8.5.1 Risk Management Policy and Strategy
VisEra upholds its corporate vision and sustainability commitments to the industry and society and established the Enterprise Risk Management (ERM) mechanisms. The Board of Directors established the "Risk Management Policies and Procedures" in 2021 and revised in August 2023.as the top guiding principles for the Company's risk management. VisEra established the "Risk Management Steering Committee" in which the President serves as the chair and the highest ranking officer of the Resource Planning Organization serves as the Executive Secretary to take charge of the formulation of corporate sustainability development strategies and plans. We implement identification of risks and risk scenarios, risk level assessment, preventive measures, and contingency measures with business continuity management procedures. We also implement compliance management with specific actions and training exercises.
Corporate risk management strategy
8.5.2 Risk Management Organization and Operations
The Company's risk management organization consists of the Risk Management Steering Committee, Risk Management Implementation Committee, and risk management team. We use a management framework of risk identification, risk assessment, risk management, risk mitigation, risk response, risk monitoring, and risk reporting to define risk management priorities and risk ratings and adopt corresponding risk management actions. In 2023, 16 risk projects were identified during the reorganization and consolidation, and 113 risk scenario responses were derived from the risk projects. A risk matrix (Risk Map) was used to evaluate the frequency of risk events and the severity of the impact on Company's operations. Definition Risk priorities and risk levels to adopt corresponding risk management strategies.
Among them, six risk items are listed as major risks, including the continued risk to customer satisfaction caused by the production line operation, the large yield loss caused by the production line and suppliers, the order risk of geopolitical extension, stricter environmental requirements, and information system service interruption, and transformation risks during the ESG transition. We conduct training and exercises with risk scenarios, impact identification, development of prevention mechanisms, and response plans for accidents. The Risk Management Implementation Committee oversees operations and conducts compliance checks to ensure that the significant risks are managed or mitigated.
We hold regular meetings of the risk management team to implement risk management mechanisms. Each unit reviews the business continuity risks of its operations at least once each quarter, including the changes in risks and new or derived emerging risks to respond to overall external changes. They use the results to review response measures and specific actions. The ERM Implementation Committee reviews the risk management status and estimates the risk trends for the next quarter every quarter. It reports the risk management results to the Board of Directors once each year. The implementation status of risk management in 2023 was reported to the board meeting in the third quarter of 2023.
Note: For the organizational chart of the enterprise risk management working group, please refer to VisEra’s official website/Corporate overnance/Risk Management.
In order to reduce the impact on the company's operations when a crisis event occurs, enterprise risk management also conducts pre-crisis risk assessments for important crisis events, identifies feasible strategies to prevent crisis events, and formulates crisis handling procedures and recovery plans based on crisis events. For enhance the crisis management awareness and strengthen the risk management culture within Caiyu Company, a risk management working group was established to deal with important crises such as fires, earthquakes, information system service interruptions, information security, supply chain interruptions, major yield losses, and water and electricity supply interruptions. Incidents strengthen risk assessment and crisis response drills, and use crisis response drills to review the integrity of corporate risk management and the effectiveness of risk control to continuously improve and reduce corporate risks.
In order to achieve the enterprise risk management goal of "0 days of production interruption due to climate, disaster, and manpower shortage factors", Caiyu Company will analyze the production interruption that may result from supply chain management, information security management, and environmental, safety and health risk scenarios in 2023. Prioritize prevention and improvement. In supply chain management, we strengthen the selection of backup suppliers of key raw materials/parts and incoming materials/inventory management to ensure the stability of the supply chain, and improve suppliers' environmental, safety and health compliance through supplier environmental, safety and health workshops. Sexual awareness and responsibilities and obligations; in terms of information security management, the six major aspects of cloud security, external network (Demilitarized Zone, DMZ) security, information security governance, office area security, data center security, and production line and supplier security are strengthened. Maintain the stability of the company and production operations. During the post-2023 epidemic period, we will also strengthen the prevention of production operation interruptions and conduct continuous management drills for the entire factory operation. With precise risk prevention and control, the enterprise risk management goals will indeed be achieved in 2023.
In the 2024 enterprise risk management planning, risk management workshops will be used to consult the management and executive levels respectively on the short-term, medium-term and long-term issues of the company's risk management, and continue to identify and evaluate the impact of relevant events on the company's operating activities. for response and impact prevention.
8.5.3 Establishment of a Risk Culture
To effectively establish the Company's risk culture and increase employees' risk awareness, all new employees of the Company must complete the "ISO 22301 (Business Continuity Management System Overview)" online course within one week of reporting for duties. For internal auditors responsible for the Company's Business Continuity Management System, we provide the internal auditor courses for the ISO 22301 Business Continuity Management System or BCM/ISO22301 education and training.
In the 2023 annual management review meeting, the Risk Management Committee will arrange for risk management committee members of each unit to share risk-related topics in accordance with their responsibilities, including sharing of continuous operation management drills, supply chain management, the impact of geopolitics on order and customer management, and ESG transformation risks. , competitive risks - new processes and technologies introduce risk management, etc. to strengthen the construction of risk culture, and gradually implement risk management culture in work through cross-department work sharing and discussions.
Note 1: The training targets new employees does not include technical personnel and contractors.
Note 2: The introduction to ISO 22301 course included online tests which participants must pass before they complete training.
Note 3: The 2021 ISO 22301 Business Continuity Management System internal auditor course is a professional course for external instructors. Those who obtain the training certificate after the training can serve as the company's ISO22301 internal auditors. There are currently 32 valid certificate holders.
Note 4: The new ISO BCM/ISO22301 education and training in 2023 is a professional course for external lecturers. Those who complete this course can serve as the company's ISO22301 internal auditors. There are currently 18 people who have completed the training.