Risk Management Policy

Risk Management Policy

Risk Management Policies and Procedures

To strengthen corporate governance and establish a sound risk management framework, the Company approved its Risk Management Policices and Procedures on December 19, 2024, through a resolution of the Board of Directors. These policies are intended to guide all departments in effectively identifying, assessing, monitoring, and controlling various risks in the course of their operations. The goal is to keep potential risks within acceptable levels, thereby achieving a reasonable balance between risk and return and ensuring the Company’s sustainable development.

Scope of Risk Management

The Company’s risk management encompasses four major dimensions related to its operations: corporate governance, environmental protection (including climate and natural resources), social inclusion, and value innovation. It primarily includes the following types of risks: strategic risks, operational risks, financial risks, information risks, compliance risks, integrity risks, and other emerging risks such as those related to climate change, biodiversity, forests, water, or infectious diseases. Risk management shall be conducted in accordance with applicable laws and regulations through identification, analysis, assessment, response, monitoring, and review processes.

Risk Management Organizational Structure

  1. The Board of Directors is the highest authority responsible for risk management. It approves the risk management policies and related guidelines, supervises the overall implementation of risk management, and ensures that risks are effectively controlled.
  2. To assist the Board of Directors in fulfilling its risk management responsibilities, a Risk Management Task Force is established under the Audit Committee. The Task Force is convened by the Chief Financial Officer and is responsible for conducting comprehensive assessments of operational and emerging risks. It reports on the status of risk management operations to the Audit Committee and the Board
    of Directors at least semi-annually.
  3. Risk Management Task Force: Members of the Risk Management Task Force consist of the highest-level managers of each department, who are responsible for ensuring that risk management systems are effectively implemented within their respective units. Each unit shall designate personnel to act as risk management officers and coordinate with relevant operational staff to carry out the implementation of risk management procedures.
  4. Risk Management Office: The Risk Management Office is designated by the convener of the Risk Management Task Force. It is responsible for handling matters assigned by the convener and for assisting the Task Force in the establishment, promotion, maintenance, and review of the risk management framework.
  5. Internal Audit Office: The Internal Audit Office is an independent unit under the Board of Directors. It formulates the annual audit plan in accordance with the Policies and Procedures and various risk management systems. It conducts independent audits to assess the effectiveness of risk management activities, provides recommendations for improvement, and regularly reports audit results to the Board of Directors. This helps ensure that key operational risks are properly managed and that the internal control system functions effectively.
Risk Management Policies and Procedures(.pdf)
Back