To protect the interests of employees, shareholders, partners, clients, and other internal and external stakeholders, the Ennostar Group adheres to international risk management guidelines; the Board-approved “Risk Management Policies and Procedures” serves as our highest guideline for risk management. The Group adheres to established risk management policies and actively established a risk management framework including systems and processes which define various risks based on corporate operational strategies. We built mechanisms for early identification, assessment, accurate measurement and response, eective supervision, and strict control of operational risks, as well as mechanisms for internal risk reporting and response, forming a comprehensive internal risk management system framework that embeds risk management culture into daily operations and enhances business resilience. We combine these mechanisms with annual systemic assessment and identification of material risk topics to help our management team make decisions, continually improve best practices for risk management, enabling us to create and enhance corporate value as we fulfill our commitment to corporate sustainability.

 

 

To ensure that all responsible units eectively implement risk management activities, adhere to the “Risk Management Policies and Procedures,” and realize risk management targets, the Ennostar Group formulated the “Risk Management Operational Procedures” stipulating risk management operational procedures and related issues to serve as a guideline. The Risk Management Operational Procedures include risk identification, risk analysis, risk assessment, risk response, risk supervision and review, and risk reporting and disclosure risk management processes.

Our risk management processes are based on corporate strategic goals and risk management policies, and encompass risk identification, analysis, measurement, response, supervision, and review. The Group conducts comprehensive risk identification processes at least once a year, compiles past experiences, and assesses possible risks in future operations. Our senior executives conduct identification of key and emerging risks, and the business units of major subsidiaries also conduct risk identification activities and disclose identified risks and management achievements. We analyze potential impacts from risk events based on risk assessment results, and then formulate risk response strategies as well as prevention, warning, response, crisis management, and business continuity plans to mitigate, transfer, and avoid risks. Finally, we confirm risk supervision and review mechanisms to ensure that our risk management procedures operate eectively, and include risk response plans in performance measurements and reports, which are compiled and reported to the Sustainability & ERM Committee by the Risk Management Team every six months to continue improving risk management implementation benefits and enhance overall operational decision-making.

Group Risk Assessment and Analysis

To achieve our goal of strengthening ERM systems, the Group’ s executive secretary conducted Group risk assessment procedures in 2024 under the guidance of external consultants and completed Ennostar’s Top Down and Bottom Up enterprise risk maps.

• During the risk assessment period, we met with the consultants every two weeks and discussed subsidiary risk management assessment issues for more than 100 hours.
• Completed Ennostar Group advanced risk management interim and final reports (one meeting for each report), 3 Risk Management Committee meetings, and the Ennostar Group advanced risk map calibration meeting (a total of 3 meetings, including meetings for subsidiaries).
• Ennostar and subsidiaries EPISTAR and Lextar hosted one risk management team meeting each month (a total of 36 monthly meetings) where executive secretaries worked with other unit managers to supervise and track progress on risk projects.
• A total of 33 Ennostar and subsidiary units implemented annual risk analyses and assessments, completing a total of 254 risk analyses and formulating 24 action plans to reduce operational risks and increase corporate resilience.

Improve Notification and Response Mechanisms For Emergencies

• Conducted two Group risk scenario drills to eectively strengthen Group reporting procedures for major emergency incidents, enabling senior executives to grasp related risk incident information at the first instance, make decisions, and provide direction to eectively reduce risk impacts.
• Convened and completed review meetings and tracking of subsequent corrections for two major emergency incidents in 2024, and reported implementation results at Risk Management Committee meetings.

Reporting Mechanism for Major Emergency Incidents

Apart from regularly reviewing corporate management risks, the Ennostar Group has also established reporting mechanisms for major emergency incidents to enable rapid and accurate responses, and to reduce impacts from risk incidents.

• Established risk incident scope and impact reporting standards for domestic and foreign emergency incidents, information security incidents, and environmental safety incidents.
• Formed Group senior executive decision-making team and sub-Group reporting and monitoring teams.
• Established procedures: Established prompt reporting, monitoring, and assessment response plans for major emergency incidents, and formulated reporting, response, and monitoring standard procedures for senior executive decision-making team. All departments handle follow-up actions based on their responsibilities and continue monitoring and reporting of major incidents to keep informed of and lower impacts and risks from major emergency incidents.
• When major emergency risk incidents occur, we immediately initiate emergency risk evaluation procedures in accordance with our risk management processes, and evaluation results are included in our risk knowledge database to prevent future risk incidents.