Risk Governance
The Company's risk management is led by the Board of Directors as the highest governing authority. In 2024, the "Sustainability and ERM Committee" was established to assess the operation of risk management, determine qualitative and quantitative risk tolerances, and allocate resources effectively. The "Sustainability and ERM Executive Committee" covers aspects such as strategy, finance, operations, and hazards, as well as emerging risks that may impact the Company's operations in the future. The Risk Management Department is responsible for overseeing and reviewing the effectiveness of risk management. The results of risk management activities and risk reviews are reported to the Board of Directors at least once a year.
Risk Management Policy
The Company follows international risk management guidelines to establish the 'Risk Management Policy and Procedures' as the highest guiding principle for risk management. We strengthen and enhance the internal system architecture, and promote the resilience of our sustainable business operations.
Risk Management Policy & Procedures
Risk management framework
Establish systemic risk response policies and procedures to control corporate risks effectively.
The three lines model in risk management
Governing Body
The Board of Directors serves as the highest governing body for risk management. They oversee risk management, and establishes risk management policies and procedures, and review the consistency between risk strategies and company operations strategies. The results of risk management implementation will be reported to the Board of Directors annually. Under the guidance and supervision of the board, we gradually establish a culture of corporate risk governance.
Third line
The Risk Management Department is responsible for the audit of the internal risk management, which includes supervision and audits, to ensure the effectiveness of risk management measures. Audit results are reported regularly to the Board of Directors and the Sustainability and ERM Committee.
Second line
The Sustainable and ERM Executive Committee is responsible for implementing risk management policies and procedures, including reviewing the company's risk identification and addressing issues related to risk control. The management scope covers various aspects such as strategy, finance, operations, and hazards, including emerging risks that may impact the company's operations in the future. They manage risks by assessing and controlling risk impacts through risk appetite, utilizing qualitative and quantitative indicators, and report regularly to the Board of Directors and the Sustainability and ERM Committee
First line
Department managers lead the risk identification operations and utilize processes such as identification, analysis, and evaluation to quantify and assess the frequency and impact of risks in order to determine the level of control. Risks with high impact and control uncertainty are tracked and managed, and potential impacts are addressed through Business Continuity Plans (BCP) for operational continuity.
Mechanisms for Managing Risk Exposure
- Risk Analysis: Analyzing internal and external risk-related reports and information, such as the annual report of the World Economic Forum, global trend research, as well as corporate business objectives, past risk issues and incident experiences, each unit is requested to identify the risk exposure related to corporate operations. The content covers strategy, finance, operations, and hazards, evaluating the frequency of occurrence, impact level, and control level, conducting qualitative and quantitative risk assessments, and regularly reviewing risk exposure and control measures at the Sustainability and ERM Executive Committee to achieve effective risk management operation.
- Execution Frequency:
- Q1 : Conduct annual risk identification.
- Q2 – Q4 : Review risk exposures every quarter and adjust risk control measures.
Risk management structure
According to the risk management standards and guidelines of ISO 31000, we assess our ability to respond to various risks from a business continuity perspective. These risks include focused risks and emerging risks related to market and financial volatility, as well as non-financial risks arising from factors such as regulatory compliance, IT security, climate and environmental protection, and social issues.
Risk Description
- The uncertain future of De-globalization and Protectionism
- Human resources and talent shortage crisis
- Generative AI raises concerns about misuse and errors
Mitigating actions
- Transition to the Company’s biaxial transformation and strategy to distribute production sites and investments over different regions
- Continued promotion of the “ESG-TALENT” strategy and rethinking of the talent selection, training, employment and retention system to ensure the sustainability of organizational talent.
- Information security management is promoted and enforced through the Information Security Committee to protect Company IP, customer data, and enhance employee awareness on information security in response to evolving cybercrime and growing information insecurity threats.
Risk Description
- Decline in end demand due to inflation and recession risks
- Supply chain shortages
- Power and water shortages
- Climate change
Mitigating actions
- Adhere to the goals of dual-axis transformation through greater vertical integration of the market. Leverage our extensive expertise in display technology to integrate software, hardware, cloud and service platforms to satisfy the requirements of diversified applications in smart mobility, smart education and entertainment, smart healthcare, and smart retail.
- Formulation of concrete supplier sustainability management regulations and goals.
- Strengthen the emergency backup power capacity and load times to improve equipment performance.
- AUO adopts a flexible sales strategy in order to satisfy the green requirements of the market.