Business Risk Management


Risk Assessment Process
- Each year, when setting goals and conducting strategic planning, all departments should review whether their goals support the achievement of the corporate vision and mission. Strategies are formulated through feasible methods such as information gathering, analysis, and assessment.
- Based on the Company’s strategic objectives and the Risk Management Policy and Procedures, each operating unit identifies risks related to its business functions, including operational risks, strategic risks, financial risks, compliance risks, and other risks.
- For identified risk events, considering their nature and characteristics, existing control measures, past experience, and peer cases, risk assessment personnel analyze the probability of occurrence and the severity of impact according to risk analysis and measurement standards. This analysis is used to calculate the risk value.
- The results of the risk analysis are compared against the Company’s risk appetite to determine the priority for handling risk events. Subsequent risk response strategies are planned and carried out based on the risk level.
- For risk events where the assessment result exceeds the risk appetite, a risk response method is developed considering corporate strategic objectives, stakeholder perspectives, risk appetite, available resources, and cost-effectiveness. An action plan is formulated, detailing the responsible unit, resource requirements, and execution timeline. Relevant personnel are required to ensure that they fully understand the plan and are committed to the implementation with ongoing monitoring of the progress.
- For significant risks identified through the risk assessment process, the responsible department should establish appropriate mechanisms to monitor risk trends.
- The risk management team holds quarterly meetings to review and track the implementation status of risk response plans, risk trends, and countermeasures. Meeting records are maintained and reviewed by the risk management team convener for follow-up actions.
Risk Assessment and Operations
In 2024, following Inventec’s annual risk identification and management process, 15 major risks were identified across operational, strategic, financial, legal compliance, environmental, and energy dimensions. The risks exceeding the Company’s risk appetite were operational risks: "business continuity risk" and "information security and privacy protection risk." Relevant response strategies and mitigation measures for these risks are being actively implemented.
Major Risks | Description | Response Strategy |
---|---|---|
Business Continuity Risk | Insufficient power supply or network infrastructure at overseas production sites may lead to power interruptions, shortages, or network disruptions. |
|
The increasing sophistication of cybercrime techniques, coupled with insufficient employee awareness of information security risk or inadequate IT infrastructure, may elevate the risk of attacks, potentially causing system interruptions. | ||
Large-scale epidemics may disrupt the normal operations of the Company’s personnel and the supply chain. | ||
Information Security and Privacy Protection Risk | Due to numerous global operating sites, inadequate control over the secure operation of IT infrastructure across various locations, insufficient employee information security awareness, or malicious intent may lead to information systems being attacked, disrupted by ransomware, or confidential information being stolen, resulting in the loss or leakage of critical information. |
|
Emerging Risk Management
Following the emerging risk management process, the Company identifies and manages its emerging risk events for 2024. This process is based on the 15 major risks currently identified by the Company, incorporates insights from external environmental analysis, considers emerging risks identified by benchmark companies and industry peers, and gathers recommendations from risk owners (managers and personnel).
Emerging Risk Event | Description | Countermeasures / Risk Management Measures |
---|---|---|
Disruptive Technologies – Negative Impacts of AI | The rapid development of Artificial Intelligence (AI) technology and its application in cybercrime may increase the probability of critical data leakage and misappropriation at various operating sites, or cause operational disruptions. |
|
Existing regulatory mechanisms struggle to keep pace with AI advancements. Uncertainties arising from AI supply chain planning or AI technology development may impact the Company’s operations. | ||
Impacts of Climate Transition Failure on the Company’s Products and Services | In addressing climate change, the Company's failure to effectively manage the impacts of related climate actions, such as achieving greenhouse gas (GHG) reduction and net-zero carbon reduction goals, may result in the progress and outcome of the Company's technology transition and international cooperation efforts (including collaboration with supply chain) falling short of expectations. This could negatively impact the market competitiveness of the Company’s products and services. |
|