Establish strategies and processes to respond to corporate-level systematic risks, in order to effectively control corporate risks
Our risk management team led by our Chief Financial Officer under the Corporate Social Responsibility Committee is in charge of overseeing the entire company’s risk identification activities. Through the joint efforts of research and development, manufacturing, sales, finance, legal, human resources, IT systems, and ESH management units, we mitigate such risks and seek the corresponding opportunities.
Risk management mechanisms
Our risk management mechanisms consist of identification, analysis, and evaluation processes. The analysis process assesses the frequency, impact levels, and control levels. Risk scope covers financial, strategic, operational, and disaster management aspects. We use a matrix to analyze and manage risks in order of priority.
- Risk trends monitoring
- review global risk trend reports with special attention to emerging risks and incorporate those into our assessment and management items.
- Risk identification activities
- From the perspective of our business continuity, we annually assess the risk scenarios that we may encounter in the medium to long term.
- Matrix-based risk analysis
- Based on an analysis of the three aspects of incidence rate, severity level, and control level, we quantify the operational risk levels
- Tiered risk management
- Low-risk items are managed and controlled by the departments concerned, while medium-to-high risks are reported to company level operational management meetings to assess, the potential financial impacts.
- Risk reduction work
- We continuously carry out improvements under the supervision and management of the risk management team under the CSR Committee.
Risk management structure
In accordance with the risk management standards and guidelines of ISO 31000, and from a business continuity perspective, we review our response capabilities to potential risks, including financial considerations of market and financial volatility risks as well as non-financial risks from such impacts as regulatory compliance, IT security, climate and environmental protection, and social issues.
- Information security rules for employees to prevent the leaking of important information
- Manage IT equipment stability and data backups to prevent disruptions to production
- Protect cloud system against attacks
- Validation of application programs to prevent system failure
- Strengthening of information security awareness
- Make sure equipment is scalable
- Strengthen cloud protection and response mechanisms
- Strengthen source code testing and online security
- Material shortages, prevent increase in purchasing cost
- Simulation of supply and demand scenarios
- Establish flexible cooperation arrangements with suppliers
- Pay attention to the medium- and long-term development of suppliers
- New product's market acceptance and inventory levels
- Imbalance between production and market demand
- Change in business model and response in product strategy
- Speed of product termination and transfer to avoid wasting resources
- Strengthen the design of common materials to reduce waste
- Develop high-end products, strategic alliances and partnerships to boost the competitive advantage of products
- Master consumer habits in the end-user market, change product lines and develop a new generation business opportunities
- Strengthen customer communication and monitoring mechanisms
- Speed and cost of new product development
- Strengthen product development management mechanism
- Take costs into account when adjusting the direction of product and technology development
- Site emissions and communication with public perception
- Impact of new accounting treatment principles
- Regular monitoring of odors around the site at fixed locations
- Strengthen the operating performance of pollution prevention equipment
- Strengthen education, training and communications
Internal Audit System
AUO's internal Auditing Administration Division is an independent unit directly reporting to the Board of Directors. The unit consists of eight people, including the auditing executive and full-time audit staff. In addition to making audit report to the Board of Directors at regular meetings, reporting also takes place periodically or as needed basis to the Chairman of the Board (CEO) and the Audit Committee.more details
Business Continuity Plan
To realize the goal of business continuity, AUO is continuing to monitor potential risks that have an impact on company operations and invest resources towards controlling and countering such risks. The Business Continuity Plan (BCP) is a part of management activities and it can help with maintaining an acceptable standard of critical business activities when something happens to the Company. Since BCP was introduced by AUO in 2008, the Company has completed exercises for fire, earthquake, chemical spills, epidemics and raw material shortages. Corresponding risk management strategies were also developed.more details