Risk control at CSC is divided into three levels with different mechanisms. The company adopts comprehensive risk control over all employees, which is executed level by level in normal times, rather than assigns control to a single department.
Risk assessment data is summarized for the first half of each year and the entire year, and then reported to the Corporate Governance and Sustainability Committee/Board of Directors. The frequency (monthly/quarterly) for evaluating issues is decided by the responsible unit and then reported to the functional committee.
With the aim of ensuring robust operations and sustainable development at CSC, the Board of Directors approved the formulation of the “Risk Management Policy and Procedures” as the highest guiding principle for risk management. According to the Risk Management Policy and Procedures, business units are in charge of identifying and assessing risk factors as well as drawing up relevant response strategies or measures, while the Board of Directors. President level and functional committees are responsible for risk monitoring and control, where proper monitoring and control of relevant risks are conducted by means of regular reporting.
In 2022, CSC performed risk identification covering operational risk, financial risk, information security risk, environmental risk, and compliance risk, from the economic, environmental, and social aspects, and classified risk levels into five levels to prioritize risk management strategies. Risks classified as high risk after evaluation include major occupational accidents, unstable energy supply, carbon control, air pollution fines, and construction manpower shortage; there were 15 medium risks, including procurement risk, inflation risk, extortion by hackers, intellectual property infringement, and carbon neutrality. For the risk items identified and analyzed, personnel from the relevant departments is responsible for drawing up and implementing subsequent risk management strategies and plans.
The rapid global economic, social, and environmental changes have derived diverse and complex risks. The Company established a emerging risk management system and responds and manages potential threats in a timely manner through identification, assessment, response, and supervision mechanisms. After collecting information on internal and external emerging risks, we identified a total of 7 emerging risk issues in 2022 and management assessed the potential impact of each issue. Survey results show that the Company's top 3 emerging risks are low carbon production technology, carbon pricing controls, and information security; response measures have been formulated for the risks.
The Secretariat Dept. leads to set ten years strategies and targets, while the Industrial Engineering Dept. leads to set yearly guideline and objectives for management. Risk assessment is included in the setting and tracking of guideline and objectives for management for each department by the Industrial Engineering Dept. Cross-departmental task forces may be set to perform risk detection, assessment, and prevention. IA periodically audits operational items of business cycles for identification, adjustment, and prevention of risks. The risk management in CSC is rigorous and effective. We compiled a control table of material risks and opportunities related to business policies, and evaluated the effectiveness of risk identification, management, and implementation measures related to business policies. CSC receives annual evaluations by the BSI for steel product systems (IATF 16949+ISO 9001+QC 080000).
CSC established the “Rules for the Identification and Management of Amendments to Laws and Regulations” as the basis for identifying, reviewing, and verifying laws and regulations within CSC, in order to comply with domestic laws and regulations and prevent the risk of violation. This allows CSC to fulfill its compliance obligation mentioned in ISO 9001/ISO 14001/ISO 45001. The online platform "Regulation Identification and Management System" tracks whether 376 domestic regulations have been revised each month, and completes the identification process and response actions. CSC, inter alia, has reviewed and revised a total of 8 internal rules and regulations subject to amendments of external laws and regulations. The Compliance and Standardization Committee monitors the effectiveness of legal compliance and draws up relevant decisions every six months, and then submits them to the Total Quality Management Committee for approval. Ongoing optimization of compliance practices is carried out via internal audits and training each year. The overseas production bases follow CSC's management system to respond to legal changes.
CSC identified risks from issues with high impacts and with the highest stakeholders' concerns through materiality analysis. The issues are categorized into economy/governance aspect, environmental aspect, and social aspect. Risk evaluation and risk management strategies are further made. CSC's emerging risks, major risks and response measures are as follows:
Aspect | Type | Potential Risk | Control Strategies and Measures |
---|---|---|---|
Economy/Governance | Low carbon production technology (emerging risk) | Barriers to the development of proprietary low carbon processes and low carbon energy and carbon capture technologies |
|
Carbon pricing (emerging risk) | Collection of carbon fees/tax in Taiwan and overseas will put pressure on operations and weaken competitiveness of exports |
|
|
Information security risk (emerging risk) | As company operations become more dependent on digital systems, companies are more frequently being attacked and extorted by hackers, which not only impacts companies internally, but also impacts the brand's reputation and result in distrust from customers when personal data is leaked. |
|
|
Procurement | Delays or Interruptions in Supply of Materials |
|
|
Finance | Inflation risk |
|
|
Investment | Investment Risk |
|
|
Technology R&D | Demand for the Development of High-value Utilization Technologies Using By-product Gases |
|
|
Technology R&D | Shortage or Unstable Quality of Refractory Materials |
|
|
Technology R&D | The Quality of Straight Bar Steel Fail to Meet The Requirement of Premium Steel |
|
|
Intellectual Property Rights(IPR) | Intellectual Property Infringement in Product or Manufacturing Process. |
|
|
Intellectual Property Rights(IPR) | Trademark and copyright disputes |
|
|
Information Security | Ransomware Attacks |
|
|
Legal Compliance | Software Infringement |
|
|
Information Security | Personal Data Breach |
|
|
Information Security | Social Engineering |
|
|
Environment | Climate Change Transition | Carbon Neutrality |
|
Climate Change Transition | Unstable Energy Supply |
|
|
Climate Change Transition | Carbon Regulation |
|
|
Legal Compliance | Air Pollution Penalties |
|
|
Society | Hazardous Events | Major Occupational Accidents |
|
Hazardous Events | Infectious Diseases |
|
|
Economy/Governance, Society | Project Management | Employer's obligation and additional requirements |
|
Project Management | Underestimation of costs (of External projects) |
|
|
Project Management | Construction Labor Shortage |
|