the responsibility for the revision and promotion of the internal control system to ensure that the Company can implement effective operation risk management.|
|Department of Information Technology||Plan and improve the Company’s information management system, assume the responsibility for network information security control and protection measures, and provide management levels with fast and effective operation management information to mitigate information security risks.|
|Business Units||The head of each business unit is responsible for the front-line risk management, analyzing and monitoring the relevant risks in the respective unit to ensure that the risk control mechanism and procedures are being effectively implemented.|
|Risk Management Mechanisms||Levels||Responsibilities for Risk Management and Control|
|First-tier Mechanism||Business Units and
|Initial detection, assessment, and control of risks|
|Second-tier Mechanism||Operational Meetings or
|Feasibility assessment and various risk assessment|
|Third-tier Mechanism||Board of Directors
|The Audit Office is responsible for risk inspection, assessment, supervision, and improvement tracking, summarizes the implementation of risk management of various departments within the Company, and timely provide company risk management reports to the Board of Directors and the Audit Committee.
The Board of Directors and the Audit Committee are responsible for the decision-making and final control of risk assessment and control.
IV. Operation Status
The “Guidelines for Risk Management” of the Company were approved and promulgated by the Board of Directors on December 27, 2013. Since then, the Company has actively promoted the implementation of risk management mechanisms and reported to the Board of Directors the tables for risk assessment analysis and operation status on an annual basis. The data from the risk assessment analysis table would be used as the focal points for the audit of the coming annual period year.
Annual key operation status over the years and respective analysis of risks:
In December 2013, the “Guidelines for Risk Management” were promulgated.
In 2014, the “Risk Assessment Analysis Form” and the “Risk Factor Weight Table” were included in the important risk review indicators of the audit plans.
In 2017, the “Self-assessment Report of Internal Control” and “Annual Audit Findings” and other operational risk loss data were collected and included in the important risk review indicators of the audit plans.
In December 2018, the “Guidelines for BCP Risk Control Procedures” were promulgated.
In 2021 (The Annual Operation Status)
The Company at the Audit Committee meeting held on December 29, 2021, reported on the ever-changing risk environment currently faced by the Company, risk management priorities, risk assessment, and relevant measures based on “Key Risk Assessment Analysis Form for 2021” and the “Audit Plans for 2022”. (See the Table below)
|Key Risks||Potential Risks||Risk Level %||Risk Management Type||Current Management Approaches||Enhancement and Improvement Approaches||Implementation Status|
|Operational Risk||Risk of poor project progress control||25||(2)Mitigation||1. Enhance professional training.
2. Enhance the capability to control the current market conditions.
3. Enhance the capabilities and resilience of project managers on the comprehensive planning of the work process at each stage.
4. Enhance the capabilities of project managers to control the schedules and risks of projects.
|1. Enhance the communication with the business units, confirm that the R&D resources are distributed to the projects required for business, and prioritize the projects based on the priority of clients’ demands.
2. Clearly define the job responsibilities of RDs to ensure that each RD can be utilized upmost in the project to improve efficacy. Supporting works are done by non-RD engineers to improve efficiency.
3. Introduce the Issue tracking system to allow the project progress tracking.
|1. Track and support project progress with R&D professional platform and weekly meetings|
|Operational Risk||Risk of the R&D data breach||20||(1)Avoidance||Introduce the Data Loss Prevention system, and use the file encryption right after saving to prevent a data breach.||In addition to the protection of the DLP system, the Company also has full control of the access of USBs of all computers to prevent the risk of a data breach.||Various firewalls and file encryption operations within the Company have been enhanced and the use of USB has been completely prohibited.|
|Operational Risk||Risk of the outflow of talents||12||(2)Mitigation||1. Development programs for key talents
2. Provide a good workplace environment
3. Employees care
4. Succession plans
5. Recommended graduates from VTESC
6. College graduates or undergraduates recommended by faculties of relevant departments
|1. TTQS promotion Program for talents
2. Provide a complete and fair promotion system
3. Design creative recruitment ads
4. Contact college professors and VTESC staff closely.
|1. Enhance the functions of the education and training platform and improve the education and training courses
2. Brand marketing of MACHVISION SPORTS
3. The areas from the 1st to 6th floors have been renovated and improved to provide a more comfortable work environment
|Information Security Risk||*Environmental risk (5%)
Floods, fires, earthquakes...
|10||(2)Mitigation||Off-site backup||Off-site backup||Regularly review information security content, increase remote backup mechanisms and prevent data loopholes|
On Aug 3, 2021, the Company provided education and training to the department heads and Directors to understand the standards of BCP Risk Control Procedures to enhance their awareness of the importance of risk control.
|2021.8.3||All Directors / 6F||30 min||9 persons
(1 person for video)
|2021.8.3||All heads of all departments / B1 Restaurant||30 min||25 persons|