In order to implement sustainable development, Wistron not only follows the existing organizational management system and internal control system to manage the risks at all operation levels but also commits taking top-down approaches to oversee and control the risks that should be considered at strategic levels. The Company established the systematic "Risk Management Policy and Procedures" in accordance with ISO 31000 Risk Management Principles and Guidelines in 2020. To better tackle relevant risks, we adopted proactive and effective methods for assessing major economic, social, environmental, and innovative technology risks across the world and their potential threat to the Company's sustainable development.
Risk Management and Business Continuity Policy
The Company adheres to the principle of sustainability. By establishing, implementing, and maintaining an active risk management mechanism, Wistron continues to keep abreast of internal and external issues and environmental changes, conduct impact analysis and risk assessment, and improve its capability to effectively and flexibly respond to relevant challenges. Through performing regular self-inspection, the Company continuously improves its resilience in order to fulfill the commitment to ensure business continuity and protect the best interests of customers and interested parties. In order to effectively control the risks related to operations, the Company should establish a risk management culture within the organization through the optimization of mechanisms such as education and training, performance management, early warning notification, and public disclosure.
Risk Management Framework
- The highest responsible unit for risk management in the Company is the Board of Directors and is responsible for approving risk management policies and related regulations. The Board supervises the overall implementation of risk management to ensure the effective control of risks.
- We have established the ESG Committee, and the Vice Chairman serves as the Chairperson of the Committee. The Committee is composed of independent directors, supervisors, and senior managers of the Company. Under the committee, the Risk Management Team has been established, with the Chief Financial Officer acting as the convener. The Risk Management Team conducts corporate operating risk and emerging risk combined evaluations and submits the risk management report to the ESG Committee. The ESG Committee reports to the Board of Directors regularly every year.
- The risk management framework at each organizational level is managed by the President & CEO, and the management personnel of various business units and functional units conduct relevant risk assessments in regularly business operation meetings to formulate the appropriate response and countermeasures.
- For the internal controls, the management personnel of each operating unit and subsidiary regularly performs the self-assessment of their internal control systems, and the Audit office supervises the implementation results.
Risk Management Procedures
The Company's risk management procedures include risk identification, risk analysis, risk assessment, risk mitigation, risk monitoring, risk reports and disclosure. The ESG Committee convenes regular meetings each year and requests the Committee Members and Work Group responsible for each aspect to evaluate and discuss the Company's potential risks and emerging risks based on the frequency, level of impact, and level of control on the 4 areas of environmental, social, corporate governance, and technological innovation. Regular reports are made to the Board of Directors.
Risk Identification and Operations
The members of the Risk Management Work Group of the Company include units responsible for corporate governance, legal affairs, finance, investment management, corporate PR, information management, quality, sales, human resources, general affairs, materials (supply chain management), products, and manufacturing. They collect information on risk incidents, causes, and effects in the 4 areas of environmental, social, corporate governance, and technological innovation. A total of 24 risks were identified through discussions and revisions by the ESG Committee, including supply chain shortages, spread of major diseases, geopolitics, information security, intellectual property rights and litigations, and new technology related risks. The risk levels were identified and determined priorities for risk management. The Company then assigns a unit to take charge of formulating corresponding risk mitigation procedures and incorporates them into the risk management items to be regularly defined and reviewed by the ESG Committee.
Risk Management Operating Status
The Company actively promotes and implements risk management mechanisms. The operating status is reported to the Board of Directors once a year. The main operating status in 2021 was as follows:
- The 3rd meeting of the first ESG Committee was convened to evaluate important risk issues of the Company according to the possibility of different risks occurring and the impact of the risks, in order to confirm the priorities of risk management.
- The Sustainability Promotion Team uses the “governance”, “strategy”, “risk management”, and “indicators and goals” frameworks of the Task Force on Climate-related Financial Disclosures (TCFD) to identify climate risks and opportunities and used it to create measurement indicators and targets for management.
- The Information Security Committee was established, with the President and Chief Information Security Officer acting as co-chairpersons. The Committee is responsible for organizing information security matters and stipulating the “Information Security Policy” to protect the IT assets of employees, customers, suppliers, and company operations.
- The Sustainability Promotion Team convenes risk management meetings to conduct sensitivity analysis and stress testing on financial risks, climate change risks, water resource risks, information security risks, geopolitical risks, new technology risks, and intellectual property rights risks of the Company and important subsidiaries. We aim to strengthen risk awareness within the Company and our subsidiaries and further quantify the tolerability of the risks mentioned above.
- The President supervises internal units and subsidiaries which are required to perform two internal control self-assessments each year. The Audit office reviews the self-assessment reports of all units and subsidiaries and uses the internal control discrepancies and irregularities found as the basis for the annual Internal Control System Statements.
- We revised the Company’s risk management policies and procedures, and established the Risk Management Team under the ESG Committee.
2021 Corporate Risk Map
Emerging Risk Management
In 2020, Wistron started to reference the emerging risk reports released by external institutions every year (such as the Global Risk Report by the World Economic Forum), in order to identify emerging risks through the 4 main processes of “confirm the environment and background of the industry, evaluate the risks (risk identification, risk analysis, and risk assessment), risk handling, and monitoring and review”. We compiled the comments of the managers to identify emerging risks and formulate risk reduction measures. The results are reported to the ESG Committee for early deployment and response.