Business Risk Management

Business Risk Management

Business Risk Management

Risk Assessment Process

1Goal Setting and Strategic Planning
  • Each year, when setting goals and conducting strategic planning, all departments should review whether their goals support the achievement of the corporate vision and mission. Strategies are formulated through feasible methods such as information gathering, analysis, and assessment.
2Risk Identification
  • Based on the Company’s strategic objectives and the Risk Management Policy and Procedures, each operating unit identifies risks related to its business functions, including operational risks, strategic risks, financial risks, compliance risks, and other risks.
3Risk Analysis
  • For identified risk events, considering their nature and characteristics, existing control measures, past experience, and peer cases, risk assessment personnel analyze the probability of occurrence and the severity of impact according to risk analysis and measurement standards. This analysis is used to calculate the risk value.
4Risk Assessment
  • The results of the risk analysis are compared against the Company’s risk appetite to determine the priority for handling risk events. Subsequent risk response strategies are planned and carried out based on the risk level.
5Risk Response Strategy
  • For risk events where the assessment result exceeds the risk appetite, a risk response method is developed considering corporate strategic objectives, stakeholder perspectives, risk appetite, available resources, and cost-effectiveness. An action plan is formulated, detailing the responsible unit, resource requirements, and execution timeline. Relevant personnel are required to ensure that they fully understand the plan and are committed to the implementation with ongoing monitoring of the progress.
6Risk Monitoring and Review
  • For significant risks identified through the risk assessment process, the responsible department should establish appropriate mechanisms to monitor risk trends.
  • The risk management team holds quarterly meetings to review and track the implementation status of risk response plans, risk trends, and countermeasures. Meeting records are maintained and reviewed by the risk management team convener for follow-up actions.

Risk Assessment and Operations

In 2024, following Inventec’s annual risk identification and management process, 15 major risks were identified across operational, strategic, financial, legal compliance, environmental, and energy dimensions. The risks exceeding the Company’s risk appetite were operational risks: "business continuity risk" and "information security and privacy protection risk." Relevant response strategies and mitigation measures for these risks are being actively implemented.

 

Major Risks

Description

Response Strategy

Business Continuity Risk Insufficient power supply or network infrastructure at overseas production sites may lead to power interruptions, shortages, or network disruptions. 
  • Diversified Operations: Reduce reliance on a single market or product
  • Supply Chain Management: Establish flexible supply chain strategies
  • Adhere to the ISO 27001 international information security certification standard, with annual audits conducted by third-party auditing organizations.
  • Crisis Response Plans
  • Financial stability and insurance strategy: Establish a robust financial management system
The increasing sophistication of cybercrime techniques, coupled with insufficient employee awareness of information security risk or inadequate IT infrastructure, may elevate the risk of attacks, potentially causing system interruptions.
Large-scale epidemics may disrupt the normal operations of the Company’s personnel and the supply chain. 
Information Security and Privacy Protection Risk Due to numerous global operating sites, inadequate control over the secure operation of IT infrastructure across various locations, insufficient employee information security awareness, or malicious intent may lead to information systems being attacked, disrupted by ransomware, or confidential information being stolen, resulting in the loss or leakage of critical information. 
  • Privacy Protection Enhancement  
  • Third-Party Risk Management Enhancement 
  • Information Security Testing Enhancement
  • External Impartial Third-Party Audits: Implement the ISO 27001 international information security certification mechanism

Emerging Risk Management 

 

Following the emerging risk management process, the Company identifies and manages its emerging risk events for 2024. This process is based on the 15 major risks currently identified by the Company, incorporates insights from external environmental analysis, considers emerging risks identified by benchmark companies and industry peers, and gathers recommendations from risk owners (managers and personnel).

 

Emerging Risk Event

Description

Countermeasures / Risk Management Measures 

Disruptive Technologies – Negative Impacts of AI The rapid development of Artificial Intelligence (AI) technology and its application in cybercrime may increase the probability of critical data leakage and misappropriation at various operating sites, or cause operational disruptions. 
  • Enhance the use and understanding of AI
  • Participate in activities of professional organizations or gather relevant information to understand the latest trends in AI-related cybercrime
  • Strengthen compliance with relevant laws and regulations
  • Train employees to enhance AI risk awareness
  • Strengthen data management
  • Establish a comprehensive AI risk management framework; formulate and implement "AI Risk Management" procedures
  • Continuously monitor and evaluate AI systems
  • Conduct AI supply chain reviews
  • Develop contingency plans and response measures
Existing regulatory mechanisms struggle to keep pace with AI advancements. Uncertainties arising from AI supply chain planning or AI technology development may impact the Company’s operations.
Impacts of Climate Transition Failure on the Company’s Products and Services In addressing climate change, the Company's failure to effectively manage the impacts of related climate actions, such as achieving greenhouse gas (GHG) reduction and net-zero carbon reduction goals, may result in the progress and outcome of the Company's technology transition and international cooperation efforts (including collaboration with supply chain) falling short of expectations. This could negatively impact the market competitiveness of the Company’s products and services. 
  • Establish climate-related goals, action plans, and management mechanisms
  • Continuously collect GHG emission data, actively seek carbon reduction opportunities within the Company and the value chain
  • Actively participate in global and regional environmental initiatives

 

Report download
SDGs