Risk Management

Home > ESG > Governance > Risk Management

Procedures and Policies of Risk Management

For the purpose of stable operations and sustainable development of CSC, the Board of Directors approved the establishment of the "Procedures and Policies of Risk Management" as the highest guiding principle for risk management. Accordingly, the execution units should identify, evaluate, and formulate response strategies or measures for risk factors, and the Board of Directors, the management, and functional committees and managers at all levels are responsible for risk monitoring and properly control related risks with regular reporting.

The Risk Management team formulates the Risk Appetite Statement based on the company’s internal regulations and risk management culture, and reports it to the Corporate Governance and Sustainability Committee.

Risk Appetite Statement

Risk management mechanism should be established to keep risks within a tolerable range, aiming to reasonably balance between risk and reward.
Risk management culture should be constructed and comprehensively practiced by all employees to enhance risk awareness and implement risk management.
It is necessary to comply with legal regulations to avoid compliance risks. The directors, managers, employees, appointees, and actual controllers of the company should adhere to, but are not limited to, the regulations related to listed companies and other laws concerning commercial conduct when carrying out business operations.
Business activities that present higher risk of unethical behavior within the business scope should be analyzed, and relevant preventive measures should be strengthened to create an environment for sustainable operation.

In 2024, CSC identified operational risks, financial risks, information security risks, environmental risks, and compliance risks, covering economic, environmental, and social aspects. The risk levels were categorized into five major classes to prioritize risk management strategies. The assessment results indicated that major occupational accidents were classified as high-risk items. Medium-risk items included carbon pricing regulation, exchange rate fluctuation risk, import disruption risk, trade barrier risk, construction cost escalation risk, shortage of technical personnel risk, hacker ransomware attacks, and a total of 20 items. The results of the annual sustainability materiality survey were also used as one of the bases for identifying and measuring major risk issues for the year. For example, in the year 2024, the sustainability materiality topics were considered risk management issues, accounting for 80%. The identified and analyzed risk items were managed by relevant departmental personnel responsible for formulating and implementing subsequent risk management strategies and plan.

CSC's ten-year business development strategy is led by the Secretariat Department, and the annual operational directives are led by the Industrial Engineering Department. Risk assessments at each operational level are included in the setting and tracking of annual operational directives and targets for each first-echelon department. If it is an implementation matter, it will also be reviewed at all levels, and cross-departmental task forces will be set to perform risk detection, assessment, and prevention as necessary. At ordinary times, the internal auditor's office conducts inspections on each operation item of the business cycle regularly to detect possible risks as early as possible, makes assessment, and takes appropriate precautions. CSC has good control and rigorous practices to avoided possible risks. A control list of major risks and opportunities for the operational directives has been made, which focuses on the identification, control, and implementation of countermeasures. An annual effectiveness assessment is also conducted. CSC is evaluated annually by BSI on its steel products, namely the IATF 16949, ISO 9001, and QC 080000 systems. The risk culture in CSC is that risk identification and assessment are always the first step in the execution of any work or initiative. Getting the job done safely is our top priority. Therefore, through the Safety Job Procedures (SJP), employees are instructed on how to do their jobs safely. The number of students in hazard identification of the related operate are 9,414 people ( including employees and contractors). Contractors have been taken Contractors’ personnel training for pass permit (including hazards of the operation, accidents, and regulations in CSC). Every engineer in CSC have to be taken Somatosensory Safety Training (By designing a similar environment and equipment situation let employee experiencing personally to understand hazard). CSC's ISO 45001 (Occupational Safety and Health Management System) and TOSHMS (Taiwan Occupational Safety and Health Management System) have both passed the British Standards Institution (BSI) verification in 2024. Our occupational safety and health management policies include: improving employees' attitudes, cognition, and abilities toward safety and health through education, training, and advocacy; on-site supervisors at all levels regularly review the behavior and working environment of employees and collaborators. In 2024, supervisors conducted a total of 82,137 safety observations and audits (including inspections)

CSC has been considering the quality and production realization risks (the potential failure modes such as design, manufacturing, packaging, and transportation) in the product development and design process through DFMEA and PFMEA risk management, and strengthening its implementation by providing AIAG & VDA FMEA educational training to the personnel of relevant responsible units.