In order to protect the interests of stakeholders such as employees, shareholders, collaborating partners, and clients, the Group established the “Risk Management Policies & Procedures” to define various risks in accordance with overall corporate operational guidelines, and to formulate advanced identification, accurate measurement, effective monitoring, and rigorous control risk management mechanisms to prevent possible losses within the scope of manageable risks. We continue to adjust and improve optimal risk management practices in accordance with internal and external environmental changes to enhance corporate sustainability values and optimize allocation of corporate resources.

 

 

Our risk management processes are based on corporate strategic goals and risk management policies, and encompass risk identification, analysis, measurement, response, supervision, and review. We conduct comprehensive risk identification processes at least once a year and use various analysis tools to assess potential impacts from risk events. We then formulate risk response strategies to avoid, transfer, control, or assume risks based on risk assessment results. Finally, we confirm risk supervision and review mechanisms to ensure that our risk management procedures operate effectively, and include achieved results in performance measurements and reports for continued improvement of risk management measures.

In 2023, we comprehensively incorporated Enterprise Risk Management (ERM) systems within the Ennostar Group. Risk management implementations are jointly completed by 36 units within Ennostar and its subsidiaries (EPISTAR, Lextar, and Unikorn), and risk identification, analysis, measurement, and response processes were executed in 2022-2023.

The Group combined Top-Down and Bottom-Up risk items to generate risk maps for Ennostar and all subsidiaries. The Group risk map for 2023 was completed following calibrations by Group senior managers.
(1)    Top-down: Senior managers within the Ennostar Group identified 6 risk scenarios which were incorporated into all Ennostar and subsidiary risk maps.
(2)    Bottom-up: A total of 36 units within the Ennostar Group participated in risk identification, analysis, measurement, and response procedures to identify 323 risk scenarios. Following evaluations, all units selected the Top 3 risks of concern for the year, and the remaining risks with scores exceeding 8 points were categorized as high level risks.
 

• The Top 5 risks for the Ennostar Group in 2023 were “technology development, supply chain (raw materials/production equipment), talent shortages, geopolitical conditions, and climate change (water shortages/power shortages)”; our short, medium, and long term response measures were as follows:

 

Audit units are responsible for evaluating internal control systems as well as reviewing system designs and implementation effectiveness to ensure compliance with corporate policies and government laws and regulations. The Group established internal control systems in accordance with the “Regulations Governing Establishment of Internal Control Systems by Public Companies.” Audit units adhere to internal control systems (including internal audit implementation rules, self-evaluation procedures, and methodologies) approved by the Board to implement and measure the effectiveness and compliance of current control systems and procedures.

The Group prompts all units and subsidiaries to conduct at least one self-evaluation each year. Internal audit units review self-evaluation reports from all units and subsidiaries, as well as improvements of internal control deficiencies and abnormalities discovered by audit units, to evaluate the effectiveness of and risks associated with internal control systems based on industry transaction practices and possibilities of fraud and corruption to provide a reference for the Board and our president when evaluating the effectiveness of internal control systems, issuing statements on internal control, and reporting annual audit results.

Internal audit units conduct various audits in accordance with annual audit plans approved by the Board and regularly reports audit results and subsequent corrections to the Board to realize audit benefits. The Group’s audit units conduct evaluations of internal control system effectiveness and risks each year based on transaction practices of main operating locations and possibilities of fraud and corruption, formulate annual audit plans and implement related audits according to said plans, and report Group audit results to the Ennostar Board and Audit Committee each year. In 2023, the Group conducted audits based on risk evaluation results and did not discover any major corruption incidents.

To strengthen Ennostar sustainability report quality and adherence to TWSE regulations, the “Sustainability Report Compilation and Verification Procedures” were approved by the Board in May 2023 and were used to incorporate Sustainability Report compilation and verification procedures in our internal controls.

For more information on corporate governance, please refer to our 2023 Annual Report.