Risk Foresight and Crisis Management

Management Guidelines for Major Topics

Materiality
Materiality

The purpose of risk management is to protect and enhance corporate value, being able to structure and systematically assess risks that may be faced, making timely and responsive decisions that meet the company's operational goals, and ensuring that goals are achieved while enabling improvement. As a global leader in our industry, Advantech has had a continuous focus and drive for significant strategic and operational risk management.

Management Strategy
Management Strategy

In recent years, Advantech has re-examined the governance structure of risk management, the composition and operation of the risk management team, and the operation process of risk management. Hence, risk management is ensured in a systematic and structured manner which has been promoted. The Board of Directors is the highest governance unit for risk management, and directly supervises general strategic risks and information security risks. The Sustainable Development Committee and Remuneration Committee also participate in overseeing some strategic risks. The Audit Committee is mainly responsible for supervising the pan-operational risks.

The risk management team is responsible for the risk management process and reviewing as well as tracking the implementation on a quarterly basis. The responsible supervisor is responsible for formulating response measures for risk items and actual implementation. Internal auditors shall closely monitor or in driving all risk management processes. It shall also provide opinions and conduct audits on various risk topics as needed.

Policy or commitment
Policy or commitment

Advantech develops risk management policies and operational continuity plans to prepare for possible business interruption risks, or various emerging risks. We also regulate operations when risks occur in order to minimize their potential impact and influence. Then, subsequent correction and management are achieved. In addition, Advantech strives to provide transparent and real-time information delivery and communication to potentially affected stakeholders for various related risks.

Description of impact
Description of impact

Risks identified by Advantech's risk management process involve economic, environmental, and social issues. If there is no effective management and response to each risk item, the possible negative impact on the company includes the impact of the promotion of the company's strategy and operating performance, the impairment of the company's goodwill, or the increase of the company's operating costs and expenses. On the other hand, risks can be transformed into future business opportunities and competitiveness through early identification and effective response to risk items.

2022 Achievement Status
2022 Achievement Status The goal of 2022 has been achieved, and the achievement status is 100%:
  • Experts/consultants are arranged to conduct training and communication on evolutionary risk management to directors and key executives.
  • Establishment of risk management mailbox: All employees are encouraged to take the initiative to provide suggestions.
  • Investigation of risk issues: The scope of investigation has been expanded to global vice president and the level of associate managers, managers and deputy managers on both sides in cross-strait.
2023 Goals
2023 Goals Goals achieved:
  • Risk management courses and training are extended to all overseas employees. The target completion rate has exceeded 80% of the global employees (excluding direct employees).
  • At least two project discussions of high-level strategic risk issues were facilitated.
2025 Goals
2025 Goals
  • Over 90% of the global employees (excluding direct employees) have completed the education and training of risk management courses.
  • The organizational level of risk management is reasonably improved compared with benchmark peers.
Action Plan
Action Plan
  • Please refer to the chapter 2.4. Risk Foresight and Crisis Management for the action plan for material operational risks.
  • Advantech not only reduces or avoids the possible negative impact of risk items on the Company through various actions, but also explores the opportunities that risk items may bring. The latter includes the development of solar energy, wind power industry, related applications of electric vehicles, and the development of energy management platforms.
Evaluation of effectiveness
Evaluation of effectiveness Review and tracking of risk management and related issues:
  • Important risk topics are included in the tracking items of the quarterly risk management meeting and reported to the Board of Directors or the audit committee.
  • The management owner builds data dashboards and KPIs for real-time exception reporting and tracking for major risks.
  • Risk issues are listed as audit topics by the audit department for discussion and tracking.
  • The risk team proposes proposals every year with reference to the best practices of risk management of DJSI and benchmark peers.
Stakeholder Engagement
Stakeholder Engagement

Advantech conducts risk surveys every year. The objects of the investigation include directors, accountants, external consultants, etc. In addition to identifying major risk items, the survey also collected opinions on improving risk management. Moreover, a risk mailbox has also been set up to encourage employees to put forward suggestions for improvement. The main risks and related countermeasures are fully disclosed through channels such as the official website, sustainability report, investor conference, press release, and so on to facilitate investors, corporate shareholders and other stakeholders to fully understand.

Risk Foresight and Crisis Management

Advantech defines each risk according to the overall operation direction of the Company. Also, the enterprise risk management system (ERM) is introduced to establish and identify, accurately measure, effectively supervise and strictly control the risk management mechanism. Possible losses are prevented within the acceptable risk range. Also, best risk management practices are continuously adjusted based on changes in the internal and external environment. Advantech's risk management process identifies major risks that fully cover economic, environmental, and social issues. Key topics on the economic side include business inheritance, domestic and overseas governance structures, sustainable supply chains, information security, taxation strategies, etc. Environmental topics include low-carbon and green products, climate risks, etc. The social aspect includes talent cultivation and retention, social welfare, customer management, labor relations, personal data protection, etc. The survey results of the annual major suitability issues are also used as one of the basis for the identification and measurement of the annual major risk issues. Taking 2022 as an example, major sustainability issues are also regarded as major strategic or operational risk issues in corporate risk management, accounting for 70% of the total.

Advantech reduces or avoids the impact of risks on the Company's possible income, costs, and goodwill through risk management mechanisms. Meanwhile, the opportunities that risks may bring will also be actively explored, such as investing in related applications in the solar energy, wind power, and electric vehicle industries, and being developed as an energy management platform applicable to different industries.

Risk Management Organization

The Board of Directors is the highest governance entity for risk management, and it supervises the update of the overall risk management mechanism and approves policies. Pan- strategic risks are mainly reported and tracked to the Board of Directors, Sustainable Development Committee and Compensation Committee. Pan-operational risks are primarily overseen by the Audit Committee.

The risk management team is the highest management unit for risk management. It is responsible for the implementation of the risk management process. Also, it reviews the performance of risk mitigation on a quarterly basis. The responsible manager is responsible for setting up response measures. Internal auditors shall closely monitor or even assist in driving all risk management processes. It shall also provide opinions and conduct audits on various risk topics as needed. Basically, if there is any major risks with unclear results, they shall be included in the project audit of the current year. The proposal for the evolution of the risk management mechanism is also discussed by the risk management team and internal audit before putting forward.

Due to the rapid changes in the business environment, the risk management team and management authorities will often observe and propose various risk changes that need attention. Relevant response plans have been added or adjusted, and included in the discussion and tracking of quarterly risk management meetings or routine management meetings.

Risk Management Organization

2022 Pan-Operational Risk Map

Information Security Management System (ISMS) ISO/IEC 27001:2013

The high-risk areas marked in orange in the risk map represent that the risk appetite of the Company has been exceeded. Risk adaptation strategies and response measures need to be adopted to reduce the probability of occurrence or potential magnitude of impact, and the effectiveness of improvement is closely monitored.

Items of material risks and the response actions taken

Information Security Management System (ISMS) ISO/IEC 27001:2013