Risk Management

Establish strategies and processes to respond to corporate-level systematic risks, in order to effectively control corporate risks

Our risk management team led by our Chief Financial Officer under the Corporate Social Responsibility Committee is in charge of overseeing the entire company’s risk identification activities. Through the joint efforts of research and development, manufacturing, sales, finance, legal, human resources, IT systems, and ESH management units, we mitigate such risks and seek the corresponding opportunities.

Risk management mechanisms

Our risk management mechanisms consist of identification, analysis, and evaluation processes. The analysis process assesses the frequency, impact levels, and control levels. Risk scope covers financial, strategic, operational, and disaster management aspects. We use a matrix to analyze and manage risks in order of priority.

Risk trends monitoring
review global risk trend reports with special attention to emerging risks and incorporate those into our assessment and management items.
Risk identification activities
From the perspective of our business continuity, we annually assess the risk scenarios that we may encounter in the medium to long term.
Matrix-based risk analysis
Based on an analysis of the three aspects of incidence rate, severity level, and control level, we quantify the operational risk levels
Tiered risk management
Low-risk items are managed and controlled by the departments concerned, while medium-to-high risks are reported to company level operational management meetings to assess, the potential financial impacts.
Risk reduction work
We continuously carry out improvements under the supervision and management of the risk management team under the CSR Committee.

Risk management structure

In accordance with the risk management standards and guidelines of ISO 31000, and from a business continuity perspective, we review our response capabilities to potential risks, including financial considerations of market and financial volatility risks as well as non-financial risks from such impacts as regulatory compliance, IT security, climate and environmental protection, and social issues.

Information Security
  • Information security rules for employees to prevent the leaking of important information
  • Manage IT equipment stability and data backups to prevent disruptions to production
  • Protect cloud system against attacks
  • Validation of application programs to prevent system failure
Response Strategy
  • Strengthening of information security awareness
  • Make sure equipment is scalable
  • Strengthen cloud protection and response mechanisms
  • Strengthen source code testing and online security
Strategic security
  • Material shortages, prevent increase in purchasing cost
Response Strategy
  • Simulation of supply and demand scenarios
  • Establish flexible cooperation arrangements with suppliers
  • Pay attention to the medium- and long-term development of suppliers
Marketing strategy
  • New product's market acceptance and inventory levels
  • Imbalance between production and market demand
  • Change in business model and response in product strategy
  • Speed of product termination and transfer to avoid wasting resources
Response Strategy
  • Strengthen the design of common materials to reduce waste
  • Develop high-end products, strategic alliances and partnerships to boost the competitive advantage of products
  • Master consumer habits in the end-user market, change product lines and develop a new generation business opportunities
  • Strengthen customer communication and monitoring mechanisms
Technology R&D
  • Speed and cost of new product development
Response Strategy
  • Strengthen product development management mechanism
  • Take costs into account when adjusting the direction of product and technology development
  • Site emissions and communication with public perception
  • Impact of new accounting treatment principles
Response Strategy
  • Regular monitoring of odors around the site at fixed locations
  • Strengthen the operating performance of pollution prevention equipment
  • Strengthen education, training and communications

Internal Audit System

AUO's internal Auditing Administration Division is an independent unit directly reporting to the Board of Directors. The unit consists of eight people, including the auditing executive and full-time audit staff. In addition to making audit report to the Board of Directors at regular meetings, reporting also takes place periodically or as needed basis to the Chairman of the Board (CEO) and the Audit Committee.

more details

Business Continuity Plan

To realize the goal of business continuity, AUO is continuing to monitor potential risks that have an impact on company operations and invest resources towards controlling and countering such risks. The Business Continuity Plan (BCP) is a part of management activities and it can help with maintaining an acceptable standard of critical business activities when something happens to the Company. Since BCP was introduced by AUO in 2008, the Company has completed exercises for fire, earthquake, chemical spills, epidemics and raw material shortages. Corresponding risk management strategies were also developed.

more details