In response to changes and trends in the global political economy, LITEON adopts a robust risk management framework and a practical roadmap, and identifies and monitors the environmental, social, and economic (and governance) risks with a potential impact on the company's sustainable development. LITEON also implements risk mitigation, avoidance, transfer, and other management strategies and countermeasures to minimize potential risks and sometimes turn them into business opportunities.
The risk management policy
LITEON's risk management policy defines risks according to the company's overall business plan. The policy sets up risk management mechanisms for early identification, accurate measurement, effective supervision, and rigorous control. Given the acceptable risk, the policy prevents possible losses and adjusts and improves best risk management practices constantly to reflect changes in the internal and external environments. The goal is to protect the interests of LITEON's employees, shareholders, partners, customers, and other stakeholders and to create more value and achieve optimal resource allocation for the company. Please refer to LITEON Risk Management Policy and Procedures.
The risk management framework and implementation
The risk management framework
LITEON's board of directors sits at the top of its risk management system. Its mission is to comply with the laws and regulations and implement and enforce risk management in the company as a whole. The board should have a clear understanding of the operational risks, maintain the validity of the risk management system, and be ultimately responsible for risk management performance.
The Corporate Sustainability Committee is a functional committee under the board of directors. There are 2 categories: “Corporate Social Responsibility (E&S)” and “Sustainability Governance and Ethical Management (G). Nine subcommittees are under the committee, and the risk management subcommittee is led by the highest authority of the risk management department (served concurrently by the president). The risk management subcommittee is the organization responsible for conducting risk management and reporting results of risk management activities regularly to the Corporate Sustainability Committee.
Given the increasing attention to risk management issues, the Corporate Sustainability Committee Executive Office and the risk management subcommittee take an active approach to managing the risks associated with the company's operations. Hence, LITEON puts all heads of operational departments in charge of overseeing risk management and analyzing and monitoring risks in their own business to ensure effective execution of risk controls and procedures. Meanwhile, internal auditors are responsible for assessing risks and presenting annual audit plans accordingly. The auditors are also responsible for delivering reports on the status of risk management to the Audit Committee and the board of directors. LITEON's risk management framework is shown as follows:
Implementation of risk management
LITEON carried out the current cybersecurity maturity audit by the external third-party, SAHTECH in 2023.
LITEON implemented US industry standard NISTIR 8286 which integrates cybersecurity and enterprise risk management(ERM) in 2022 since introducing ERM in 2021.
LITEON held the Corporate Sustainability Committee(CS Committee) meeting on Apr. 21, 2023, and the risk management subcommittee reported the status of risk management from all of the functional units to the CS Committee.
The risk management subcommittee reported the status of risk management from all of the functional units to the Audit Committee and Board committee on Oct. 28, 2022.
LITEON held the CS Committee meeting on Oct. 21 and Mar. 16, 2022, respectively, and the risk management subcommittee reported the status of risk management from all of the functional units to the CS Committee.
Risk Management Processes and Procedures
The risk management process consists of risk issue identification, risk assessment, risk control, risk reporting and disclosure, and response to risk disclosure. The process is conducted according to the PDCA cycle, which follows "plan, do, check, and act."
Risk issue identification
LITEON has developed a comprehensive risk management framework with job functions and areas of responsibility segregated for risk identification purposes. The framework is able to cover different risks on various levels. The LITEON risk management subcommittee follows the materiality principle and divides risks into 8 categories by economic (including corporate governance), environmental,
social, and other aspects as illustrated below.
In 2020, the risk management subcommittee used the risk matrix based on the possibility and degree of impact of each risk to assess key risk issues for LITEON and identified key risks. It helped LITEON take further steps to adopt countermeasures such as mitigation, avoidance, transfer, and retention. The PDCA cycle was deployed for continuous and effective improvement and a good grasp of risk factors. The goal was to reduce the probability and severity of losses arising from these risks.
The operational departments, having identified potential risk factors, implement adequate measurement methods to provide a basis for risk management.
Risk assessment covers risk analysis and measurement. It analyzes the probabilities of risk incidents and the degree of adverse impact in the event of such an incident. The goal is to evaluate the effects of risks on the company to provide a basis for deciding priorities in risk control implementation and response selection.
Rigorous statistical methods and techniques should be deployed to analyze and manage quantitative risks.
Qualitative methods will be used to assess other risks more difficult to quantify. Qualitative risk assessment refers to the use of words to describe the probabilities of risks and the degrees of impact.
The operational departments should monitor risks in their business activities. The departments should propose countermeasures as appropriate and submit the risks and their countermeasures to the risk management subcommittee to be summarized and presented in routine meetings of the Corporate Sustainability Committee.
Risk reporting and disclosure
To record risk management procedures and results in detail, the risk management subcommittee should update the Corporate Sustainability Committee and the Audit Committee regularly on the company's risk management practices. The chair of the Audit Committee will in turn present reports and related information at board meetings.
The operational departments, having assessed and summarized the risks, will take appropriate actions in response.
Risk Management Projects
In 2021, LITEON followed the ISO 31000 and Enterprise Risk Management (ERM) framework guidelines to implement risk management project mitigation measures for LITEON risk issues. The project process is
＊For the details of the above-mentioned project, please refer to the chapter 2.3.4 Risk Management Projects of the and LITEON’s Sustainability Report.
Long-Term Emerging Risk Management
As more categories are being added to emerging risks around the world and the probabilities keep rising, LITEON has added emerging risk identification and management to its ERM program. New key environmental, social, economic, technological, and geopolitical risks identified in 2022 are as followed.
LITEON thinks renewable energies present important risks and opportunities. The environmental sustainability team is in place to identify potential physical and transformation risks for LITEON to arise from renewable energies. We take further steps to analyze these renewable energy risks and opportunities and assess the probability and severity of each. We also follow the Task Force on Climate-related Financial Disclosures (TCFD) and disclose renewable energy data and the associated risks and opportunities. Please see Climate Change and Energy Management and Sensitive Analysis for more details on strategies and response measures.
Renewable energy acquisition and use
LITEON's main manufacturing sites are located in Mainland China, but the power supply shortage in China has been becoming a big challenge due to climate change, infectious diseases and geopolitics issues which are about importing coal and gas. In order to effectively mitigate the impact of the power outages and shortages on production, LITEON has introduced the enterprise risk management system based on ISO 31000 in 2021 to systematically identify, analyze and evaluate risks for power outages.
Influences of the COVID-19 that broke out in 2020 continue. Although there are vaccines on the market, the effect has not been significant, the spread of the virus variants is strong, resulting in the current state of semi-blockade in many places around the world, hence the COVID-19 is making a serious impact on the global economy. According to the S&P Global Market Intelligence report, the number of bankruptcies of American and Chinese companies in 2020 has increased sharply, setting a new high in the past 10 years, showing that related epidemic prevention restrictions have caused serious damage to the global economy. By cooperating with external credit rating agencies, LITEON has expanded its understanding of customer market conditions and industry-specific characteristics to implement credit rating management, and purchase accounts receivable insurance to pass on risks, reduce the possibility of customers going bankrupt due to the impact of the general environment, and reduce the company's losses. About the details please refer to “Other Major Risks“ of 2021 LITEON’s Annual Report.
Intellectual property risk
LITEON receives third-party notice from time to time. Such notice often claims LITEON products may have infringed on a third party's patent or another form of intellectual property. These claims sometimes lead to legal proceedings. Therefore, we take an active approach to facing and handling intellectual property disputes as appropriate with priority given to protecting the company's market, products, technologies, and clients. We do not seek out fights, nor do we shy from challenges. Besides following the dispute resolution mechanisms to perform technical, legal, and industrial analysis and formulate dispute resolution strategies, we utilize various methods to erect technical barriers to trade for competitors, thereby acquiring protection of our intellectual property rights or avoiding infringement on patents of others. Please see "Intellectual Property Report" for more details on strategies and response measures.
Information security risk
LITEON places a great emphasis on information security management along the value chain.The scope of information protection covers internal employees, external clients (customers, suppliers, consultants, and business partners), shareholders, and the safety of operation-related IT hardware/software. It includes employees, customers, suppliers, and shareholders. To protect the confidentiality, integrity, usability, and legality of information assets and avoid intentional or accidental internal or external threats, LITEON started promoting a companywide InfoSec management system in 2018 to comply with the ISO/IEC 27001: 2013 standards. Furthermore, LITEON renewed the ISO/IEC 27001 information security management system verification in 2023 (valid period : 07/01/2023~10/31/2025) and continued to update the validity of the certificate to ensure the effectiveness of the cybersecurity management mechanisms. The LITEON Information Security Policy was implemented to provide a basis for InfoSec management. The policy is implemented in all LITEON offices around the world. Please see Please see Information Security and Privacy Management for more details on strategies and response measures.
Drastic changes in the value chains due to geopolitics
The impact of the U.S.-China trade war that broke out in 2018 has not stopped so far. Along with the 2019 Japan-South Korea trade war, COVID-19 and Russia-Ukraine war, it has brought significant influences and impact on the global economy. In order to avoid the risks from our value chain, LITEON monitored the relevant overall economic indicators of countries, undertook interest rate hedging commodities at appropriate times, dispersed production sites in Southeast Asian countries, and cooperated with external credit rating agencies to reduce the related risks.
Sustainable Governance ▸