Risk Management

Sustainability

Risk Management

◆Risk Management Policies and Portocol

Avertronics setup the "Risk Management Policy" in 2023, which was approved by the board of directors on May 10, 2023, as the highest guiding principle for the company's risk management.

Type of Risk	Detals of Risk
Hazard Risk	Safety protection and emergency response refer to indicate the probability of occurrence of major hazardous events and the risk of loss.
Operations Risk	Means to sales concentration, procurement concentration, intellectual property protection, legal compliance, talent recruitment and retention, and the creation and maintenance of corporate image.
Financial Risk	Market risk, Credit risk, Liquidity risk and Operational risk.
Strategic Risk	Including the risk of excessive concentration in a single region, customer concentration/the impact of large customers, agency product line concentration/large product line impact, industry concentration, and M&As
Compliance Risk/Contract Risk	Means to possible losses caused by failure to comply with relevant regulations of the competent authority. Contract risk means to possible losses caused by the signed contract itself not having legal effect, transgressions, omissions in terms, inadequate regulations, etc. that may render the contract invalid.
Information Technology Security Risk	Information assets may be subject to unacceptable risks, and the confidentiality, integrity and availability of the information cannot be ensured, including the fact that unauthorized persons can still access the information and cannot ensure that the information content and information processing methods are correct and complete. Authorized users are unable to immediately access information and use related assets when needed, resulting in possible losses.
Other Risk	Beyond the above-mentioned risks, if there are other risks, appropriate risk control procedures should be established based on the characteristics of the risk and the range of impact.

**Note: The mobile version can be read by sliding left and right.

◆Risk Management Group and Structure

The risk response organization is based on the risk management measures established by the board of directors of the company and its subsidiaries. It is convened by the general management office to coordinate and direct the promotion and operation of the risk management plan. Upon this, managers and employees of various departments jointly participate in the promotion and implementation.

The risk management team is responsible for implementing the risk management process, and the responsible supervisor is responsible for setup response measurements and actual execution of risk projects.

1. Board of Directors :
The Board of Directors of this company and company's subsidiaries is the highest authority for enterprise risk management. Company's objective is to comply with laws and regulations, promote and implement enterprise-wide risk management, clearly understand the risks faced by the company's operations, ensure the effectiveness of risk management, and bear ultimate responsibility for risk management.

2. Audit office :
The company's Internal Audit Department is an independent unit, reporting to the Board of Directors. It is responsible for conducting internal audits to assist the Board and management in examining and reviewing deficiencies in the internal control system and evaluating the effectiveness and efficiency of operations. Audit office also provides timely recommendations for improvement to ensure the continuous and effective implementation of the internal control system and serves as a basis for reviewing and amending the internal control system.

3. General Manager Office :
The General Manager's Office of the Company is responsible for assessing operational decision-making risks and implementing corresponding strategies, managing media relations and external communications, as well as overseeing the allocation and contingency planning of human resources.

4. Finance Department :
The Company's Finance Department is responsible for the assessment of financial risks.

5. Sales and Management Department :
All department and unit managers should conduct risk assessment and control as part of their daily management duties, emphasizing organization-wide risk management participation, implementing systematic preventive measures at all levels, to ensure effective risk management.

Risk Management Levels	Risk Management Operations
First-line Responsibility	Each unit or business operator is the Risk Owner for the business they handle. They must execute their duties in accordance with the relevant internal control systems and internal regulations. They are the first line of defense in identifying, assessing, and controlling risks.
Second-line Responsibility	Department heads or designated functional/departmental risk management leaders are responsible for risk management related to their respective operations. They should review operating procedures and manuals based on actual business operations, pay attention to the latest regulatory updates and business-related circulars issued by regulatory authorities, and amend relevant internal regulations as necessary.
Third-line Responsibility	Department heads or designated functional/departmental risk management personnel are responsible for risk management related to their respective operations. They should review operating procedures and manuals based on actual business operations, pay attention to the latest regulatory updates and business-related circulars issued by regulatory authorities, and amend relevant internal regulations as necessary.

**Note: The mobile version can be read by sliding left and right.

◆ Outcomes of 2024

In 2024, evaluate possible response plans for the top three risk issues, setup management strategies and implement risk control, and submit a report to the board of directors on December 20, 2024. The business performed by the company's risk management team includes risk assessment, scope of risk environment and the risk control measures and risk management operations adopted.

Type of Risks	Top 3 Risk Topics	Keys of Control and Management	Strategies
Economics	Technology and Industry trend change rapidly	Traditional business profit models are impacted by e-commerce platforms Utilize new technologies and customer channels to catch up with new retail trends and expand market applications.	Utilize new technologies and customer channels to catch up with new retail trends and expand market applications. Focus on the research and development of high value-added products, and delve into the development of intelligent service solution platforms such as artificial intelligence, big data, cloud technology, and intelligent interaction to expand and drive new growth momentum.
Operations	Supply Chain disruption	External factors such as natural disasters or epidemics cause delays in supply chain production and transportation Industrial technology changes rapidly, requiring timely access to key components of new technologies. ESG wave drives up costs for small suppliers	Prioritize the management and control of critical raw materials with higher supply risks, and then set strategic material preparation days and demand based on market demand and supplier supply speed. Develop innovative technologies, improve parts manufacturing capabilities, and cooperate with third parties to implement a procurement strategy of more than two sources of supply. Maintain closely relationships with key parts suppliers to understand their production capacity and load status, and flexibly adjust procurement lead times accordingly. Actively engage in technical cooperation or strategic alliances with major domestic and foreign manufacturers to facilitate the launch of new products or the acquisition of new technologies. Ensure supplier supply capabilities through regular audits, continue to search for and cultivate local suppliers that can provide high-quality products that comply with environmental regulations, implement local procurement priority strategies, and shorten transportation miles to reduce carbon emissions.
Difficulty attracting and retaining employees	Establish multiple communication channels and communicate with employees based on the content of the issues Provide wages and benefits that meet or better than local laws and regulations Strengthen employees' professional capabilities and international perspectives through diversified channels Inplement safe working environment and prevent occupational disasters	Establish diversified and smooth two-way communication channels and conduct employee opinion surveys, and conduct necessary communications after collecting various employee opinions. Depending on the location of the operating sites, the salary of all employees shall comply with the basic salary level stipulated by local laws and regulations, and social insurance shall be provided in accordance with the regulations, and insurance and welfare measures beyond the provisions of laws and regulations will be provided. Corporate sustainability as the company's core value, actively invest in reengineering employee functions, and activate and strengthen human resources organizations to promote employee career development. Set "building a safe and healthy workplace" and "zero occupational accidents" as the safe working environment management goals, we expect employees and workers to work in a healthy and safe environment.

Type of Risks

Top 3 Risk Topics

Keys of Control and Management

Strategies

Economics

Technology and Industry trend change rapidly

Traditional business profit models are impacted by e-commerce platforms
Utilize new technologies and customer channels to catch up with new retail trends and expand market applications.

Utilize new technologies and customer channels to catch up with new retail trends and expand market applications.

Focus on the research and development of high value-added products, and delve into the development of intelligent service solution platforms such as artificial intelligence, big data, cloud technology, and intelligent interaction to expand and drive new growth momentum.

Operations

Supply Chain disruption

External factors such as natural disasters or epidemics cause delays in supply chain production and transportation
Industrial technology changes rapidly, requiring timely access to key components of new technologies.
ESG wave drives up costs for small suppliers

Prioritize the management and control of critical raw materials with higher supply risks, and then set strategic material preparation days and demand based on market demand and supplier supply speed. Develop innovative technologies, improve parts manufacturing capabilities, and cooperate with third parties to implement a procurement strategy of more than two sources of supply.
Maintain closely relationships with key parts suppliers to understand their production capacity and load status, and flexibly adjust procurement lead times accordingly. Actively engage in technical cooperation or strategic alliances with major domestic and foreign manufacturers to facilitate the launch of new products or the acquisition of new technologies.
Ensure supplier supply capabilities through regular audits, continue to search for and cultivate local suppliers that can provide high-quality products that comply with environmental regulations, implement local procurement priority strategies, and shorten transportation miles to reduce carbon emissions.

Difficulty attracting and retaining employees

Establish multiple communication channels and communicate with employees based on the content of the issues
Provide wages and benefits that meet or better than local laws and regulations
Strengthen employees' professional capabilities and international perspectives through diversified channels
Inplement safe working environment and prevent occupational disasters

Establish diversified and smooth two-way communication channels and conduct employee opinion surveys, and conduct necessary communications after collecting various employee opinions.
Depending on the location of the operating sites, the salary of all employees shall comply with the basic salary level stipulated by local laws and regulations, and social insurance shall be provided in accordance with the regulations, and insurance and welfare measures beyond the provisions of laws and regulations will be provided.
Corporate sustainability as the company's core value, actively invest in reengineering employee functions, and activate and strengthen human resources organizations to promote employee career development.
Set "building a safe and healthy workplace" and "zero occupational accidents" as the safe working environment management goals, we expect employees and workers to work in a healthy and safe environment.

**Note: The mobile version can be read by sliding left and right.

◆ Risk Evaluation

Top Topics	Risk Evaluation Item	Policies of Risk Management
Enviroment	Climate Change	Support and implementTCFD, and evaluate the financial risks of climate change through climate change risk questionnaires, and then set and plan annual goals, budgets and plans by EHS and facilities units, submit them to the Environmental Protection Committee for review, and follow ISO 14064- 1. Greenhouse gas verification standard implementation corresponding plan, and subsequent planning for ISO 50001 energy management system preparation.
Enviroment	Green process and Products management	Future new products developed by Green designed be the priority.
Social	Friendly workplace	Establish diverse and smooth two-way communication channels (quarterly labor-management meetings, annual group-wide strategic consensus meetings, monthly AVI group meetings) and complaint channels for labor/human rights issues, and strive to create a friendly workplace.
Corporate Governance	Social economy and legal compliance	Setup the governance organization and implementing internal control mechanisms, we ensure that all personnel and operations comply with relevant laws and regulations.
	Information security	Develop information security policies based on the company's actual internal management needs. In response to actual needs and development trends, implement corresponding information security strategies and visions with the purpose of improving the information security protection system. Through risk-oriented security protection mechanisms, supplemented by continuous training, Improve employees' information security awareness to establish a safe and trustworthy information security environment. We will prepare for the subsequent plans of the ISO 27001 information security management system and evaluate the information security policy by yearly basis and report to the board of directors.
	Intellectual property management	Property Rights Management Measures" are implemented to regulate and manage the acquisition, maintenance, and use of various intellectual property rights such as patents, trademarks, copyrights, and trade secrets. The implementation status will be reported to the board of directors once a year to ensure that operations and results are in line with the company's plan.
Human Rights	Occupational Health and Safety	Establish occupational safety and health policies to ensure the safety and hygiene of various operations and working environments, and commit to all employees and the relevant public to implement safety and health policies to achieve the responsibilities and obligations of protecting employee safety and health. Regarding occupational health, we actively participate to implement the workplace safety and health through on-site services provided by nurses 4 times a month and doctors 4 times a year, assisting occupational doctors and nurses to improve the effectiveness of employee health management, and analyze the health problems of colleagues through the results of regular health examinations held by the company as well as planning appropriate health promotion activities will not only help prevent the occurrence of occupational disasters and occupational diseases, but also improve the physical and mental health and work ability of workers.
Human Rights	Labour Relations	If the company implements major operational changes that may seriously affect employees' rights, it will inform employees after communicating at labor-management meetings.

**Note: The mobile version can be read by sliding left and right.

◆Traning

Date	Contents	Numbers of attendees	Man-Hours
2024/12/16	Advocacy for Corporate Integrity Management, Trade Secrets, and Intellectual Property Rights	53	53
2024/11/22	Internet security awareness Training (DHL notice e-mails)	全員
2024/11/21	H2 of 2024 Fire and Evacuation training	106	212
2024/11/7	Common EHS Training	26	26
2024/10/21	Annual Advocacy on Insider Equity and Prevention of Insider Trading	57	29
2024/10/19	Practice for ISMS Emergency Actions	37	37
2024/9/25	The latest international environmental regulations	24	24
2024/8/19	Annual Gender Equality and Workplace Harassment Prevention Advocacy	53	27
2024/6/6	Occupational safety and health education and training	1	6
2024/5/22	H1 of 2024 Fire and Evacuation training	39	78
2024/5/10	Cybersecurity Incident Response Practice Exercise	3	6
2024/4/23	Training for Fire Wall	1	6
2024/3/12	Risk-Oriented Internal Audit Methods and Practices	1	6
2024/3/11	Analysis Report on Social Engineering Email Drill Service Results	57	57

**Note: The mobile version can be read by sliding left and right.