Risk and Audit
Compal is an international conglomerate and faces multiple and often changing risks such as local regulations, competitors, and natural disasters. It is the responsibility of every Compal employee to overcome these challenges and maintain sustainable operation. One of the purposes of risk management is to discover in advance any risk factors that might adversely affect operations, to which the Company may then apply appropriate assessments and treatments to transfer risks and mitigate or prevent losses. Another purpose is to enable timely detection and warning of changes in the internal and external environment, thereby allowing employees worldwide to execute risk management practices within their areas of responsibility in a timely manner. The Company has established its own financial, sales, and accounting systems and a system for monitoring financial and business information of its subsidiaries in accordance with “Regulations Governing the Establishment of Internal Control Systems by Public Companies”. The Company has also set up relevant guidelines for supplier management, customer relations, R&D, human resources, financial affairs, credit/endorsement/guarantee arrangements with affiliated businesses, and acquisition/disposal of key assets. These policies, risk assessment standards, and procedures serve as a guideline by which employees may abide for risk assessment and management. Dedicated personnel has been appointed in every department to manage, control, minimize, and prevent risks for the Company.
The Internal Control System developed by Compal is implemented on two levels: the Overall Level and Operating Level. The Operating Level incorporates five main elements (Control Environment, Risk Assessment, Controls, Information and Communication, and Supervision), which have been implemented in every transaction cycle’s internal control system. In recent years, Compal has enhanced management of corporate risks by adopting practices such as risk detection, evaluation, reporting, response, and prevention. All are carefully and strictly operated based on the latest Regulations Governing the Establishment of Internal Control Systems by Public Companies, Corporate Governance, internal audit theories, practices, and codes.
In an attempt to protect the Company’s competitive advantages and intellectual property, Compal’s PCBD created a set of information security protocol and prevention procedures in accordance with Compal’s “Information Security Management System” and the government's regulations on information security. In doing so, we hope to protect the interests of the Company, customers, and employees while maintaining competitiveness. By following the Plan-Do-Check-Act (PDCA) management cycle, we continue to improve our information security system, fulfill contractual obligations, and ensure the security of customers’ information.
In 2005, Compal passed ISO 27001:2005 Information Security inspection and was awarded “ISO 27001:2005” certification by BSI. Since then, the scope of certification has been expanded and the Company has been conducting regular follow-ups twice every year and a review audit once every three years to ensure the validity of this certification. Compal passed the new certification for ISO 27001:2013 in September 2015 and received “ISO 27001:2013” certification.
The scope of certification has since been expanded to cover the IT Department, R&D activities of portable computers, all-in-one computers, and auto electronics. The Company received proof of validity in two reviews conducted in 2016. The server product development was included in the scope of certification in March 2017 and passed the review audit for compliance with the new requirements.
In order to fulfill our commitment to “sustainable operations and customer satisfaction”, the Company has assembled an “Information Security Committee” to serve as the highest governing body of information security within the Company. The Committee is responsible for coordinating issues concerning information security projects, policies, goals, and resources, as well as enforcing information security policies, conveying information security awareness, and ensuring participation from all employees for the protection of information security. Compal’s PCBD received no complaints about violation of customer privacy or loss of customer information in 2017.
Compal encouraged employees to devote themselves to the research, development, and innovation of related products. The promotion of technology R&D results and the quality and functions of the Company’s product can enhance the competitiveness of the Company and open up future development turning points. Every year the online system received employees’ patent invention application. After the related procedure investigation and voting, the Patent Advisory Committee decided whether to register the patent or not. For proposals that enter the Advisory Committee, the inventor and the co-inventor receive a proposal bonus for encouragement.
When registering patents, the quality of application was of utmost concern in Compal. Given Compal's production and sales activities, patents were generally registered in Taiwan, China, and the USA.
As for education training, Compal has planned the “new recruits R&D training – patent-related information introduction” to introduce patent related information to the new recruits. Courses include trademark rights, copyrights, patents and information security protection, and related notices when participating in a project so that the new recruits can have a certain understanding of patent. When the R&D Department had a demand, the Patent Department designed advanced individual education training courses. By illustrating and sharing different patent themes for different functional departments, the employees improved their knowledge about patents.