◆Risk Management Policies and Portocol
Avertronics established a "Risk Management Policy" in 2023, which was approved by the Board of Directors on May 10, 2023, as the highest guiding principle for risk management. On November 12, 2024, Avertronics set up a "Risk Management Committee" to continuously manage risks in four major areas: "strategy", "finance", "operations", and "hazards", with the goal of achieving sustainable development and operations.
Avertronics's risk management team regularly identifies risk factors every year to recognize potential risks that may affect Avertronics's sustainable development. The Risk Management team filters out risks within the scope of risk management and monitors potential risks based on the latest internal audit developments and regulatory requirements. The Risk Management team also implements preventive measures to strengthen risk management. For each type of risk, Avertronics develops risk management policies that cover management objectives, organizational structure, authority and responsibility, and risk management procedures, and ensures their execution. This helps to control risks arising from business activities within an acceptable range.
The risk management process includes: risk identification, risk measurement, risk monitoring, risk reporting&disclosure, and risk response. The Audit Office actively supervises each executing unit to follow approval authority, management regulations, and procedures, ensuring that all employees are aware of and execute risk management. In addition to disclosing relevant information as required by regulatory authorities, Avertronics also discloses information related to risk management in the annual reports and on the website.
| Type of Risk | Detals of Risk |
|---|---|
| Hazard Risk |
Safety protection and emergency response refer to indicate the probability of occurrence of major hazardous events and the risk of loss. |
| Operations Risk |
Means to sales concentration, procurement concentration, intellectual property protection, legal compliance, talent recruitment and retention, and the creation and maintenance of corporate image. |
| Financial Risk |
Market risk, Credit risk, Liquidity risk and Operational risk. |
| Strategic Risk |
Including the risk of excessive concentration in a single region, customer concentration/the impact of large customers, agency product line concentration/large product line impact, industry concentration, and M&As |
| Compliance Risk/Contract Risk |
Means to possible losses caused by failure to comply with relevant regulations of the competent authority. Contract risk means to possible losses caused by the signed contract itself not having legal effect, transgressions, omissions in terms, inadequate regulations, etc. that may render the contract invalid. |
| Information Technology Security Risk |
Information assets may be subject to unacceptable risks, and the confidentiality, integrity and availability of the information cannot be ensured, including the fact that unauthorized persons can still access the information and cannot ensure that the information content and information processing methods are correct and complete. Authorized users are unable to immediately access information and use related assets when needed, resulting in possible losses. |
| Other Risk |
Beyond the above-mentioned risks, if there are other risks, appropriate risk control procedures should be established based on the characteristics of the risk and the range of impact. |
◆Risk Management Group and Structure
The risk response organization is based on the risk management measures established by the board of directors of the company and its subsidiaries. It is convened by the general management office to coordinate and direct the promotion and operation of the risk management plan. Upon this, managers and employees of various departments jointly participate in the promotion and implementation.
The risk management team is responsible for implementing the risk management process, and the responsible supervisor is responsible for setup response measurements and actual execution of risk projects.
1. Board of Directors :
The Board of Directors of this company and company's subsidiaries is the highest authority for enterprise risk management. Company's objective is to comply with laws and regulations, promote and implement enterprise-wide risk management, clearly understand the risks faced by the company's operations, ensure the effectiveness of risk management, and bear ultimate responsibility for risk management.
2. Audit office :
The company's Internal Audit Department is an independent unit, reporting to the Board of Directors. It is responsible for conducting internal audits to assist the Board and management in examining and reviewing deficiencies in the internal control system and evaluating the effectiveness and efficiency of operations. Audit office also provides timely recommendations for improvement to ensure the continuous and effective implementation of the internal control system and serves as a basis for reviewing and amending the internal control system.
3. General Manager Office :
The General Manager's Office of the Company is responsible for assessing operational decision-making risks and implementing corresponding strategies, managing media relations and external communications, as well as overseeing the allocation and contingency planning of human resources.
4. Finance Department :
The Company's Finance Department is responsible for the assessment of financial risks.
5. Sales and Management Department :
All department and unit managers should conduct risk assessment and control as part of their daily management duties, emphasizing organization-wide risk management participation, implementing systematic preventive measures at all levels, to ensure effective risk management.
| Risk Management Levels | Risk Management Operations |
|---|---|
| First-line Responsibility | Each unit or business operator is the Risk Owner for the business they handle. They must execute their duties in accordance with the relevant internal control systems and internal regulations. They are the first line of defense in identifying, assessing, and controlling risks. |
| Second-line Responsibility | Department heads or designated functional/departmental risk management leaders are responsible for risk management related to their respective operations. They should review operating procedures and manuals based on actual business operations, pay attention to the latest regulatory updates and business-related circulars issued by regulatory authorities, and amend relevant internal regulations as necessary. |
| Third-line Responsibility | Department heads or designated functional/departmental risk management personnel are responsible for risk management related to their respective operations. They should review operating procedures and manuals based on actual business operations, pay attention to the latest regulatory updates and business-related circulars issued by regulatory authorities, and amend relevant internal regulations as necessary. |
◆ Outcomes of 2024
In 2024, evaluate possible response plans for the top three risk issues, setup management strategies and implement risk control, and submit a report to the board of directors on December 20, 2024. The business performed by the company's risk management team includes risk assessment, scope of risk environment and the risk control measures and risk management operations adopted.
| Type of Risks | Top 3 Risk Topics | Keys of Control and Management | Strategies |
|---|---|---|---|
| Economics | Technology and Industry trend change rapidly |
|
Utilize new technologies and customer channels to catch up with new retail trends and expand market applications. Focus on the research and development of high value-added products, and delve into the development of intelligent service solution platforms such as artificial intelligence, big data, cloud technology, and intelligent interaction to expand and drive new growth momentum. |
| Operations | Supply Chain disruption |
|
|
| Difficulty attracting and retaining employees |
|
|
◆ Risk Evaluation
| Top Topics | Risk Evaluation Item | Policies of Risk Management |
|---|---|---|
|
Enviroment |
Climate Change |
Support and implementTCFD, and evaluate the financial risks of climate change through climate change risk questionnaires, and then set and plan annual goals, budgets and plans by EHS and facilities units, submit them to the Environmental Protection Committee for review, and follow ISO 14064- 1. Greenhouse gas verification standard implementation corresponding plan, and subsequent planning for ISO 50001 energy management system preparation. |
| Green process and Products management |
Future new products developed by Green designed be the priority. |
|
| Social | Friendly workplace |
Establish diverse and smooth two-way communication channels (quarterly labor-management meetings, annual group-wide strategic consensus meetings, monthly AVI group meetings) and complaint channels for labor/human rights issues, and strive to create a friendly workplace. |
| Corporate Governance | Social economy and legal compliance |
Setup the governance organization and implementing internal control mechanisms, we ensure that all personnel and operations comply with relevant laws and regulations. |
| Information security |
Develop information security policies based on the company's actual internal management needs. In response to actual needs and development trends, implement corresponding information security strategies and visions with the purpose of improving the information security protection system. Through risk-oriented security protection mechanisms, supplemented by continuous training, Improve employees' information security awareness to establish a safe and trustworthy information security environment. We will prepare for the subsequent plans of the ISO 27001 information security management system and evaluate the information security policy by yearly basis and report to the board of directors. |
|
| Intellectual property management |
Property Rights Management Measures" are implemented to regulate and manage the acquisition, maintenance, and use of various intellectual property rights such as patents, trademarks, copyrights, and trade secrets. The implementation status will be reported to the board of directors once a year to ensure that operations and results are in line with the company's plan. |
|
| Human Rights | Occupational Health and Safety |
Establish occupational safety and health policies to ensure the safety and hygiene of various operations and working environments, and commit to all employees and the relevant public to implement safety and health policies to achieve the responsibilities and obligations of protecting employee safety and health. |
| Labour Relations |
If the company implements major operational changes that may seriously affect employees' rights, it will inform employees after communicating at labor-management meetings. |
◆Traning
| Date | Contents | Numbers of attendees | Man-Hours |
|---|---|---|---|
| 2024/12/16 | Advocacy for Corporate Integrity Management, Trade Secrets, and Intellectual Property Rights | 53 | 53 |
| 2024/11/22 | Internet security awareness Training (DHL notice e-mails) | 全員 | |
| 2024/11/21 | H2 of 2024 Fire and Evacuation training | 106 | 212 |
| 2024/11/7 | Common EHS Training | 26 | 26 |
| 2024/10/21 | Annual Advocacy on Insider Equity and Prevention of Insider Trading | 57 | 29 |
| 2024/10/19 | Practice for ISMS Emergency Actions | 37 | 37 |
| 2024/9/25 | The latest international environmental regulations | 24 | 24 |
| 2024/8/19 | Annual Gender Equality and Workplace Harassment Prevention Advocacy | 53 | 27 |
| 2024/6/6 | Occupational safety and health education and training | 1 | 6 |
| 2024/5/22 | H1 of 2024 Fire and Evacuation training | 39 | 78 |
| 2024/5/10 | Cybersecurity Incident Response Practice Exercise | 3 | 6 |
| 2024/4/23 | Training for Fire Wall | 1 | 6 |
| 2024/3/12 | Risk-Oriented Internal Audit Methods and Practices | 1 | 6 |
| 2024/3/11 | Analysis Report on Social Engineering Email Drill Service Results | 57 | 57 |
