Risk Management
Risk Governance
The Company's risk management is led by the Board of Directors as the highest governing authority. In 2024, the "Sustainability and ERM Committee" was established to assess the operation of risk management, determine qualitative and quantitative risk tolerances, and allocate resources effectively. The "Sustainability and ERM Executive Committee" covers aspects such as strategy, finance, operations, and hazards, as well as emerging risks that may impact the Company's operations in the future. The Risk Management Department is responsible for overseeing and reviewing the effectiveness of risk management. The results of risk management activities and risk reviews are reported to the Board of Directors at least once a year.
Risk Management Policy
The Company follows international risk management guidelines to establish the 'Risk Management Policy and Procedures' as the highest guiding principle for risk management. We strengthen and enhance the internal system architecture, and promote the resilience of our sustainable business operations.
Risk Management Policy & Procedures
Risk Appetite Statement
To achieve the company's long-term development goals and sustainable operation strategies, this risk appetite statement aims to articulate the types and levels of risk that the company is willing to accept and can tolerate in the pursuit of business growth and innovation. By defining the risk appetite, the company can promote strategic decisions and day-to-day operations while maintaining financial stability, complying with regulatory requirements, and protecting the interests of stakeholders.
Risk Appetite Statement
Risk management framework
Establish systemic risk response policies and procedures to control corporate risks effectively.
The three lines model in risk management
Governing Body
The Board of Directors serves as the highest governing body for risk management. They oversee risk management, and establishes risk management policies and procedures, and review the consistency between risk strategies and company operations strategies. The results of risk management implementation will be reported to the Board of Directors annually. Under the guidance and supervision of the board, we gradually establish a culture of corporate risk governance.
Third line
The Risk Management Department is responsible for the audit of the internal risk management, which includes supervision and audits, to ensure the effectiveness of risk management measures. Audit results are reported regularly to the Board of Directors and the Sustainability and ERM Committee.
Second line
The Sustainable and ERM Executive Committee is responsible for implementing risk management policies and procedures, including reviewing the company's risk identification and addressing issues related to risk control. The management scope covers various aspects such as strategy, finance, operations, and hazards, including emerging risks that may impact the company's operations in the future. They manage risks by assessing and controlling risk impacts through risk appetite, utilizing qualitative and quantitative indicators, and report regularly to the Board of Directors and the Sustainability and ERM Committee
First line
Department managers lead the risk identification operations and utilize processes such as identification, analysis, and evaluation to quantify and assess the frequency and impact of risks in order to determine the level of control. Risks with high impact and control uncertainty are tracked and managed, and potential impacts are addressed through Business Continuity Plans (BCP) for operational continuity.
Risk Culture
Risk culture is considered the foundation of risk management. The establishment of risk culture is critical to improving the ability of the organization to respond to risks as a whole. The definition of clear risk management targets can help the organization keep its attention on risk issues during everyday operations. Employees must also understand the implications of risk as well as their own role and responsibility in risk management. This will improve the accuracy of risk identification and provide a more comprehensive perspective for risk assessment and response.
Education and training is an important part of promoting risk culture. AUO conducts comprehensive risk training program for employees at every level to improve the ability of the management and employees to identify, assess, and manage risks.
- Directors (Board of Directors):
- The company‘s director training program focuses on enhancing risk identification, assessment, and control capabilities; the curriculum includes specialized knowledge and tools, Includes a wide range of topics related to risk management, beyond just specific issues, and schedules a series of risk management courses.
- The company will organize internal and external training sessions covering various risk management topics, and through the AUO University Internet of Thinking Forum, explore the year's global risk and emerging risk changes.
- The 2024 Internet of Thinking Forum risk theme is: Navigating the Ever-Changing Landscape – Mastering Political and Economic Dynamics to Discover New Global Opportunities.
- Senior Management:
- Through annual risk trend training, enhance risk assessment capabilities and apply the complete risk management process of identification, analysis, response, monitoring, and review to strengthen practical risk management skills.
- Through annual risk trend training, enhance risk assessment capabilities and apply the complete risk management process of identification, analysis, response, monitoring, and review to strengthen practical risk management skills.
- All Employees:
- AUO has designed a diverse range of risk courses including risk mindset, information security, compliance and conformity, and security to promote risk culture.
Mechanisms for Managing Risk Exposure
- Risk Analysis: Analyzing internal and external risk-related reports and information, such as the annual report of the World Economic Forum, global trend research, as well as corporate business objectives, past risk issues and incident experiences, each unit is requested to identify the risk exposure related to corporate operations. The content covers strategy, finance, operations, and hazards, evaluating the frequency of occurrence, impact level, and control level, conducting qualitative and quantitative risk assessments, and regularly reviewing risk exposure and control measures at the Sustainability and ERM Executive Committee to achieve effective risk management operation.
- Execution Frequency:
- Q1 : Conduct annual risk identification.
- Q2 – Q4 : Review risk exposures every quarter and adjust risk control measures.
Risk management structure
According to the risk management standards and guidelines of ISO 31000, we assess our ability to respond to various risks from a business continuity perspective. In 2024, these risks include focused risks and emerging risks related to market and financial volatility, as well as non-financial risks arising from factors such as regulatory compliance, IT security, climate and environmental protection, and social issues.
Emerging Risk
Focused Risk
Risk Description
- Strong protectionism
- Operational challenges brought by green inflation
- AI-driven automation attacks and data security risks
Mitigating actions
- Align the company's dual-axis transformation and strategy, and carry out regional diversification and investment layout for the manufacturing base.
- Promote carbon reduction measures through the Carbon Energy Task Force, including but not limited to energy-saving operations at factories, energy-saving proposals, etc., to address the operational challenges brought by policies such as carbon tax and carbon fees.
- Information security management is promoted and enforced through the Information Security Committee to protect Company IP, customer data, and enhance employee awareness on information security in response to evolving cybercrime and growing information insecurity threats.
Risk Description
- Mergers and Acquisitions
- Decline in end demand due to inflation and recession risks
- Climate change
Mitigating actions
- Liquidity risk is monitored by the company's finance department to forecast and ensure the liquidity of the merged company.
- Expand high-end products in areas such as e-sports, automotive, medical, and industrial applications, with a meticulous approach to a small-batch, diversified product layout to strengthen profitability.
- Promote climate-related financial disclosure operations and prepare for financial risks arising from various scenarios.
