Risk Management Systems

In order to protect the interests of stakeholders including employees, shareholders, collaborating partners, and clients, the Group established the “Risk Management Policies & Procedures” to define various risks in accordance with overall corporate operational guidelines so as to formulate advanced identification, accurate measurement, effective monitoring, and rigorous control risk management mechanisms to prevent possible losses within the scope of manageable risks. We continue to adjust and improve optimal risk management practices in accordance with internal and external environmental changes to enhance corporate sustainability values and optimize allocation of corporate resources.

 

Risk Management Organizational Structure and Responsibilities

 

Risk Management Processes and Operations

Our senior executives identify key and emerging risks at least once a year, and discovered risks are communicated to all important subsidiaries. Additionally, the business units of all important subsidiaries conduct risk identification activities to provide transparent disclosures of risk identification results and management. Identification of risks at the corporate level are conducted by compiling past experiences and assessing possible risks in future business. Following risk identification and measurement, all business units adopt appropriate responses to relevant risks and establish prevention, warning, response, crisis management, and business continuity plans that mitigate, transfer, or avoid risks. These processes are recorded and compiled every six months by the ESG Committee Risk Management Team, and are reported to the executive office to enhance overall operational decisions.

We have gradually introduced comprehensive enterprise risk management (ERM) mechanisms and optimizations which are focused on the following aspects.

  1. Establishment of a Risk Management Committee which facilitates smooth operations of all risk management teams
  2. Optimization of risk management foundations and frameworks to enable practical implementation of risk management mechanisms
  3. Use top-down methods to identify key risk items for the Group and use bottom-up methods to implement corporate risk management mechanisms
  4. Enhance risk management awareness in all employees and establish a culture themed around risk management

 

When introducing enterprise risk management (ERM) mechanisms, our senior managers identified five common priority risk items for the Group: “Technological development, Supply chain, Talent shortages, Geopolitics, and Climate change (water/power shortage).” Following approval and confirmation by our highest risk governance unit (the Board) on November 3, 2022, we began implementing subsequent risk scenario analyses, risk assessments, response strategies, and action plans.

Targets for 2023:

  • Complete establishment of Ennostar’s risk knowledge database, risk assessment standards, and methodologies starting with entry-level staff, and incorporate risk management in business strategies
  • Adjust and optimize corporate risk management policies and procedures to gradually form a culture of corporate governance
  • Complete top-down high-level risk assessments
  • Complete bottom-up risk assessments
  • Calibrate high-level risks and confirm risk items for the year

Our annual risk report meeting will be held in February 2024, where we will compile and report on risk management implementation results for the year.

 

Internal Audits and Internal Controls

We established internal control systems (including internal audit implementation rules and self-evaluation procedures and methodologies) in accordance with the “Regulations Governing Establishment of Internal Control Systems by Public Companies.” We also adjust control procedures and oversee establishment of internal controls in accordance with the local laws and regulations, operational characteristics, and operating scope of each subsidiary. The Group prompts all units and subsidiaries to conduct at least one self-assessment each year. Internal audit units review self-assessment reports from all units and subsidiaries, as well as improvements of internal control defects and abnormal items discovered by audit units, to conduct effective evaluations of risks associated with internal control systems, and to provide a reference for the Board and our president when evaluating the effectiveness of internal control systems, issuing statements on internal control, and reporting annual audit results. In terms of internal audits, we conduct annual evaluations of internal control system effectiveness and risk assessments regarding transaction modes, potential fraud, and corruption at Ennostar and our main operating bases: EPISTAR and its subsidiaries Episky, Canyang, Epikylin, and Epicrystal; and Lextar and its subsidiary Lextar Electronics, making a total of seven companies. We draw up annual audit plans and conduct associated audits, then regularly report annual audit results to the Ennostar Board and Audit Committee. √ Audits of risk assessment results in 2022 did not reveal any major corruption incidents. In 2022, we issued our first ESG report to strengthen our sustainability report quality and in adherence to TWSE regulations. The “ESG Report Compilation and Verification Procedures” were approved by the Board in May 2022 and are used to incorporate ESG Report compilation and verification procedures in our internal controls.