Risk Management

In response to changes and trends in the global political economy, LITEON adopts a robust risk management framework and a practical roadmap, and identifies and monitors the environmental, social, and economic (and governance) risks with a potential impact on the company's sustainable development. LITEON also implements risk mitigation, avoidance, transfer, and other management strategies and countermeasures to minimize potential risks and sometimes turn them into business opportunities.

The Risk Management Policy

LITEON's risk management policy defines risks according to the company's overall business plan. The policy sets up risk management mechanisms for early identification, accurate measurement, effective supervision, and rigorous control. Given the acceptable risk, the policy prevents possible losses and adjusts and improves best risk management practices constantly to reflect changes in the internal and external environments. The goal is to protect the interests of LITEON's employees, shareholders, partners, customers, and other stakeholders and to create more value and achieve optimal resource allocation for the company. Please refer to LITEON Risk Management Policy and Procedures.

The Risk Management Framework

LITEON's board of directors sits at the top of its risk management system. Its mission is to comply with the laws and regulations and implement and enforce risk management in the company as a whole. The board should have a clear understanding of the operational risks, maintain the validity of the risk management system, and be ultimately responsible for risk management performance.

The Corporate Sustainability Committee is a functional committee under the board of directors. There are 2 categories: “Corporate Social Responsibility (E&S)” and “Sustainability Governance and Ethical Management (G). Nine subcommittees are under the committee, and the risk management subcommittee is led by the highest authority of the risk management department (served concurrently by the president). The risk management subcommittee is the organization responsible for conducting risk management and reporting the results of risk management activities regularly to the Corporate Sustainability Committee.

Given the increasing attention to risk management issues, the Corporate Sustainability Committee Executive Office and the risk management subcommittee take an active approach to managing the risks associated with the company's operations. Hence, LITEON puts all heads of operational departments in charge of overseeing risk management and analyzing and monitoring risks in their own business to ensure the effective execution of risk controls and procedures. Meanwhile, internal auditors are responsible for assessing risks and presenting annual audit plans accordingly. The auditors are also responsible for delivering reports on the status of risk management to the Audit Committee and the board of directors. LITEON's risk management framework is shown as follows:

Integration of Materiality Assessment Results in Risk Management
To strengthen the risk management framework, LITEON effectively integrates the results of materiality assessments into its enterprise risk management (ERM) processes. This integration ensures that identified material Environmental, Social, and Governance (ESG) issues are included in the risk inventory and prioritization processes. The alignment of materiality results with the ERM framework enables LITEON to identify critical risks that may impact the organization’s strategy and objectives.

Implementation of Risk Management

1. On April 24, 2024, report to the Corporate Sustainability Development Committee on the risk management results of various departments.

2. On November 24, 2023, report to the Corporate Sustainability Development Committee on the risk management results of various departments and the implementation status of the NIST CSF project.

3. On October 30, 2023, report to the Board of Directors and the Audit Committee on the annual operation of the company's risk management.

4. On April 21, 2023, report to the Corporate Sustainability Development Committee on the risk management results of various departments. This includes insights from stakeholder engagement gained during the materiality assessment, which aids in understanding the relative importance of specific ESG issues. 

5. On October 28, 2022, report to the Board of Directors and the Audit Committee on the annual operation of the company's risk management.

6. On October 21, 2022, report to the Corporate Sustainability Development Committee on the risk management results of various departments and the implementation status of ERM regarding power outages/infectious diseases.

Risk Management Processes and Procedures

 The risk management process consists of risk identification and analysis, risk assessment, risk control, risk reporting and disclosure, and response to risk disclosure. The process is conducted according to the PDCA cycle, which follows "plan, do, check, and act." In addition, risk management processes and conduction can promote and shape the risk culture effectively, including related risk management courses, the risk criteria in the development of products and services, and financial incentives that incorporate risk management metrics.

Risk Issue Identification and Analysis

The risk management subcommittee used the risk matrix based on the likelihood and magnitude of impact of each risk to assess all risk issues for LITEON and identify key risks according to risk impact grades, including emerging risks and potential risks in the future. On top of that, it can quantify and analyze each risk through sensitive analysis and stress tests in the next phase(risk assessment) to check if the risk values exceed the risk appetite that LITEON has set. As a result, LITEON can take further steps to adopt countermeasures such as mitigation, avoidance, transfer, and retention. The PDCA cycle was deployed for continuous and effective improvement and a good grasp of risk factors, which can reduce the likelihood and magnitude of risk impact. This step also aligns with the findings from the materiality assessment, allowing for the identification of ESG-related risks specific to the organization that could evolve over time.

In 2020, the risk management subcommittee used the risk matrix based on the possibility and degree of impact of each risk to assess key risk issues for LITEON and identify key risks. It helped LITEON take further steps to adopt countermeasures such as mitigation, avoidance, transfer, and retention. The PDCA cycle was deployed for continuous and effective improvement and a good grasp of risk factors. The goal was to reduce the probability and severity of losses arising from these risks.

Risk Assessment

Having identified potential risk factors, all of LITEON's departments should have adequate measurement methods to provide a basis for risk management.

• Risk assessment covers risk analysis and measurement. It analyzes the likelihood of risk incidents and the magnitude of adverse impact in the event of such an incident. The goal is to evaluate the effects of risks on the company to provide a basis for deciding priorities in risk control implementation and response selection.
  

• Rigorous statistical methods and techniques should be deployed to analyze and manage quantitative risks.
  

• Qualitative methods will be used to assess other risks more difficult to quantify. Qualitative risk assessment refers to the use of words to the likelihood and the magnitude of risks impact.

Risk Control

All of LITEON’s departments should monitor risks in their business activities propose countermeasures as appropriate and submit the risks and their countermeasures to the risk management subcommittee to be summarized and presented in routine meetings of the Corporate Sustainability Committee. Additionally, the presented contents and risk management processes have been regularly audited by internal and third parties.

Risk Reporting and Disclosure

To record risk management procedures and results in detail, the risk management subcommittee should update the risk management practices to the Corporate Sustainability Committee at least twice per year. In addition, the internal audit department has to summarize the results of internal and external audits to report to the Audit Committee, and the chair of the Audit Committee will in turn present reports and related information at board meetings.

Risk Response

The operational departments, having assessed and summarized the risks, will take appropriate actions in response.

Risk Management Projects

In 2021, LITEON followed the ISO 31000 and Enterprise Risk Management (ERM) framework guidelines to implement risk management project mitigation measures for LITEON risk issues. The project process is

＊For the details of the above-mentioned project, please refer to chapter 2.3.4 Risk Management Projects of the and LITEON’s Sustainability Report.

Long-Term Emerging Risk Management

As more categories are being added to emerging risks around the world and the probabilities keep rising, LITEON has added emerging risk identification and management to its ERM program. New key environmental, social, economic, technological, and geopolitical risks identified in 2022 are as follows.

Technological

• AI and Information security risk

LITEON has been enhancing operational efficiency through digital transformation, but this increased digitization brings heightened cybersecurity risks, including hacking, phishing, and data breaches. The rise of generative AI technologies in 2023 has led LITEON to encourage employee training on AI tools to boost productivity. However, this also presents risks, particularly concerning data privacy, necessitating stringent data collection and usage monitoring to prevent unauthorized access and protect sensitive information. Deploying AI systems amplifies cybersecurity concerns, requiring enhanced security measures against potential cyberattacks. Additionally, LITEON must address biases in AI algorithms to ensure fairness and transparency, and clearly distinguish between AI-generated and human-generated content to maintain user trust.

The reliability and accuracy of generative AI technology pose significant risks, potentially leading to communication errors and misinformation. Privacy and data security are critical concerns, as leaks of confidential information can impact operations, damage reputation, and lead to legal liabilities and regulatory penalties. Cybersecurity breaches can disrupt operations, resulting in lost productivity and substantial costs for data breaches and security enhancements. Bias in AI systems can lead to unfair decision-making, alienating customer segments and harming the company’s reputation. Failure to manage AI risks may result in loss of market competitiveness and stifled innovation.

Since 2022, LITEON has engaged a consulting firm to implement the U.S. NISTIR 8286 standard, enhancing employee awareness of cybersecurity risks and providing actionable improvement plans. In 2023, the IT department developed an internal “LITEON-ChatGPT” for internal use, disabling OpenAI’s ChatGPT to protect sensitive information. LITEON adopts strategies such as establishing robust data privacy policies, enhancing cybersecurity measures through advanced technologies, regular audits, and strict access controls, promoting transparency about AI operations and data usage, and conducting employee training on data privacy and ethical AI practices. Additionally, LITEON develops comprehensive incident response plans for data breaches, collaborates with external cybersecurity experts, and implements continuous monitoring and evaluation of AI systems to address evolving threats effectively. 

To protect the confidentiality, integrity, usability, and legality of information assets and avoid intentional or accidental internal or external threats, LITEON started promoting a companywide InfoSec management system in 2018 to comply with the ISO/IEC 27001: 2013 standards. Furthermore, LITEON renewed the ISO/IEC 27001 information security management system verification in 2023 (valid period : 07/01/2023~10/31/2025) and continued to update the validity of the certificate to ensure the effectiveness of the cybersecurity management mechanisms. The LITEON Information Security Policy was implemented to provide a basis for InfoSec management. Please see Information Security and Privacy Management for more details on strategies and response measures.

 

Environmental

• Product Carbon Footprint
  The global shift towards stricter carbon tariffs, such as the EU's Carbon Border Adjustment Mechanism and U.S. Carbon Capture and Storage Accelerator, signals heightened regulation across industries. By 2025, Taiwan will impose carbon fees on companies emitting over 25,000 tons annually. Although LITEON is currently exempt, the move towards net zero emissions will elevate regulatory pressures, leading to increased costs and competitive challenges.

  Understanding the carbon footprints of LITEON's diverse products is essential for navigating these changes. By analyzing the entire product lifecycle, LITEON can implement emission reduction strategies that lower costs and mitigate the impact of potential tariffs, enhancing market competitiveness and sustainability leadership.

  In 2023, LITEON launched Cedars Digital to apply AI in managing greenhouse gas inventories and product carbon footprints. This initiative is complemented by the "555 Carbon Reduction Action," targeting a 5% annual reduction in carbon intensity and aiming for net zero emissions by 2050, thereby promoting low-carbon competitiveness throughout the supply chain.

  
  
• TCFD
  LITEON thinks renewable energies present important risks and opportunities. The environmental sustainability team is in place to identify potential physical and transformation risks for LITEON to arise from renewable energies. We take further steps to analyze these renewable energy risks and opportunities and assess the probability and severity of each. We also follow the Task Force on Climate-related Financial Disclosures (TCFD) and disclose renewable energy data and the associated risks and opportunities. Please see Climate Change and Energy Management and sensitive analysis for more details on strategies and response measures.

 

• Renewable energy acquisition and use
  LITEON's main manufacturing sites are located in Mainland China, but the power supply shortage in China has been becoming a big challenge due to climate change, infectious diseases and geopolitics issues which are about importing coal and gas. In order to effectively mitigate the impact of the power outages and shortages on production, LITEON has introduced the enterprise risk management system based on ISO 31000 in 2021 to systematically identify, analyze and evaluate risks for power outages.

 

Economic

• Operational risk
  Influences of the COVID-19 that broke out in 2020 continue. Although there are vaccines on the market, the effect has not been significant, the spread of the virus variants is strong, resulting in the current state of semi-blockade in many places around the world, hence the COVID-19 is making a serious impact on the global economy. According to the S&P Global Market Intelligence report, the number of bankruptcies of American and Chinese companies in 2020 has increased sharply, setting a new high in the past 10 years, showing that related epidemic prevention restrictions have caused serious damage to the global economy. By cooperating with external credit rating agencies, LITEON has expanded its understanding of customer market conditions and industry-specific characteristics to implement credit rating management, and purchase accounts receivable insurance to pass on risks, reduce the possibility of customers going bankrupt due to the impact of the general environment, and reduce the company's losses. About the details please refer to “Other Major Risks“ of 2021 LITEON’s Annual Report.
  

 

• Intellectual property risk
  LITEON receives third-party notice from time to time. Such notice often claims LITEON products may have infringed on a third party's patent or another form of intellectual property. These claims sometimes lead to legal proceedings. Therefore, we take an active approach to facing and handling intellectual property disputes as appropriate with priority given to protecting the company's market, products, technologies, and clients. We do not seek out fights, nor do we shy from challenges. Besides following the dispute resolution mechanisms to perform technical, legal, and industrial analysis and formulate dispute resolution strategies, we utilize various methods to erect technical barriers to trade for competitors, thereby acquiring protection of our intellectual property rights or avoiding infringement on patents of others. Please see "Intellectual Property Report" for more details on strategies and response measures.
  

 

Geopolitical

• Drastic changes in the value chains due to geopolitics
  The impact of the U.S.-China trade war that broke out in 2018 has not stopped so far. Along with the 2019 Japan-South Korea trade war, COVID-19 and Russia-Ukraine war, it has brought significant influences and impact on the global economy. In order to avoid the risks from our value chain, LITEON monitored the relevant overall economic indicators of countries, undertook interest rate hedging commodities at appropriate times, dispersed production sites in Southeast Asian countries, and cooperated with external credit rating agencies to reduce the related risks.