To safeguard the interests of shareholders, implement sustainable development, fulfill the corporate governance, the management strategic and goals, and ensure the effectiveness, completeness and reasonableness of the risk management in relation to Phison Electronics Corporation and its subsidiaries, the Company establish the Risk Management Committee in November 2020 to serve as one of the functional committees under the board of directors. This committee regularly reports to the board of directors on its operations once a year.
The Risk Management Committee is the organization that comprehensively manages risk management activities. It consists of at least three members, one of whom serves as the convener, and at least more than half of the members are independent directors. All members have professional background in law, accounting or technology.
Organizational structure and responsibilities Risk Management
1. Board of Directors
The board of directors is responsible for the approval of the Policy, supervising the Company's existing or potential risks, and making reasonable resource allocation to ensure effective risk management and control.
2. Risk Management Committee
The Risk Management Committee is the organization that comprehensively manages risk management activities. It consists of at least three members, one of whom serves as the convener, and at least more than half of the members are independent directors. The executive secretariat is established therefrom and its responsibilities are as follows:
Formulate relevant risk operation methods, establish risk management standards, and regularly review the implementation of the Company's risk management mechanism, risk category assessment and the matters of improvements.
Execute the risk management decisions made by the board of directors, and regularly review the Company's development, establishment, and implementation effectiveness with respect to its overall risk management mechanism.
Approve risk response strategies and action plans, and require all risk management authorities of the Company to effectively identify, measure, supervise and control various risks.
Hold Committee’s meetings at least once a year.
Review and integrate the Company's risk management and control reports, and report the implementation of risk management to the board of directors in a timely manner.
3. Executive Secretariat
Executive Secretariat is responsible for the implementation, promotion and coordination of the Company’s risk management activities, including arranging Committee’s meeting affairs, assisting the Committee in formulating risk management policies and procedures, communicating risk information with various operating units, collecting and integrating risk management reports of various operating units, etc. and matters designated by Committee.
The Company’s Corporate Sustainable Development Committee is the auditor of the Committee. Auditor shall base on the spirit of independence to audit the Company's risk management affairs at least once a year, and report the audit situation to the board of directors.
5. Each Operating Unit
Each operating unit is responsible for implementation of the risk plan of such unit, including risk identification, risk analysis, risk assessment, risk response and control, and self-supervision. Each operating unit shall report to the Committee the implementation status of risk management related to various risks, on a regular basis or when required by the Committee.
Risk Management Scope
The Company shall comprehensively evaluate the possibility and impact of various risks of daily business activities, and adopts appropriate countermeasures to continuously improve and reduce corporate risks. The Company's business risks can be categorized as operating risks, market risks, operational risks, information security risks, climate change risks, environmental security risks, risks of stable supply related to electricity and water resources, legal infectious disease risks, and other business-related risks. In order to ensure that various risks are controlled within a tolerable scope, the Company should set up summary and management indicators of various risks, which are regularly monitored by each operating unit.
Members of Risk Management Committee
Major (Education) Past Positions
Wen Chiu Chung
Master of Accounting, Chung Yuan Christian University
Accountant of Grand Thornton
Yu Lun Huang
Associate Vice President for Academic Affairs
Director, Center for Teaching and Learning Development
Director, Center for Continuing Education and Training
Associate Professor, Department of Electrical and Computer Engineering
Secretary-in-General, Taiwan Open Course and Education Consortium
There are 3 members in the Risk Management Committee.
The term of the members of this committee is based on the principle of matching the term of the directors, and may be re-elected. The terms of this section of Risk Management Committee: November 5, 2021 to June 2, 2023.
On January 21, 2022, the Risk Management Committee reported the risk management results of 2021 and the work plan for 2022 to the Board of Directors.
2021 work focus：
Materiality to company
2021 risk management and control results
Cyber-attacks and information outflow will affect the protection of internal and external intellectual information, causing serious problems such as interruption of company operations, financial damage, or illegal breach of contract. In the long run, it will cause major damage to goodwill and customer relationships, and affect the foundation of sustainable development of the company.
Information Security Committee
Improve the information security risk notification mechanism, investigate and deal with suspicious security weaknesses immediately.
Enhance information security defense capabilities
Import two-factor authentication to prevent hackers from intruding and protect account security.
Import a network application firewall to filter suspicious data traffic and deny malicious data traffic to enter.
Introduce an information security risk analysis system to immediately, effectively and continuously establish an analysis of the current situation of information security.
Climate change management
Water Rationing /Outage
In order to ensure the normal operation of the factory, risk assessment methods are used to formulate relevant countermeasures to solve the problem of power and water shortages that cause operation interruptions
Sign a service contract with a private water supplier.
Decompress water supply and increase water storage capacity.
Add four five-ton drinking water towers.
Implement water injection drills.
Implement generator operation test every month.
Regular maintenance of UPS every season.
Large-scale infectious disease outbreak
In order to ensure the health of the company’s workers, risk assessment methods are used to formulate relevant countermeasures to prevent and avoid large-scale outbreaks of infectious diseases, resulting in operational interruptions.
The epidemic prevention team draws up plans and implements epidemic prevention policies based on changes in the epidemic situation.
Prevent the risk of infection through health declaration investigation and high-risk notification management.
Conduct group work drills, emergency drills for suspected diagnosis/confirmation, and emergency drills for epidemic escalation warnings.
Strengthen environmental disinfection and disinfection of goods entering the factory.
The company's anti-epidemic policy has been adjusted on a rolling basis, with announcements and posting signs to remind the workers to continue to prevent epidemics.
In response to the three-level warning, implement the split-to-work policy.
Announce vaccine registration and reserve qualifications, provide vaccine leave to encourage colleagues to vaccinate.