Operators promise "energy saving, emission reduction, intelligent, automatic"

Corporate Governance

Internal Audit and Risk Management

TECO has established a complete risk management system. The "Audit Committee" and "Corporate Governance and Sustainability Committee" serve as the highest level of the company's risk management and are responsible for various risks. The overall risk analysis is coordinated and compiled by the CFO and reported to Board of Directors. In addition, the audit team directly under the board of directors is responsible for monitoring and auditing the management mechanism, ensuring the effectiveness of the company's risk control and managing potential risks through internal audit operations. Senior managers are required to report the evaluation results of risk management indicators to the above-mentioned committee and accept the assessment of sustainable KPIs, which directly affects their variable remuneration.

The board of directors formulates "Risk Management Policies and Procedures" to define operational risks. To integrate sustainable risks into the overall risk management system, TECO identifies major themes from world trends and uses "double materiality analysis" to identify transformation failure risks, "ESG Office" confirms and explains the impact causes, impact areas, assessment methods and corresponding "risks" and management measures of the ten major themes. At the same time, refer to the company's overall "Risk Assessment Analysis Report" provided by the CFO to list key climate risk and sustainability management projects, track the risk avoidance implementation results of each responsible unit, and disclose it in the sustainability report. The process of materiality identification and sustainable goal setting is conducted annually.

ESG Office (The 1st line of risk control)

The "ESG Office CEO" is equivalent to the CSO as the highest level of management and has a "Sustainability Manager" who is responsible for full-time implementation of the work. It is also organized across departments by "representatives of each business unit/factory area" and "safety and health", " It is composed of staff units such as the Human Resources Department and the Finance Department to facilitate the simultaneous management and promotion of company-wide work. The ESG office reports work progress to the chairman of the board every month. On climate-related and sustainable risk opportunities, the "ESG Office" collects information provided by each member and compiles reports and recommendations to the management and Board of Directors.

Corporate Governance and Sustainability Committee (The 2nd line of risk control)

The committee members are composed of more than three directors, more than half of whom are independent directors. Responsible for managing sustainability, legal compliance and information security risks.

Audit Team (The 3rd line of risk control)

Each year, an audit plan is proposed based on the five elements of COSO internal control, as well as past audit experience, the next year's budget draft and the existing organizational structure, to review TECO's management, the degree of control over overall internal and external environmental risks, and business unit operations. Risk control, and the effectiveness of the design and implementation of the internal control system and issue an audit report after completing the audit work, and report it regularly to the "Audit Committee" and the Board of Directors.

Risk / Impact Management

TECO has implemented a comprehensive risk management process, including assessing the risk appetite (divided into three levels: <5%, 5%-10%, >10% of the impact on assets or revenue), and the company's response to the risk control capabilities for systematic identification and processing. In this risk management process, TECO evaluates various major risks faced by the company and incorporates them into the risk management process.

	Risk item	PIC	Response measures
1	General economic risk	CEO	Adjust the global operation plans of each business unit and the resource allocation of asset locations.
2	Geopolitical risks	CEO	Through the diversification strategy of production bases, risks caused by geopolitics can be effectively reduced.
3	Physical disaster risk	Asset	Regular drills. Cover possible disaster risks by purchasing insurance.
4	Information security risk	IT	4 incidents occurred and were promptly reported and dealt with, and no major information security incidents were caused.
5	Law compliance risk	Legal	Each unit completes self-assessment of dishonesty risks: Company Law, Securities and Exchange Law, Consumer Protection Law, Investment Review Law, Personal Privacy Law
6	Market risk	CFO	Interest rate, exchange rate and price risk management and control. Portfolio diversification limits are met.
7	Supply chain risk	Buyer	Effectively reduce supply chain risks through decentralized production bases and ensure supply chain resilience.
8	Safety risks	Occupational safety	A total of 8 occupational safety and health training activities were conducted to enhance employees’ safety awareness.
9	Liability / Credit risk	CFO	Control liability and credit risks to banks and clients.
10	Internal control risk	Audit team	Conduct self-assessment of internal controls every year.
11	Operational risk	Performance Management	Analyze industry changes, take corresponding measures, and set performance indicators.
12	Sustainability risk	ESG Office	Set a ten-year emission reduction target of 50% and promote energy conservation and carbon reduction.
13	Employee turnover risks	HR	Implement personnel education and training and strengthen internal experience inheritance to slow down brain drain.

Risk Management Processes

Risk identification

TECO has implemented a comprehensive risk management process, including assessing the risk appetite (divided into three levels: <5%, 5%-10%, >10% of the impact on assets or revenue), and the company's response to the risk control capabilities for systematic identification and processing. In this risk management process, TECO evaluates various major risks faced by the company and incorporates them into the risk management process.

Risk review frequency

The Finance Department conducts a risk review process every six months to review the company's critical risk situation, management strategies and implementation status to ensure the effectiveness and timeliness of risk management measures.

Audit

An internal audit is conducted every year based on the five elements of COSO internal control, as well as past audit experience and the budget for the next year. An audit report is issued after conducting annual audits on risk management.

Risk training

In order to ensure that risks can be pre-managed in all areas, TECO has developed a series of director professional courses related to risk assessment. It not only helps to improve the company's overall operating efficiency and governance level, but also significantly strengthens stakeholders' confidence in the company while minimizing possible losses. TECO provides regular risk management education and training to directors every year to ensure that directors have the ability to identify, analyze and evaluate risks, and can effectively respond to the ever-changing risk environment.

The following are the risk management-related refresher courses for directors provided by TECO in 2023:

Date	Organizer	Training	Description	Time
2023.8.11	Cross-Strait Business Development Foundation	Controlled Foreign Corporations (CFC) & Global Anti-Avoidance	Professional training on Controlled Foreign Corporation (CFC) rules and global anti-avoidance measures. This course covers international tax regulations, compliance requirements and the latest anti-tax avoidance policies. It aims to enhance directors’ understanding and ability to respond to the global tax environment and help fully consider tax compliance risks when formulating the company’s overseas business strategies.	3 hours
2023.12.22	Corporate Governance Association	What practical measures should TECO take to face climate change?	Directors receive training on the impacts and responses to climate change, including the risks and opportunities it poses to the business, as well as best practices for sustainability and carbon management. Increase directors’ awareness of climate risks and engage them in the company’s strategic planning Incorporate sustainable development goals.	3 hours

In order to enhance the understanding and response capabilities of all organizational members on risk management, TECO also conducts regular key training on risk management principles for employees to ensure that employees have the ability to identify, analyze and evaluate risks and can effectively apply them in their daily work. To reduce the impact of risks on the company. The following is the key training content of TECO on risk management in 2023:

Training	Description	Time
Legal risks that must be known when entering into a contract	Explain common legal risks when entering into contracts. The content includes interpretation of contract terms, design and prevention of risk clauses, liability for breach of contract and its legal consequences, etc.	3 hours
Information Security On-the-Job Training: Confidential Leakage and Information Security Risk Management	This course is open to all employees, especially departments related to data processing and IT management. The content covers basic principles of information security, confidential data protection measures, common information security threats (such as network attacks, data leaks), and how to respond to and manage these risks. The training also introduces the company's internal information security policies and emergency plans.	3 hours
English contract structure and risk identification	Explain the basic structure, key terms, and potential risks of an English contract. Topics include how to identify and handle risks in contract negotiations, explanations of common legal terms, and risks unique to international contracts. Help trainees better understand and apply the knowledge they have learned.	2 hours

Product Design and Delivery

In order to ensure the implementation of risk management measures, TECO incorporates risk standards into the development of products and services and implements risk assessment and management throughout all stages of product design, development, and testing.

According to the new development process of TECO Quality Procedure Manual, the information incorporated into product design must cover:

Risk assessment of design input requirements and assessment of risk mitigation by the organization, including from feasibility assessments
Meet product requirements goals, including protection, reliability, durability, serviceability, health, safety, environment, development schedule and cost
Applicable legal requirements of the country designated by the customer for shipment, etc.

This approach not only improves the safety and reliability of products and services, but also enhances the company's competitiveness and sustainable development capabilities in the market.

Risk control and KPIs

Senior management needs to report the evaluation results of risk management indicators to the "Audit Committee" and "Corporate Governance and Sustainability Committee", the highest level of the company's risk management, and accept the assessment of sustainability KPIs, which directly affects their variable remuneration.

TECO divides major themes into three major aspects: "To Survive", "To operate" and "To profit", and considers its risks according to the themes and incorporates them into risk standards. The following is a description of the risk management standards in 2023:

	Position	Risk criteria	KPI and weights
To Survive	Senior executive	Develop specific emission reduction targets and resource management plans in response to environmental risks and resource shortages.	Carbon emission reduction (2%), including internal emission reduction and supply chain emission reduction, construction of power storage and operations (10%), solar power monitoring system development (2%), solar power grid connection (in the form of investment case)
To operate	Line managers	By establishing a supply chain risk assessment system, implementing a comprehensive information security strategy, and strengthening occupational health and safety measures to ensure the continuity and stability of operations.	Establish North American short chain and improve equipment availability (4%), supply chain material planning optimization (2%)
To profit	Senior executive	Strengthen the financial monitoring mechanism, conduct regular market and competition risk assessments, manage R&D investment, and maintain competitive advantages.	M&A strategy (3%), power grid resilience (6%), Southeast Asia sales strategy (1%), high-efficiency products and production technology improvements (2%).

Emerging Risks

	Information security risk: AI undermines people’s confidence in government	Geopolitical Risks: Wars Escalate Global Conflicts
Risk description	With the rapid development of artificial intelligence technology, false information can spread rapidly, destroying people's confidence in governments and public institutions, leading to social unrest and political unrest, thus making the operating environment of enterprises more unstable and increasing compliance costs. and operational risks.	Geopolitics has contributed to the shift of global supply chains. The conditions for companies to pursue the lowest manufacturing costs under globalization have disappeared, and costs and prices will inevitably increase. The totalitarian camp counterattacked and pursued independence and control, increasing internal circulation and expanding public expenditures.
Impact to operation	As the world's leading supplier of industrial motors and automation systems, TECO integrates automation industry application services with servo drive technology, PLC, servo motors and robot system integration products. It also uses AI technology to provide "smart air-conditioning energy-saving control systems", efficient and energy-saving "cooling water tower direct drive system solutions", and uses AI and IoT technologies to optimize applications in smart cities. However, false information and information security issues generated by AI may cause the public to lose trust in the government and enterprises, thereby increasing the risks of TECO's application of AI technology. For example, customers may be worried about data security and system reliability and be cautious about purchasing and using TECO AI products, which will not only affect technology implementation and market share, but also increase compliance costs and operational risks. At the same time, if the false information generated by AI directly attacks the industry or country of origin, it may cause market panic and stock price fluctuations, causing unnecessary damage to the company's reputation and financial status.	With global economic and geopolitical changes and the intensification of trade disputes, new tariffs and trade embargo policies have been implemented, which directly affects TECO's import and export business and the flow of raw materials and products. In addition, geopolitical changes also affect the stability and predictability of various markets, which in turn affects TECO's production efficiency and supply stability in the region. Therefore, TECO needs to balance between different markets in supply chain management, and how to cooperate with the original production base has become a challenge for TECO supply chain management to ensure cost and supply stability.
Measurements	In the face of risk generated by AI and concerns about information security, TECO has taken the following three major response measures: Build an information security management system (ISMS), participate in information security maturity ratings, integrate international information security standards such as IEC 62443, NIST SP 800-82, ISO/IEC 27001, and conduct comprehensive information security assessment and protection. TECO has established an Information Security Committee under the "Corporate Governance and Sustainability Committee" of the Board of Directors. The information security management unit "Digital Development Division" continues to supervise and implement information security enhancement measures to ensure that the company has dedicated departments and personnel to monitor and respond to potential information security threats and reduce operational risks caused by information distortion. TECO formulates an [Information Security Policy], lists information security as part of performance appraisal, and conducts information security education and training every year. And regularly verify information security management measures to ensure that trust crises and market fluctuations caused by information security can be quickly and effectively responded to and repaired, and corporate reputation and financial status are protected.	Facing geopolitical risks, TECO has taken the following three major response measures: Production base decentralization strategy: By establishing multiple production bases in different geographical locations, risks caused by geopolitics can be effectively reduced. Decentralized production bases can provide protection in the face of regional political unrest or natural disasters, ensuring TECO's operational stability. Regionalization strategy: By formulating and implementing a regionalization strategy, supply chain risks are spread to different regions and reduce dependence on a single region. TECO established a new production base in Mexico and adjusted the supply roles of existing factories in Taiwan, China and Vietnam to diversify supply chain risks. At the same time, by setting up production bases in different regions, we will accelerate and deepen the development of local markets and improve business resilience. Assessment of factory expansion opportunities: Evaluate possible factory expansion opportunities based on the dispersion of upstream and downstream production bases. By expanding existing production bases or establishing production bases in new regions, we can increase production capacity and production flexibility while reducing risks arising from a single region.