To safeguard the interests of shareholders, implement sustainable development, fulfill the corporate governance, the management strategic and goals, and ensure the effectiveness, completeness and reasonableness of the risk management in relation to Phison Electronics Corporation and its subsidiaries, the Company establish the Risk Management Committee in November 2021 to serve as one of the functional committees under the board of directors. This committee regularly reports to the board of directors on its operations once a year.
The Risk Management Committee is the organization that comprehensively manages risk management activities. It consists of at least three members, one of whom serves as the convener, and at least more than half of the members are independent directors. All members have professional background in law, accounting or technology.
Organizational structure and responsibilities Risk Management
1. Board of Directors
The board of directors is responsible for the approval of the Policy, supervising the Company's existing or potential risks, and making reasonable resource allocation to ensure effective risk management and control.
2. Risk Management Committee
The Risk Management Committee is the organization that comprehensively manages risk management activities. It consists of at least three members, one of whom serves as the convener, and at least more than half of the members are independent directors. The executive secretariat is established therefrom and its responsibilities are as follows:
Formulate relevant risk operation methods, establish risk management standards, and regularly review the implementation of the Company's risk management mechanism, risk category assessment and the matters of improvements.
Execute the risk management decisions made by the board of directors, and regularly review the Company's development, establishment, and implementation effectiveness with respect to its overall risk management mechanism.
Approve risk response strategies and action plans, and require all risk management authorities of the Company to effectively identify, measure, supervise and control various risks.
Hold Committee’s meetings at least once a year.
Review and integrate the Company's risk management and control reports, and report the implementation of risk management to the board of directors at least once a year.
3. Executive Secretariat
Executive Secretariat is responsible for the implementation, promotion and coordination of the Company’s risk management activities, including arranging Committee’s meeting affairs, assisting the Committee in formulating risk management policies and procedures, communicating risk information with various operating units, collecting and integrating risk management reports of various operating units, etc. and matters designated by Committee.
4. Each Operating Unit
Each operating unit is responsible for implementation of the risk plan of such unit, including risk identification, risk analysis, risk assessment, risk response and control, and self-supervision. Each operating unit shall report to the Committee the implementation status of risk management related to various risks, on a regular basis or when required by the Committee.
Risk Management Scope
The Company shall comprehensively evaluate the possibility and impact of various risks of daily business activities, and adopts appropriate countermeasures to continuously improve and reduce corporate risks. The Company's business risks can be categorized as operating risks, market risks, operational risks, information security risks, climate change risks, environmental security risks, risks of stable supply related to electricity and water resources, legal infectious disease risks, and other business-related risks. In order to ensure that various risks are controlled within a tolerable scope, the Company should set up summary and management indicators of various risks, which are regularly monitored by each operating unit.
Members of Risk Management Committee
Major (Education) Past Positions
Huei Ming Wang
Master of Industrial Management from Chung Hua University
Director of Moores Rowland CPAs
Yu Lun Huang
Associate Vice President for Academic Affairs
Director, Center for Teaching and Learning Development
Director, Center for Continuing Education and Training
Associate Professor, Department of Electrical and Computer Engineering
Secretary-in-General, Taiwan Open Course and Education Consortium
Senior Assistant and Chief Operating Officer
Antonio Yu (Convener)
Master of Risk Management, National Chengchi University
Legal supervisor, United Epitaxy Company
Legal manager, Phison Electronics Corp.
Spokesman, Phison Electronics Corp.
Senior special assistant, Phison Electronics Corp.
There are 3 members in the Risk Management Committee.
The term of the members of this committee is based on the principle of matching the term of the directors, and may be re-elected. The terms of this section of Risk Management Committee: May 31, 2023 to May 30, 2026
On January 18, 2024, the Risk Management Committee reported the risk management results of 2023 and the work plan for 2024 to the Board of Directors.
2023 work focus：
Materiality to company
Risk management and control results
Supply chain management
Early warning to prevent the risk of material shortage.
Make early warnings for long lead time materials to reduce inventory costs.
Implement emergency investigation and short-,medium-, and long-term risk assessment: Short-term risk assessment assesses the risks associated with the inventory level of suppliers, the ability of agents to allocate and mobilize products, replacement with substitute materials, rush purchase on the spot market, product origin investigation, and capacity investigation. Medium- and long-term assessment assesses the potential risks that suppliers determine the abnormalities will have on their company by inferring from the abnormalities' extent of worsening and impact presumed by them.
An emergency response meeting may be convened by the head of the procurement staff whenever needed; the extent of impact as indicated in the emergency investigation results may serve as a reference for response to be made by the relevant units.
Inventory management: Have the RD/PM confirm whether the materials not in use for long can be changed to other commonly used materials to increase commonality or resell.
Lead time management: Negotiate on long lead time materials, communicate to bring the lead time back to a normal length of time, and identify NCNR, LTA, Cancellation Day, and forecast supplies, to effectively shorten the lead time.
Cyber-attacks and information outflow will affect the protection of internal and external intellectual information, causing serious problems such as interruption of company operations, financial damage, or illegal breach of contract. In the long run, it will cause major damage to goodwill and customer relationships, and affect the foundation of sustainable development of the company.
Important information system obtains ISO 27001 certification.
Manage mobile storage devices.
Set up a firewall and conduct relevant information security education and training to continue educating employees about information security concepts.
Frequently scan for vulnerabilities to constantly upgrade and strengthen our information protection system.
Conduct internal information security audits at least once a year, followed by external audits by third-party certification agencies.
Perform information system recovery mechanism drills to test the effectiveness of our information system recovery procedures to ensure that the Company's system can continue to operate even if subject to natural disasters or malicious attacks.
Climate change management
Water Rationing /Outage
Water rationing and water outage will hinder operations, prevent the cooling of the temperature of the engine and testing equipment, and disrupt the work of personnel.
Establish a water level situation monitoring mechanism.
Modify the supply pipelines of city water, and modify them to the effect that they can supply water to equipment and machinery whenever needed.
Electricity outage, whether due to power cut or a tripping circuit breaker, interrupts the operation of critical machine rooms and machinery, and may jeopardize personnel safety.
Implement generator operation test every month.
Regular maintenance of UPS every season.
Purchase oil pumps and empty oil drums.
In the future, if operations continue to scale up or the government revises down the emission threshold, the Company must bear additional carbon cost. Brand customers will also respond to the international requirement on disclosure of carbon information by demanding the Company to provide relevant data and adopt response measures.
Factories continue to implement carbon inventory and energy conservation and carbon reduction projects every year.
Purchasing renewable energy certificates.
Inventory the carbon footprint of major products gradually, gather relevant data, and grasp the carbon hot spots during a product’s life cycle.
Local labor market manpower is not sufficient enough to underpin the development of the industry and the Company, and costs higher with increased competition.
We'll aggressively hire overseas compatriot students who study in Taiwan in the hope of attracting more exceptional international talent.
Reference the survey in the industry to constantly improve the attractiveness of employee welfare and salary.
Launch improvement projects based on the results of the employee opinion survey; maintain clear and effective labor-management communication channels; so as to enhance employees' recognition for the Company.
Provide new skills training diversity the portfolio of occupational competencies among existing talents, so that they are more aligned with the Company’s business direction in the future.