To counter the challenges of a fast changing global economy and the sustainability risk, LITE-ON adopts a robust risk management framework and an effective implementation roadmap that approach in four aspects, which are the environment, operation, strategy, and internal control, to identify and manage potential risks that may have an impact on a company's sustainable development. In addition, LITE-ON implements management strategies and takes measures to transfer, mitigate, minimize, or even eliminate risks entirely and turn them into business opportunities.
LITE-ON's risk management framework and internal controls allow it to take the initiative and respond to the risks associated with its operations in the most cost-effective manner. The CEO serves as the highest ranking officer in the risk management framework, and oversees departments including strategic investment, finance, business management, and human resources as well as the risks facing these departments in the four aspects. Risk considerations in these areas are made part of various management reports to be discussed in quarterly business strategy meetings. Furthermore, in the event of a major incident regarding the environment, operation, or strategy, the CEO will call a meeting of the board of directors to formulate the appropriate response and countermeasures. Regarding internal controls, the Audit Office supervises and performs risk management, and reports regularly to the board of directors.
LITE-ON has been able to develop a comprehensive risk management framework with job functions and areas of responsibility clearly segregated for risk identification purposes. Each risk is further evaluated by probability and severity to determine key material risks, and then mapped onto a risk map for ease of identification. This enables the organization to take further steps to transfer, accept, mitigate, and avoid the identified risks. By executing the PDCA cycle (plan, do, check, act), the company is able to improve its control over various risk factors and reduce the chances of risks occurring and the impact they might have. Furthermore, as more categories are being added to emerging risks around the world and the probabilities keep rising, we have also made identification and management of long term emerging risks part of the enterprise risk management plan. In 2018, we identified new key material risks including:
1. disruptive technology risk
2. digital information security risk
3. human resource risk (human resource development system)
In order to address high probability high impact external and operational risks, LITE-ON has made the risk management plan an integral part of the risk culture. The plan focuses on "raising safety awareness", "improving critical asset protection", and "establishing safety systems and rules", all of which are interconnected.
• Raising safety awareness
The Risk Management Department arranges regular training and seminars to help employees learn from past mistakes, and hence raise their awareness towards safety and risk management.
• Improving critical asset protection
Important equipment, logistics processes, and final products are inspected every year in order to examine the practices at individual business units from product design and production to liability risk management after sales.
• Establishing safety systems and rules
Through regular inspections and improvements, LITE-ON is able to optimize the risk profiles of its production sites, reducing the possibility of accidents and hence minimizing loss of workers, plant, equipment, raw materials, and operations.
2018 Risk Identification and Control Measures
＊Details of risk management in terms of financial, environmental, and social concerns above are shown in the annual report and appropriate chapters of this report.
Disruptive technology risk
To adapt to emerging/disruptive technologies and create good sources of profits, LITE-ON continues to complete business transformation by change of operating model and product portfolio. In addition, the group transformation project focuses on five areas of IoT application. They are cloud computing, LED and outdoor lighting, auto electronics, industrial automation, and smart healthcare, all of which are aimed at creating a safer, friendlier, and more energy efficient user experience. Regarding storage devices, for example, as the data oriented ODD gradually becomes obsolete, LITE-ON turns to invest in the silent, low power consumption SSD. In addition to SSD for personal computers, LITE-ON has succeeded in pushing for its use in cloud storage. SSD has now become one of LITE-ON's core products. Please see Environmental Sustainability Policy and Commitment, Climate Change Strategy, and 4.5 Green in the Factory of the LITE-ON CSR report for more details on strategies and response measures.
Digital information security risk
While driving digital transformation in the company, LITE-ON came to identify digital information security as a major risk and an important opportunity. It has created a cross-departmental and cross-functional InfoSec organization to performs InfoSec tasks. The Information Security Policy has been implemented to provide the basis for management and compliance with ISO 27001: 2013 standards. Meanwhile, InfoSec tools and ongoing improvements are being introduced alongside regular internal InfoSec audits and training to ensure effective information security and privacy protection. Please see Information Security and Privacy Management for more details on strategies and response measures.
Climate change risk management
LITE-ON sees climate change as a major risk and an important opportunity. The Climate Change Risk Task Force is in place to identify potential physical risks and transformation risks for LITE-ON to arise from climate change. We take further steps to analyze climate related risks and opportunities and assess the probability and severity of each. We also follow the Task Force on Climate-related Financial Disclosures (TCFD) and disclose climate change data and the associated risks and opportunities. Please see Environmental Sustainability Policy and Commitment for more details on strategies and response measures.
Supply chain risk management
As part of its effort to build a sustainable supply chain, LITE-ON performs supplier sustainability risk assessments every year. LITE-ON screens supplier risks on a preliminary basis by analyzing potential risks in terms of location of a supplier, amount of procurement, and production process of a supplier. Furthermore, to better understand a supplier's risks, we survey sustainability risks in all key suppliers and first tier suppliers, and require key suppliers complete and return sustainability risk questionnaires. When the questionnaires are completed, we will perform a more detailed risk assessment on high risk suppliers identified in the process. High risk key suppliers will be subject to onsite audits or be required to complete the RBA Validated Audit Process (VAP). High risk first tier suppliers will be required to complete and return the RBA Self-Assessment Questionnaire in order to verify and keep reducing their risks. The risk assessments above are performed to identify potential economic, environmental, and social risks in the supply chain as well as suppliers with potentially higher risks. We target suppliers with potentially higher risks and perform audits and provide assistance to ensure their risks are effectively kept under control and minimized. Please see Supply Chain Management for more details on strategies and response measures.
Human resource risk management
According to reports released by research institutions, the changing global environment and the rise of social enterprises are transforming the labor market and altering the landscape in human capital. For example, employers have to recruit through a wider range of channels, provide more comprehensive training, and offer more flexible and more competitive benefit and compensation packages. LITE-ON is aware of the importance of the current transformation. For recruitment, we have started exploring talent through industry-academia cooperation in addition to the conventional recruitment channels. Please see 6.3 Supporting Internships for more details. The training system is built on four tiers, new employees, field of training, level of authority, and self development. The learning blueprint consists of 12 modules aimed at helping employees to improve and adapt to a company's constantly changing social role. Please see Human Capital Development for more details.