In response to changes and trends in the global political economy, LITEON adopts a robust risk management framework and a practical roadmap, and identifies and monitors the environmental, social, and economic (and governance) risks with a potential impact on the company's sustainable development. LITEON also implements risk mitigation, avoidance, transfer, and other management strategies and countermeasures to minimize potential risks and sometimes turn them into business opportunities.
The risk management policy
LITEON's risk management policy defines risks according to the company's overall business plan. The policy sets up risk management mechanisms for early identification, accurate measurement, effective supervision, and rigorous control. Given the acceptable risk, the policy prevents possible losses and adjusts and improves best risk management practices constantly to reflect changes in the internal and external environments. The goal is to protect the interests of LITEON's employees, shareholders, partners, customers, and other stakeholders and to create more value and achieve optimal resource allocation for the company. Please refer to LITEON Risk Management Policy and Procedures.
The risk management framework and implementation
The risk management framework
LITEON's board of directors sits at the top of its risk management system. Its mission is to comply with the laws and regulations and implement and enforce risk management in the company as a whole. The board should have a clear understanding of the operational risks, maintain the validity of the risk management system, and be ultimately responsible for risk management performance.
The Corporate Sustainability Committee is a functional committee under the board of directors. There are 2 categories: “Corporate Social Responsibility (E&S)” and “Sustainability Governance and Ethical Management (G). Nine subcommittees are under the committee, and the risk management subcommittee is led by the highest authority of the risk management department (served concurrently by the president). The risk management subcommittee is the organization responsible for conducting risk management and reporting results of risk management activities regularly to the Corporate Sustainability Committee.
Given the increasing attention to risk management issues, the Corporate Sustainability Committee Executive Office and the risk management subcommittee take an active approach to managing the risks associated with the company's operations. Hence, LITEON puts all heads of operational departments in charge of overseeing risk management and analyzing and monitoring risks in their own business to ensure effective execution of risk controls and procedures. Meanwhile, internal auditors are responsible for assessing risks and presenting annual audit plans accordingly. The auditors are also responsible for delivering reports on the status of risk management to the Audit Committee and the board of directors. LITEON's risk management framework is shown as follows:
Implementation of risk management
ISO 31000 Enterprise Risk Management System (ERM) has been introduced In 2021, and second-line risk management interviews were conducted. In May, the priority risk assessment topics for this year were confirmed to be "power outage" and "infectious diseases".
2020/12/16 Completed the report on the annual operation status and plan of risk management in the CSR Committee and the Audit Committee. The chair of the Audit Committee also reported to the Board of Directors on the operation of risk management on the same day.
The second meeting was held in November 2020, presided over by the convener President Anson Chiu, and the responsible personnel (the head of the functional department) attended the meeting to collect the main risk issues assessed by each department.
The first meeting was held in March 2020, and Director Mike Yang was invited to conduct guidance and exchange discussions on information security related issues. The related issues and progress have been completed by the Board of Directors on 10/30.
On February 26, 2020, the Audit Committee and the Board of Directors approved the first version of the Company's "Risk Management Policies and Procedures"
Risk Management Processes and Procedures
The risk management process consists of risk issue identification, risk assessment, risk control, risk reporting and disclosure, and response to risk disclosure. The process is conducted according to the PDCA cycle, which follows "plan, do, check, and act."
Risk issue identification
LITEON has developed a comprehensive risk management framework with job functions and areas of responsibility segregated for risk identification purposes. The framework is able to cover different risks on various levels. The LITEON risk management subcommittee follows the materiality principle and divides risks into 8 categories by economic (including corporate governance), environmental,
social, and other aspects as illustrated below.
In 2020, the risk management subcommittee used the risk matrix based on the possibility and degree of impact of each risk to assess key risk issues for LITEON and identified key risks. It helped LITEON take further steps to adopt countermeasures such as mitigation, avoidance, transfer, and retention. The PDCA cycle was deployed for continuous and effective improvement and a good grasp of risk factors. The goal was to reduce the probability and severity of losses arising from these risks.
The operational departments, having identified potential risk factors, implement adequate measurement methods to provide a basis for risk management.
Risk assessment covers risk analysis and measurement. It analyzes the probabilities of risk incidents and the degree of adverse impact in the event of such an incident. The goal is to evaluate the effects of risks on the company to provide a basis for deciding priorities in risk control implementation and response selection.
Rigorous statistical methods and techniques should be deployed to analyze and manage quantitative risks.
Qualitative methods will be used to assess other risks more difficult to quantify. Qualitative risk assessment refers to the use of words to describe the probabilities of risks and the degrees of impact.
The operational departments should monitor risks in their business activities. The departments should propose countermeasures as appropriate and submit the risks and their countermeasures to the risk management subcommittee to be summarized and presented in routine meetings of the Corporate Sustainability Committee.
Risk reporting and disclosure
To record risk management procedures and results in detail, the risk management subcommittee should update the Corporate Sustainability Committee and the Audit Committee regularly on the company's risk management practices. The chair of the Audit Committee will in turn present reports and related information at board meetings.
The operational departments, having assessed and summarized the risks, will take appropriate actions in response.
Risk Management Projects
LITEON followed ISO 31000 risk management principles and guidelines and made plans for a project to implement an enterprise risk management (ERM) system. In addition, LITEON had completed internal risk issue identification and assessment within the scope of the LITEON Risk Management Policy and Procedures and taken risk management mitigation measures. These measures are described as follows:
2020 Risk Identification and Mitigation Measures
＊For the above economic, environmental and social risk management instructions, please refer to the relevant chapters of the company's annual report and corporate social responsibility report.
Long-Term Emerging Risk Management
As more categories are being added to emerging risks around the world and the probabilities keep rising, LITEON has added emerging risk identification and management to its ERM program. New key environmental, social, economic, technological, and geopolitical risks identified in 2020 included (1) Operational risk(COVID-19), (2) information security risk (3) intellectual property risk and (4) environmental risk(Net Zero Emissions/Renewable Energy).
Influences of the COVID-19 that broke out in 2020 continue. Although there are vaccines on the market, the effect has not been significant, the spread of the virus variants is strong, resulting in the current state of semi-blockade in many places around the world, hence the COVID-19 is making a serious impact on the global economy. According to the S&P Global Market Intelligence report, the number of bankruptcies of American and Chinese companies in 2020 has increased sharply, setting a new high in the past 10 years, showing that related epidemic prevention restrictions have caused serious damage to the global economy. By cooperating with external credit rating agencies, LITEON has expanded its understanding of customer market conditions and industry-specific characteristics to implement credit rating management, and purchase accounts receivable insurance to pass on risks, reduce the possibility of customers going bankrupt due to the impact of the general environment, and reduce the company's losses.。About the details please refer to “7.6.14 Other Major Risks“ of 2020 LITEON’s Annual Report.
Information security risk
LITEON places a great emphasis on information security management along the value chain.The scope of information protection covers internal employees, external clients (customers, suppliers, consultants, and business partners), shareholders, and the safety of operation-related IT hardware/software. It includes employees, customers, suppliers, and shareholders. To protect the confidentiality, integrity, usability, and legality of information assets and avoid intentional or accidental internal or external threats, LITEON started promoting a companywide InfoSec management system in 2018 to comply with the ISO/IEC 27001: 2013 standards. Furthermore, LITEON obtained a certificate of third-party verification in 2020. The LITEON Information Security Policy was implemented to provide a basis for InfoSec management. The policy is implemented in all LITEON offices around the world. Please see Information Security and Privacy Management for more details on strategies and response measures.
Intellectual property risk
LITEON receives third-party notice from time to time. Such notice often claims LITEON products may have infringed on a third party's patent or another form of intellectual property. These claims sometimes lead to legal proceedings. Therefore, we take an active approach to facing and handling intellectual property disputes as appropriate with priority given to protecting the company's market, products, technologies, and clients. We do not seek out fights, nor do we shy from challenges. Besides following the dispute resolution mechanisms to perform technical, legal, and industrial analysis and formulate dispute resolution strategies, we utilize various methods to erect technical barriers to trade for competitors, thereby acquiring protection of our intellectual property rights or avoiding infringement on patents of others. Please see "Intellectual Property Report" for more details on strategies and response measures.
LITEON thinks renewable energies present important risks and opportunities. The environmental sustainability team is in place to identify potential physical risks and transformation risks for LITEON to arise out of renewable energies. We take further steps to analyze these renewable energy risks and opportunities, and assess the probability and severity of each. We also follow the Task Force on Climate-related Financial Disclosures (TCFD) and disclose renewable energy data and the associated risks and opportunities. Please see Climate Change and Energy Management for more details on strategies and response measures.
Sustainable Governance ▸