Internal Audit and Risk Management
TECO has established a complete risk management system. The "Audit Committee" and "Corporate Governance and Sustainability Committee" serve as the highest level of the company's risk management and are responsible for various risks. The overall risk analysis is coordinated and compiled by the CFO and reported to Board of Directors. In addition, the audit team directly under the board of directors is responsible for monitoring and auditing the management mechanism, ensuring the effectiveness of the company's risk control and managing potential risks through internal audit operations. Senior managers are required to report the evaluation results of risk management indicators to the above-mentioned committee and accept the assessment of sustainable KPIs, which directly affects their variable remuneration.
The board of directors formulates "Risk Management Policies and Procedures" to define operational risks. To integrate sustainable risks into the overall risk management system, TECO identifies major themes from world trends and uses "double materiality analysis" to identify transformation failure risks, "ESG Office" confirms and explains the impact causes, impact areas, assessment methods and corresponding "risks" and management measures of the ten major themes. At the same time, refer to the company's overall "Risk Assessment Analysis Report" provided by the CFO to list key climate risk and sustainability management projects, track the risk avoidance implementation results of each responsible unit, and disclose it in the sustainability report. The process of materiality identification and sustainable goal setting is conducted annually.
ESG Office (The 1st line of risk control)
The "ESG Office CEO" is equivalent to the CSO as the highest level of management and has a "Sustainability Manager" who is responsible for full-time implementation of the work. It is also organized across departments by "representatives of each business unit/factory area" and "safety and health", " It is composed of staff units such as the Human Resources Department and the Finance Department to facilitate the simultaneous management and promotion of company-wide work. The ESG office reports work progress to the chairman of the board every month. On climate-related and sustainable risk opportunities, the "ESG Office" collects information provided by each member and compiles reports and recommendations to the management and Board of Directors.
Corporate Governance and Sustainability Committee (The 2nd line of risk control)
The committee members are composed of more than three directors, more than half of whom are independent directors. Responsible for managing sustainability, legal compliance and information security risks.
Audit Team (The 3rd line of risk control)
Each year, an audit plan is proposed based on the five elements of COSO internal control, as well as past audit experience, the next year's budget draft and the existing organizational structure, to review TECO's management, the degree of control over overall internal and external environmental risks, and business unit operations. Risk control, and the effectiveness of the design and implementation of the internal control system and issue an audit report after completing the audit work, and report it regularly to the "Audit Committee" and the Board of Directors.
Risk / Impact Management
TECO has implemented a comprehensive risk management process, including assessing the risk appetite (divided into three levels: <5%, 5%-10%, >10% of the impact on assets or revenue), and the company's response to the risk control capabilities for systematic identification and processing. In this risk management process, TECO evaluates various major risks faced by the company and incorporates them into the risk management process.
Risk item |
PIC |
Response measures |
|
---|---|---|---|
1 |
General economic risk |
CEO |
Adjust the global operation plans of each business unit and the resource allocation of asset locations. |
2 |
Geopolitical risks |
CEO |
Through the diversification strategy of production bases, risks caused by geopolitics can be effectively reduced. |
3 |
Physical disaster risk |
Asset |
Regular drills. Cover possible disaster risks by purchasing insurance. |
4 |
Information security risk |
IT |
4 incidents occurred and were promptly reported and dealt with, and no major information security incidents were caused. |
5 |
Law compliance risk |
Legal |
Each unit completes self-assessment of dishonesty risks: Company Law, Securities and Exchange Law, Consumer Protection Law, Investment Review Law, Personal Privacy Law |
6 |
Market risk |
CFO |
Interest rate, exchange rate and price risk management and control. Portfolio diversification limits are met. |
7 |
Supply chain risk |
Buyer |
Effectively reduce supply chain risks through decentralized production bases and ensure supply chain resilience. |
8 |
Safety risks |
Occupational safety |
A total of 8 occupational safety and health training activities were conducted to enhance employees’ safety awareness. |
9 |
Liability / Credit risk |
CFO |
Control liability and credit risks to banks and clients. |
10 |
Internal control risk |
Audit team |
Conduct self-assessment of internal controls every year. |
11 |
Operational risk |
Performance Management |
Analyze industry changes, take corresponding measures, and set performance indicators. |
12 |
Sustainability risk |
ESG Office |
Set a ten-year emission reduction target of 50% and promote energy conservation and carbon reduction. |
13 |
Employee turnover risks |
HR |
Implement personnel education and training and strengthen internal experience inheritance to slow down brain drain. |
Risk Management Processes
Risk identification |
TECO has implemented a comprehensive risk management process, including assessing the risk appetite (divided into three levels: <5%, 5%-10%, >10% of the impact on assets or revenue), and the company's response to the risk control capabilities for systematic identification and processing. In this risk management process, TECO evaluates various major risks faced by the company and incorporates them into the risk management process. |
|||||||||||||||||||||||||||
Risk review frequency |
The Finance Department conducts a risk review process every six months to review the company's critical risk situation, management strategies and implementation status to ensure the effectiveness and timeliness of risk management measures. |
|||||||||||||||||||||||||||
Audit |
An internal audit is conducted every year based on the five elements of COSO internal control, as well as past audit experience and the budget for the next year. An audit report is issued after conducting annual audits on risk management. |
|||||||||||||||||||||||||||
Risk training |
In order to ensure that risks can be pre-managed in all areas, TECO has developed a series of director professional courses related to risk assessment. It not only helps to improve the company's overall operating efficiency and governance level, but also significantly strengthens stakeholders' confidence in the company while minimizing possible losses. TECO provides regular risk management education and training to directors every year to ensure that directors have the ability to identify, analyze and evaluate risks, and can effectively respond to the ever-changing risk environment. The following are the risk management-related refresher courses for directors provided by TECO in 2023:
In order to enhance the understanding and response capabilities of all organizational members on risk management, TECO also conducts regular key training on risk management principles for employees to ensure that employees have the ability to identify, analyze and evaluate risks and can effectively apply them in their daily work. To reduce the impact of risks on the company. The following is the key training content of TECO on risk management in 2023:
|
|||||||||||||||||||||||||||
Product Design and Delivery |
In order to ensure the implementation of risk management measures, TECO incorporates risk standards into the development of products and services and implements risk assessment and management throughout all stages of product design, development, and testing.
According to the new development process of TECO Quality Procedure Manual, the information incorporated into product design must cover:
This approach not only improves the safety and reliability of products and services, but also enhances the company's competitiveness and sustainable development capabilities in the market. |
|||||||||||||||||||||||||||
Risk control and KPIs |
Senior management needs to report the evaluation results of risk management indicators to the "Audit Committee" and "Corporate Governance and Sustainability Committee", the highest level of the company's risk management, and accept the assessment of sustainability KPIs, which directly affects their variable remuneration.
TECO divides major themes into three major aspects: "To Survive", "To operate" and "To profit", and considers its risks according to the themes and incorporates them into risk standards. The following is a description of the risk management standards in 2023:
|
Emerging Risks
|
|
|
Risk description |
With the rapid development of artificial intelligence technology, false information can spread rapidly, destroying people's confidence in governments and public institutions, leading to social unrest and political unrest, thus making the operating environment of enterprises more unstable and increasing compliance costs. and operational risks. |
Geopolitics has contributed to the shift of global supply chains. The conditions for companies to pursue the lowest manufacturing costs under globalization have disappeared, and costs and prices will inevitably increase. The totalitarian camp counterattacked and pursued independence and control, increasing internal circulation and expanding public expenditures. |
Impact to operation |
As the world's leading supplier of industrial motors and automation systems, TECO integrates automation industry application services with servo drive technology, PLC, servo motors and robot system integration products. It also uses AI technology to provide "smart air-conditioning energy-saving control systems", efficient and energy-saving "cooling water tower direct drive system solutions", and uses AI and IoT technologies to optimize applications in smart cities. However, false information and information security issues generated by AI may cause the public to lose trust in the government and enterprises, thereby increasing the risks of TECO's application of AI technology. For example, customers may be worried about data security and system reliability and be cautious about purchasing and using TECO AI products, which will not only affect technology implementation and market share, but also increase compliance costs and operational risks. At the same time, if the false information generated by AI directly attacks the industry or country of origin, it may cause market panic and stock price fluctuations, causing unnecessary damage to the company's reputation and financial status.
|
With global economic and geopolitical changes and the intensification of trade disputes, new tariffs and trade embargo policies have been implemented, which directly affects TECO's import and export business and the flow of raw materials and products. In addition, geopolitical changes also affect the stability and predictability of various markets, which in turn affects TECO's production efficiency and supply stability in the region. Therefore, TECO needs to balance between different markets in supply chain management, and how to cooperate with the original production base has become a challenge for TECO supply chain management to ensure cost and supply stability.
|
Measurements |
In the face of risk generated by AI and concerns about information security, TECO has taken the following three major response measures: Build an information security management system (ISMS), participate in information security maturity ratings, integrate international information security standards such as IEC 62443, NIST SP 800-82, ISO/IEC 27001, and conduct comprehensive information security assessment and protection. TECO has established an Information Security Committee under the "Corporate Governance and Sustainability Committee" of the Board of Directors. The information security management unit "Digital Development Division" continues to supervise and implement information security enhancement measures to ensure that the company has dedicated departments and personnel to monitor and respond to potential information security threats and reduce operational risks caused by information distortion. TECO formulates an [Information Security Policy], lists information security as part of performance appraisal, and conducts information security education and training every year. And regularly verify information security management measures to ensure that trust crises and market fluctuations caused by information security can be quickly and effectively responded to and repaired, and corporate reputation and financial status are protected.
|
Facing geopolitical risks, TECO has taken the following three major response measures: Production base decentralization strategy: By establishing multiple production bases in different geographical locations, risks caused by geopolitics can be effectively reduced. Decentralized production bases can provide protection in the face of regional political unrest or natural disasters, ensuring TECO's operational stability. Regionalization strategy: By formulating and implementing a regionalization strategy, supply chain risks are spread to different regions and reduce dependence on a single region. TECO established a new production base in Mexico and adjusted the supply roles of existing factories in Taiwan, China and Vietnam to diversify supply chain risks. At the same time, by setting up production bases in different regions, we will accelerate and deepen the development of local markets and improve business resilience. Assessment of factory expansion opportunities: Evaluate possible factory expansion opportunities based on the dispersion of upstream and downstream production bases. By expanding existing production bases or establishing production bases in new regions, we can increase production capacity and production flexibility while reducing risks arising from a single region.
|