Risk Management Policies

Risk Management Policies and Procedures

The Company formulated the “Risk Management Policy” in 2021 which was approved by the board meeting in 2021/6/30,as the highest guiding principle of the Company’s risk management; the Company regularly defines various risks in accordance with the its operating policies every year to prevents possible losses, increases shareholder value, and achieves the optimization of resource allocation within the acceptable risk range, in order to reasonably ensure the achievement of the Company’s strategic objectives.

Risk management scope:
In a positive and cost-effective way, the Company integrates and manages all potential risks, such as strategies, operations, finance and harmfulness, which may have an impact on its operation and profit; evaluates the frequency of risk events and the severity of the impact on the Company’s operation; defines the priority and level of risks, and adopts corresponding risk management strategies according to the risk level.
Risk Management Procedures:
Risk identification、Risk evaluation、 Risk monitoring 、 Risk Disclosure and Presentation、Risk treatment.
The risk types include the following:

Risk type Risk details
Hazard risk Safety protection and emergency response refer to the risk of occurrence and loss of major hazardous events.
Operational risk It refers to the risk of intellectual property protection, legal compliance, and changes in international political and economic situation.
Financial risk It refers to market risk, credit risk, liquidity risk and operational risk.
Strategy risk It refers to market risk, credit risk, liquidity risk and operational risk. Strategy risk includes the risk of excessive concentration in a single region, customer concentration/influence of key customers, concentration of agents/impact of major product lines, industrial concentration, and mergers and acquisitions.
Compliance risk/contract risk It refers to the possible losses caused by invalid contract due to the non-legal effect of the signed contract itself, ultra vires behavior, omission of clauses, and inadequate regulations.
Information security policy It refers to the possibility that the information assets of an enterprise may suffer unbearable risks, and the confidentiality, integrity and availability of information cannot be ensured, including possible losses from that unauthorized users can still access the information, the information content and information processing methods cannot be ensured to be correct and complete, and authorized users cannot access the information and use relevant assets in time when necessary.
Other risks In addition to the risks above, if there are other risks, appropriate risk control procedures shall be established according to the risk characteristics and the degree of impact.

Implementation status
The Company actively promotes the implementation of the risk management mechanism, and reviews and reports the operation status to the board meeting regularly every month. The operation status reported to the board meeting on December 22, 2023 for the year of 2023 is as follows:

Risk type Implementation status in 2023
Hazard risk 1.The daily business shall be carried out in accordance with the internal control system and laws and regulations.
2.Fire safety advocacy.
3.Strengthening of the protection mechanism of information security and infringement management.
Operational risk 1.Business aspect: New cases/new customers/new suppliers have signed confidentiality agreements and environmental hazardous substances restrictions, and credit lines and collection conditions are given after the basic information is evaluated.
2.Human resources aspect: The agreement on Personal Data Protection Act is signed, and the integrity and ethical code of conduct is regularly advocated.
Financial risk The main risk is that the counterparties are unable to pay off the accounts receivable according to the collection terms. For the management of accounts receivable, a weekly meeting is held to review the details of customers who have accounts receivable due or overdue.
Inventory falling price risk: Inventory liquidity is ensured through weekly inventory consumption review.
Strategy risk  
Compliance risk/contract risk Signing of new contracts: The contracting unit shall first submit the contract to the Management Department for review regarding whether there is any doubt of infringement risk, and then submit it for signature and seal.
Information security policy The Information Security Management Measures is established; for the external network attack risk, there are firewalls and anti-virus software; for internal employee management, different authority levels according to different job levels and password change management requirements are set up. For data backup, remote backup management and regular disaster recovery test are implemented.
Other risks In terms of compliance with laws and regulations, the Management Department and the Finance Department pay attention to changes in labor, accounting and securities laws and regulations to ensure compliance with laws and regulations.
Each unit audits its front-end unit, and the occurrence of unexpected risks is reduced by ensuring that each unit complies with the internal control regulations.

Organizational Structure