Our Focuses|Corporate Governance|Risk Management
Risk Management
Winbond belongs to the semiconductor manufacturing industry. Facing natural disasters, accidents, human-made incidents, changes in international political and economic situations, the emergence of new technologies, and changes in policies and regulations may all cause serious impacts on its operations and finances. Therefore, Winbond established a "Risk Management Committee" under the Board of Directors. This committee is one of the functional committees and organizes existing departments or units responsible for risk to enhance the overall risk management organizational structure. It formulates sound internal management regulations and operating procedures for each unit's scope of responsibility and conducts risk management.
Risk Management Committee Organizational Structure
*The Risk Management Team is currently led by Deputy CEO Chan, and its members include the President, Executive Vice President, Vice Presidents, Assistant Vice Presidents, and a total of 13 executive managers. The team is responsible for identifying, assessing, and implementing risk control plans across four major risk scopes and 17 specific risks. They establish both qualitative and quantitative management standards to enhance risk control practices and regularly report risk management outcomes to the Risk Management Committee.
In 2023, Winbond revised the "Risk Management Committee Chapter" and formulated the "Risk Management Policy and Procedures" after receiving approval by the Board of Directors. It actively manages the four major types of risks faced by contemporary enterprises: "strategic," "operational," "financial," and "information security." It develops comprehensive plans and processes for pre-assessment, risk avoidance, loss prevention, and crisis management for various operational activities and regularly reports to the management and governance units to ensure that all corporate risk control goals are achieved. The risk management team should pay attention to the development of international and domestic risk management systems and changes in internal and external operating environments, adjust control mechanisms, report to the Risk Management Committee and the Board of Directors for approval, and enhance the effectiveness of risk management implementation. For details on the operation of the Risk Management Committee, please refer Functional Committee.
The company’s internal audit department is under the Board of Directors. Select audit items and frequency based on risk assessment results. It drafts an audit plan, which, after approval by the Board of Directors, is executed to assess the operational effectiveness of the internal control system. Audit reports are prepared accordingly, and follow-up reports on findings and recommendations are regularly submitted until all findings are resolved. To ensure that relevant units have taken timely and appropriate corrective actions, continuously enhancing the effectiveness of the risk management mechanism.
Internal audit department also ensures that all departments and subsidiaries regularly conduct self-assessments of the implementation of the internal control system. Risk management factors are incorporated into the annual internal control effectiveness verification process to conduct audits on organizational operations and risk management. 2023 self-assessment of the internal control systems and the audit tasks of the internal audit department were completed in January 2024.
4 Scope of Risk Management
Ⅰ- Strategic Risk
①Political Change | Ⅱ- Operational Risk
①Operational Planning, Execution, and Crisis Management ③Environmental, Health, Safety, and Carbon Rights Management |
Ⅲ- Financial Risk
①Exchange Rates and Interest Rates | Ⅳ- Information Risk
①Information Management
|
Winbond Risk Management Policy and Procedures
includes but not limit to: ❶ Risk management objectives. ❷ Risk management organizational structure and responsibilities. ❸ Risk management procedures.
Winbond Risk Management Objectives
Winbond aims to manage various risks that may impact the achievement of company goals through a comprehensive risk management framework. By integrating risk management into operational activities and daily management processes, Winbond aims to achieve the following objectives: ❶ Achieve company goals. ❷ Enhance management efficiency. ❸ Provide reliable information. ❹ Allocate resources effectively.
Risk Management Procedures
Winbond's risk management procedures include at least five elements: risk identification, risk analysis, risk assessment, risk response, and supervision and review mechanism. The specific procedures and methods for each element are as follows:
Risk Identification
Risk Analysis
Risk Assessment
Risk Response
Supervision
and Review
Risk Identification
- Each functional unit and subsidiary should identify the risks of the short-, mid-, and long-term objectives and the business operations based on the company's risk management policies and procedures.
Various feasible analysis tools and methods (such as process analysis, scenario analysis, questionnaire surveys, PESTLE analysis, etc.) should be used for risk identification. Risks should be analyzed from both topdown and bottom-up perspectives, considering internal and external risk factors, stakeholder concerns, etc., to comprehensively identify potential risk events that may affect the company's goals or cause losses or adverse impacts.
Risk Analysis
Each functional unit and subsidiary should analyze the probability and impact of identified risks based on existing control measures, past experiences, industry cases, etc., and calculate the risk value accordingly.
- Risk Analysis Measurement Standards:
- The risk management team should establish appropriate quantitative or qualitative measurement standards based on the company's risk characteristics as the basis for risk analysis.
- Qualitative measurement standards refer to expressing the probability and impact of risk events through textual descriptions, while quantitative measurement standards refer to expressing the probability and impact of risk events through specific measurable numerical indicators (such as days, percentages, amounts,
numbers, etc.).
- Risk Appetite:
- The risk management team should develop risk appetite (risk tolerance) and report it to the Risk Management Committee and the Board of Directors for determining the company's acceptable risk threshold. Based on the risk appetite, the risk management team should discuss the corresponding risk levels for each risk value and the response methods for each risk level, serving as the basis for subsequent risk assessment and risk response.
Risk Assessment:
- Each functional unit and subsidiary should, based on the results of risk analysis, align with the risk appetite approved by the Risk Management Committee and the Board of Directors. They should then plan and execute subsequent risk response measures according to the risk levels.
- The relevant results of risk analysis and assessment should be accurately documented and reported to the Risk Management Committee.
Risk Response
- After assessing business risks, each unit should propose appropriate risk response measures and control operations and report them to the risk management team for review.
Supervision and Review
- The risk management team should regularly report the implementation results of risk management procedures to the Risk Management Committee as a reference, and report major risk events to the Risk Management Committee and the Board of Directors, as necessary.
Winbond has included climate change risk into the long-term operation and management of the enterprise, and in order to understand its impact on the environment and operations, since 2021, Winbond has adopted the Task Force on Climate-Related Financial Disclosures’ (TFCD) framework, and based on the observation on international regulatory trends and market outlook, every year, we regularly identify and disclose the financial impacts of climate-related risks and opportunities (both quantitative and qualitative), providing comments on the situation as well as proposing a management strategy. Winbond will continue to monitor the impact of risks brought by the climate, strengthen the company’s operational capabilities, promote various carbon reduction plans, improve energy efficiency, and steadily move towards sustainable development. Please refer to Climate Change Management for detailed information.
Risk Analysis Table
For more information on Information Security Management Policy, please refer to: Information Safety.
Emerging Risks
Emerging Risks | Description | Impact | Mitigating Actions |
---|---|---|---|
Geopolitical Risk | The U.S.-China rivalry and Taiwan Strait tensions have posed challenges to Taiwan's semiconductor industry. As trade friction and technological competition between the U.S. and China escalate, Taiwan has become a focal point for both countries. Security issues in the Taiwan Strait are also a concern for global companies, who worry about the stability of Taiwan's supply chain amid political uncertainty, which could impact semiconductor production.
In conclusion, Winbond should weigh the high investment costs of globalization in the current volatile global environment and enhance its risk management and contingency planning to stay competitive in the future market. |
|
|
Risks of AI Applications | In the era of rapid development of AI technology, AI is expected to bring many growth opportunities for enterprises in terms of productivity enhancement, business modeling, and innovation. However, before the technology enters the maturity stage, AI application will also bring multiple and complex risks to enterprises, such as the security and reliability of the AI model itself, AI governance, ethics, privacy, and regulatory completeness, and so on.
|
|
|