The ability to discover internal and external operational risks in advance, and to properly assess and process these risks, is important to effectively prevent and reduce loss exposures as well as maintain control over operational risks. In December 2019, a risk management committee was established by the ASEH board of directors,followed by the approval of the ‘Risk Management Policies and Procedures’ in 2020 as the ultimate guiding risk management principle. Awareness in risk management forms an integral part of ASEH management, and risk management has been duly incorporated into the company’s business strategies and organizational culture. ASEH conducts risk assessments on an annual basis. For major risks, the company formulates specific management plans covering goals, organizational structure and responsibilities, and risk management procedures. The implementation of the risk management plans help to effectively identify, measure, monitor and control various risk exposures. Risks that arise from the company’s business activities can then be controlled within an acceptable range.
ASEH conducts a comprehensive evalsuation on the probability and impact of various risks faced during the ordinary course of business, and takes appropriate measures to continuously make improvements and reduce corporate risks.
ASEH’s business operation risks can be categorized into operational risks, strategic risks, market risks, compliance risks, information security risks, environmental risks,climate risks, financial risks, and other risks associated with business operation. To ensure that all risks are kept within an acceptable range, ASEH shall aggregate and establish benchmarks for each risk category to be regularly monitored by respective business units.
The top level management of ASEH conducts risk identification on an annual basis. The company integrates the risks identified into its ERM framework to conduct risk evalsuations according to the impacts on financial, reputational and operational management. After which, a thorough review on the existing controls and countermeasures are conducted based on the degree of risk impact and frequency of occurrence. We will continue to maintain and control low level risks. For medium or high level risks, we will adopt control mechanisms or countermeasures for improvement. In 2022, information technology (cybersecurity), sustainable development(renewable energy use), key talent and strategy risks (customer/market) were identified as high level risks. Moreover, regulatory compliance, corporate governance and geopolitics risks were identified as medium level risks. After estimating and formulating remedial mechanisms, the mitigating actions shall be taken for two items with lower risk tolerance for improvement as follows:
Through the use of the ERM tool, we have evalsuated and classified information technology (cybersecurity) risks as a high priority risk. Of great concern, are the frequency and complexity of cyberattacks and the sophisticated tactics used to evade detection. While we have adopted strict countermeasures to protect our trade secrets and customer information, cyberattacks could still put the company, our customers, and our supply chain at risk. As such we have actively stepped up our cyber defenses and created a system of coordinated measures. The Information Security Teams of each subsidiary has created a platform for classifying cyber incidents and risk reporting. In addition, a security health check is performed annually by a professional third party security expert on each subsidiary’s cybersecurity posture. In 2022, we added cybersecurity insurance as an additional tool to protect the company. The cyber insurance covers ASEH and all 3 major subsidiaries, and is designed to reduce the financial burden to the company, our customers and suppliers, and allow faster recovery in the event of a cybersecurity attack.
Sustainable development (renewable energy use) risks has also been evalsuated through the use of our ERM tool and classified as a high priority risk . Globally, many countries are setting climate targets and revising regulations to achieve Net Zero. For example, Taiwan introduced the Major Electricity User clause, and many customers are requiring ASEH to increase the proportion of renewable energy in the company’s energy portfolio. However, there is a shortage of renewable energy in Taiwan and its cost is relatively higher than conventional electricity. Besides requiring a number of our subsidiaries to install solar power, we are also actively procuring renewable energy in Taiwan and acquiring renewable energy certificates from overseas regions. We are actively exploring the procurement of offshore wind power and other types of renewable energy in Taiwan to further increase the proportion of renewable energy in our energy portfolio, so as to comply with the Major Electricity User clause, meet specific customer demands, and fulfill our Net Zero commitments.
We conducted a sensitivity analysis on the Carbon Boundary Adjustment Mechanism(CBAM) to be implemented in October 2023, and the impact of the mechanism on the company's overall operations is currently under control.
ASEH adopts a rigorous risk management mechanism, the Risk Management Committee convenes regular meetings at least twice a year and reports the progress to the Board of Directors on a yearly basis. Our activities in 2024 include the following:
Due to the re-election of the Company's Board of Directors, the third Risk Management Committee was also re-elected on June 27, 2024 according to the Company's Articles of Incorporation. The Board appointed independent director Mei-Yueh Ho, independent director Shen-Fu Yu, and Group Chief Administration Officer Du-Tsuen Uang as committee members.
On July 12, 2024, the third Risk Management Committee convened its first meeting. The committee secretariat and representatives of the Company’s subsidiaries presented key risks management and 2024 work plans.
On October 8, 2024, submitted a report on the operation of risk management in 2024 to the Board of Directors.
On December 11, 2024, the third Risk Management Committee convened its second meeting to present a project report on the company's renewable energy pathway and achievement strategies. Additionally, the risk management units of the company and its subsidiaries reported on the risk focus items for 2025, as well as the management of the company's key risks for 2024 (such as regional risks, economic and industrial trend risks, energy and alternative energy risks, information security risks, research and development risks, succession planning risks, etc.).
ISO 31000 risk management system principles and guidelines are international standards for risk management. It provides a comprehensive principle to help companies conduct risk analysis and risk assessment. ASEH appoints BSI to verify the company's risk management system in accordance with ISO 31000. The risk management complies with the international standard risk framework, and a statement of conformity is issued.
