Establish strategies and processes to respond to corporate-level systematic risks, in order to effectively control corporate risks
Our risk management team led by our Chief Financial Officer under the Corporate Social Responsibility Committee is in charge of overseeing the entire company’s risk identification activities. Through the joint efforts of research and development, manufacturing, sales, finance, legal, human resources, IT systems, and ESH management units, we mitigate such risks and seek the corresponding opportunities.
Risk management mechanisms
Our risk management mechanisms consist of identification, analysis, and evaluation processes. The analysis process assesses the frequency, impact levels, and control levels. Risk scope covers financial, strategic, operational, and disaster management aspects. We use a matrix to analyze and manage risks in order of priority.
- Risk trends monitoring
- review global risk trend reports with special attention to emerging risks and incorporate those into our assessment and management items.
- Risk identification activities
- From the perspective of our business continuity, we annually assess the risk scenarios that we may encounter in the medium to long term.
- Matrix-based risk analysis
- Based on an analysis of the three aspects of incidence rate, severity level, and control level, we quantify the operational risk levels
- Tiered risk management
- Low-risk items are managed and controlled by the departments concerned, while medium-to-high risks are reported to company level operational management meetings to assess, the potential financial impacts.
- Risk reduction work
- We continuously carry out improvements under the supervision and management of the risk management team under the CSR Committee.
Risk management structure
In accordance with the risk management standards and guidelines of ISO 31000, and from a business continuity perspective, we review our response capabilities to potential risks, including financial considerations of market and financial volatility risks as well as non-financial risks from such impacts as regulatory compliance, IT security, climate and environmental protection, and social issues.
- Risk identification process
- Effective control measures
The control and countering of emerging risks along with protection of business secrets and systems can reduce loss of assets and ensure continuity of operations
- Introduction of ISO 27000 to strengthen internal controls and train all personnel
- Cyber-security exercise
- Marketing strategy
- Technology R&D
- Engaging in innovative techology R&D can stimulate commercial developments in the value chain, boost profits from product sales and strengthen the core competitiveness of the Company
- Effective marketing strategies and business models can ensure continued operations and profitability
- Product differentiation and advanced techology to boost product competitiveness
- Strategic alliances and cooperation
- Additional monitoring and process management mechanisms
- External Risks
Global political, economic and industry shifts impact on Company costs and profits through their indirect influence on environmental and trade regulations.
- Operation and management of the Carbon Energy Team
- Business Continuity Management response capability
Internal Audit System
AUO's internal Auditing Administration Division is an independent unit directly reporting to the Board of Directors. The unit consists of eight people, including the auditing executive and full-time audit staff. In addition to making audit report to the Board of Directors at regular meetings, reporting also takes place periodically or as needed basis to the Chairman of the Board (CEO) and the Audit Committee.more details
Business Continuity Plan
To realize the goal of business continuity, AUO is continuing to monitor potential risks that have an impact on company operations and invest resources towards controlling and countering such risks. The Business Continuity Plan (BCP) is a part of management activities and it can help with maintaining an acceptable standard of critical business activities when something happens to the Company. Since BCP was introduced by AUO in 2008, the Company has completed exercises for fire, earthquake, chemical spills, epidemics and raw material shortages. Corresponding risk management strategies were also developed.more details