Process
Process: From Risk Identification, Risk Analysis, Risk Evaluation to Risk Decision-Making
1. Risk Identification: all divisions/departments will discover and list all risk factors by identifying risks under their respective operational/management field
via internal control process, situational simulation analysis, practical experience (external information included) and evaluating impacts on internal/external
stakeholders. Sources of risk may include:
(1) Strategy Risk: resource allocation, extension or reduction of company goals, market
situation, public and investor relations, domestic/foreign policies
and political risks…etc.
(2) Operational Risk: marketing, supply chain, employee, technology, cyber attack,
computer room damage, huge disaster, asset , act of god (ex:
natural
disaster、pandemic、terrorist attack).
(3) Financial Risk: cash flow, credit, financial report, taxes, capital structure.
(4) Compliance Risk: corporate governance system, code of conduct and international
laws/regulations.
(5) Climate Change Risk: risks and opportunities attributed to climate change.
2. Risk Analysis: via statistics, situational simulations and practical
experiences to collect outside information (including case study or figures
within the
industry) to analyze risk frequency and risk severity.
3. Risk Evaluation and Handling: the degree of risk will be evaluated by
grading the risk frequency and risk severity. The risk degree will then be
submitted
into the RISK-MATRIX for final assessment. When encountering
risks, measures that may be taken includes, risk self-retention, risk transfer,
risk
prevention and avoidance.
4. Risk Monitoring: all divisions/departments will ensure a smooth risk
management operation and cooperate with external/internal audit for
thorough risk
monitoring. Annual Group Risk Evaluation Report shall be
submitted to the BOD for reference.
(The Annual Group Risk Evaluation Report was approved by 367th BOD on 2021/12/17)
|
Home
Investor
Risk Management
Process