Risk Management

Establish strategies and processes to respond to corporate-level systematic risks, in order to effectively control corporate risks

Our risk management team led by our Chief Financial Officer under the Corporate Social Responsibility Committee is in charge of overseeing the entire company’s risk identification activities. Through the joint efforts of research and development, manufacturing, sales, finance, legal, human resources, IT systems, and ESH management units, we mitigate such risks and seek the corresponding opportunities.

Risk management mechanisms

Our risk management mechanisms consist of identification, analysis, and evaluation processes. The analysis process assesses the frequency, impact levels, and control levels. Risk scope covers financial, strategic, operational, and disaster management aspects. We use a matrix to analyze and manage risks in order of priority.

Risk trends monitoring
review global risk trend reports with special attention to emerging risks and incorporate those into our assessment and management items.
Risk identification activities
From the perspective of our business continuity, we annually assess the risk scenarios that we may encounter in the medium to long term.
Matrix-based risk analysis
Based on an analysis of the three aspects of incidence rate, severity level, and control level, we quantify the operational risk levels
Tiered risk management
Low-risk items are managed and controlled by the departments concerned, while medium-to-high risks are reported to company level operational management meetings to assess, the potential financial impacts.
Risk reduction work
We continuously carry out improvements under the supervision and management of the risk management team under the CSR Committee.

Risk management structure

In accordance with the risk management standards and guidelines of ISO 31000, and from a business continuity perspective, we review our response capabilities to potential risks, including financial considerations of market and financial volatility risks as well as non-financial risks from such impacts as regulatory compliance, IT security, climate and environmental protection, and social issues.

Information Security
  • Employee information security regulations compliance, avoiding leakage of secrets
  • System and application verification, reducing the interruption of system operation
  • Cloud protection and management measures upgrade, avoiding attacks
  • Software and hardware authorization and lawful, preventing illegal
  • The availability of information equipment, reducing the operational impact of new types of demand
Response Strategy
  • Strengthen information security publicity to improve implementation of mechanisms
  • Increase the diversity of information security management response drills
  • Strengthen cloud defense and response mechanisms
  • Strengthen testing and online security
  • Regularly review and update, to strengthen the equipment completeness rate
Strategic security
  • Uncertain customer demand affected by the epidemic, shortage of manpower and raw materials, delays in equipment installation and modification, avoiding the impact to production
  • Ensuring stable power supply, reducing production risks
  • Electricity usage and renewable energy settings, reducing the impact of major electricity consumers laws and regulations
  • The crisis management measures that fulfill stakeholders’ expectations, reducing the impact of the Company’s reputation
  • Disposal of defective products, reducing operating resources and costs
  • Product life cycle requirements (continuation/termination) cannot meet the expectations of different customers
Response Strategy
  • Monitor supply chain information and work with supplier partners to prevent the epidemic together by providing resources to optimize digital transformation
  • Continue to develop smart grids, increase response capability, and continually implement energy conservation plans
  • Integrate energy business and continue to develop business opportunities
  • Strengthen the risk management mechanism, increase the multiple interaction and channels for stakeholders, and improve the quality of communication and disclosure
  • Optimize product quality control, returns/replacements mechanism
  • Strengthen agreements with customers and inventory of the competitiveness of shipped models. This could be the basis to adjust the Company's internal production plan
Information Security
  • Information security rules for employees to prevent the leaking of important information
  • Manage IT equipment stability and data backups to prevent disruptions to production
  • Protect cloud system against attacks
  • Validation of application programs to prevent system failure
Response Strategy
  • Strengthening of information security awareness
  • Make sure equipment is scalable
  • Strengthen cloud protection and response mechanisms
  • Strengthen source code testing and online security
Strategic security
  • Material shortages, prevent increase in purchasing cost
Response Strategy
  • Simulation of supply and demand scenarios
  • Establish flexible cooperation arrangements with suppliers
  • Pay attention to the medium- and long-term development of suppliers
Marketing strategy
  • Responding to competitors' moves, reducing the impact of operations and market share
  • The diversification of business models, strategies and sales channels, reducing the loss of key and new customer groups
  • Product pricing mechanism and flexibility, managing market attractiveness
  • Customer service and product quality satisfaction, reducing loss of customers
Response Strategy
  • Continually construct the market analysis and development capability mechanism, invest precisely, in-depth alliance with business partners
  • Business model adjustments, to increase product diversified value solutions and acceptance
  • Review and adjust pricing strategy to increase the balance between cost and market demand
  • Set up a one-stop service team to optimize the customer service capabilities of front-line communication personnel, and improve the yield rate and quality control mechanism
Technology R&D
  • New product development: reducing the suppression of innovative thinking, avoiding non-compliance with business needs or delays in investment of new technologies, avoiding miss out good opportunities of product launch
  • Technology partners: reducing new technologies/new generation materials introduction barriers, enhancing application and R&D personnel capabilities
Response Strategy
  • Review and optimize new technology R&D and product development mechanisms regularly
  • Increase upgrades and expanding R&D capabilities of existing technologies
  • Actively cooperate with industry and academia to improve the blueprint for R&D training
  • Deeply cultivate and expand the partnership with new and old suppliers
Marketing strategy
  • New product's market acceptance and inventory levels
  • Imbalance between production and market demand
  • Change in business model and response in product strategy
  • Speed of product termination and transfer to avoid wasting resources
Response Strategy
  • Strengthen the design of common materials to reduce waste
  • Develop high-end products, strategic alliances and partnerships to boost the competitive advantage of products
  • Master consumer habits in the end-user market, change product lines and develop a new generation business opportunities
  • Strengthen customer communication and monitoring mechanisms
Technology R&D
  • Speed and cost of new product development
Response Strategy
  • Strengthen product development management mechanism
  • Take costs into account when adjusting the direction of product and technology development
  • Understanding and implementation of relevant laws and regulations, reducing the risk of violations, such as competition laws and regulations, privacy and security regulations, intellectual property rights laws, trademarks, trade secrets, environmental protection/health and safety, labor and employment, and financial accounting, etc.
  • New-style transactions global/local laws/regulations compliance, reducing investment and financial operations risks
Response Strategy
  • Regularly collect and analyze the trend and new knowledge of laws/regulations in various fields, and understand the degree of exposure through risk assessment and propose corresponding Solutions
  • Enhance the knowledge and sensitivity of relevant colleagues through communication, sharing and training
  • Site emissions and communication with public perception
  • Impact of new accounting treatment principles
Response Strategy
  • Regular monitoring of odors around the site at fixed locations
  • Strengthen the operating performance of pollution prevention equipment
  • Strengthen education, training and communications

Internal Audit System

AUO's internal Auditing Administration Division is an independent unit directly reporting to the Board of Directors. The unit consists of eight people, including the auditing executive and full-time audit staff. In addition to making audit report to the Board of Directors at regular meetings, reporting also takes place periodically or as needed basis to the Chairman of the Board (CEO) and the Audit Committee.

more details

Business Continuity Plan

To realize the goal of business continuity, AUO is continuing to monitor potential risks that have an impact on company operations and invest resources towards controlling and countering such risks. The Business Continuity Plan (BCP) is a part of management activities and it can help with maintaining an acceptable standard of critical business activities when something happens to the Company. Since BCP was introduced by AUO in 2008, the Company has completed exercises for fire, earthquake, chemical spills, epidemics and raw material shortages. Corresponding risk management strategies were also developed.

more details