Risk Management

Risk Management Organization and Operations

The Company’s risk management organization consists of the Risk Management Steering Committee, Risk Management Implementation Committee, and risk management team. We use a management framework of risk identification, risk assessment, risk management, risk mitigation, risk response, risk monitoring, and risk reporting to define risk management priorities and risk ratings and adopt corresponding risk management actions. We identified 21 risk items in 2022 and derived 87 risk scenarios from the risk items. We evaluated the frequency of risk events and the severity of their impact on VisEra’s operations with a Risk Map, defined the priority and risk level, and adopted corresponding risk management strategies. We listed six risk items as significant risks. They include supply chain disruption, significant reduction of yield rate caused by production lines and suppliers, information security vulnerabilities, information service disruptions, more stringent environmental protection requirements, and epidemics (COVID-19). We conduct training and exercises with risk scenarios, impact identification, development of prevention mechanisms, and response plans for accidents. The Risk Management Implementation Committee oversees operations and conducts compliance checks to ensure that the significant risks are managed or mitigated.

We hold regular meetings of the risk management team to implement risk management mechanisms. Each unit reviews the business continuity risks of its operations at least once each quarter, including the changes in risks and new or derived emerging risks to respond to overall external changes. They use the results to review response measures and specific actions. The ERM Implementation Committee reviews the risk management status and estimates the risk trends for the next quarter every quarter. It reports the risk management results to the Board of Directors once each year. The implementation status of risk management in 2022 was reported to the board meeting in the third quarter of 2022.

Risk management organization structure

 Scope of risk management

We implement pre-crisis risk assessment for critical crisis events and identify feasible strategies for crisis prevention in our risk management to reduce the impact of crises on the Company’s operations. We also developed crisis management procedures and recovery plans for each type of crisis. We set up a risk management team to increase the crisis management awareness and strengthen the risk management culture of VisEra. We target important crises such as fires, earthquakes, information system service disruptions, information security, supply chain disruptions, significant reduction in yield rate, and water and electricity supply disruptions to strengthen risk assessment and crisis response exercises. We also use crisis response exercises to review the integrity of enterprise risk management and the effectiveness of risk controls to implement continuous improvements and reduce enterprise risks.

To achieve the corporate risk management goal of zero production disruptions due to climate, disaster, and labor shortage factors, VisEra prioritized enhancing preventive measures in supply chain management, cybersecurity management, and the risk scenario of epidemics such as COVID-19 in 2022. In supply chain management, efforts were made to strengthen the selection of backup suppliers for critical materials/components and to enhance inventory management to ensure supply chain stability. In terms of cybersecurity management, focus was placed on six key areas: cloud security, external network (Demilitarized Zone or DMZ) security, cybersecurity governance, office area security, data center security, and production line and supplier security to maintain stability in company and production operations.

Amidst the severe COVID-19 pandemic, VisEra established an epidemic prevention committee and adjusted epidemic prevention policies on a rolling basis. Resources were allocated to develop epidemic management systems and temperature recording systems to enhance employee and vendor epidemic investigation and health management. Backup manpower control and business continuity plans were implemented in production units to avoid production disruptions caused by personnel isolation during the pandemic.

Through precise risk prevention and control measures, the corporate risk management goal was successfully achieved in 2022.

In the enterprise risk management plan for 2023, in addition to the existing 21 risks, considerations for geopolitical factors and ESG development have been added. This is done at a company-wide level and perspective, continuously identifying and assessing the impact of relevant events on the Company’s operational activities. The aim is to develop response strategies and prevent potential disruptions.