Risk management and Internal Control

Risk and Audit

Compal is an international conglomerate and faces multiple and often changing risks such as local regulations, competitors, and natural disasters. It is the responsibility of every Compal employee to overcome these challenges and maintain sustainable operation. One of the purposes of risk management is to discover in advance any risk factors that might adversely affect operations, to which the Company may then apply appropriate assessments and treatments to transfer risks and mitigate or prevent losses. Another purpose is to enable timely detection and warning of changes in the internal and external environment, thereby allowing employees worldwide to execute risk management practices within their areas of responsibility in a timely manner. The Company has established its own financial, sales, and accounting systems and a system for monitoring financial and business information of its subsidiaries in accordance with “Regulations Governing the Establishment of Internal Control Systems by Public Companies”. The Company has also set up relevant guidelines for supplier management, customer relations, R&D, human resources, financial affairs, credit/endorsement/guarantee arrangements with affiliated businesses, and acquisition/disposal of key assets. These policies, risk assessment standards, and procedures serve as a guideline by which employees may abide for risk assessment and management. Dedicated personnel has been appointed in every department to manage, control, minimize, and prevent risks for the Company.
The Internal Control System developed by Compal is implemented on two levels: the Overall Level and Operating Level. The Operating Level incorporates five main elements (Control Environment, Risk Assessment, Controls, Information and Communication, and Supervision), which have been implemented in every transaction cycle’s internal control system. In recent years, Compal has enhanced management of corporate risks by adopting practices such as risk detection, evaluation, reporting, response, and prevention. All are carefully and strictly operated based on the latest Regulations Governing the Establishment of Internal Control Systems by Public Companies, Corporate Governance, internal audit theories, practices, and codes. 

Information Security

In order to maintain the company's competitive advantage and valuable intellectual property, and ensure that the information and information system for product operation are properly protected, the Compal Business Center establishes, records, implements and maintains the Compal information security management system in accordance with the requirements of ISO27001 standard, internal audit to be conducted twice a year and enacts the information security policy as the highest guiding principle. The statement of information security is "to ensure continuous operation and improve customer satisfaction”. According to ISO standards, internal audit is conducted twice a year. With the efforts of all colleagues, in 2020, Compal did not have any complaints about the violation of customer privacy or the loss of customer information. Compal continues to strengthen control requirements for information security, reinforces company password policy, and adjusts the original password setting of previous 3 generations that cannot be reused repeatedly to 10 generations. Also, it has strengthened identity authentication mechanism for company account, and introduce two-factor authentication to enhance the security of remote login for internal resources to prevent illegal users from accessing company resources or customer information.
In 2005, Compal passed the information security verification of ISO 27001:2005, and obtained the certificate of "Information Security Management System ISO 27001:2005" issued by BSI, and gradually expanded its scope of verification, which is tracked twice a year and re-audited every three years. In 2014, the IT Center was included in the scope of verification in addition to the original R&D unit, and the cerfications were reviewed again and approved. In 2015, Compal passed the verification of the new version of ISO 27001:2013, and obtained the certificate of "Information Security Management System ISO 27001:2013". In 2017& 2020, it passed the re-verification successively, and then it was re-verified every three years afterwards, meeting the requirements of the new version of the specification. The scope of verification covers the IT Center, portable computer products R&D, All-in-one computer products, automotive electronic products and server products. In October 2020, the scope of verification was expanded to four plant compounds at Kunshan to ensure the effective operation of management system for information security.
The Information Security Committee is the organization for the coordination and execution of Compal information security related operations and various activities. It has one chairman and one deputy chairman. According to management needs, several members may be set up, with the head of the department and above as ex officio members. An executive secretary is also set up to be responsible for administrative affairs. The Information Security Committee has an Information Security Implementation Team, which is composed of staff from the Information Security Team of the Information Headquarters, which handles the establishment, promotion, maintenance, audit and training of information security, and one person is appointed as the head of the Information Security Implementation Team. Report its implementation to the board of directors once a year. When necessary, the capital committee may invite external information security consultants to attend and serve as advisors.
Compal's asset security policy is as follows:
1. Implement risk assessment of information assets.
2. Maintain the confidentiality, integrity and availability of important information assets.
3. Continuous improvement of information security system through Plan-Do-Check-Act (PDCA) management cycle.
4. Make sure to abide by customer contract and ensure customer information security.
5. Follow and comply with government information security regulations.
6. The participation of all employees and subcontractors.
IS 93105 Certification 


Compal encouraged employees to devote themselves to the research, development, and innovation of related products. The promotion of technology R&D results and the quality and functions of the Company’s product can enhance the competitiveness of the Company and open up future development turning points. Every year the online system received employees’ patent invention applications. After the related procedure investigation and voting, the Patent Advisory Committee decided whether to register the patent or not. For proposals that enter the Advisory Committee, the inventor and the co-inventor receive a proposal bonus for encouragement.
When registering patents, the quality of application was of utmost concern in Compal. Given Compal's production and sales activities, patents were generally registered in Taiwan, China, and the USA.
As for education training, Compal has planned the “new recruits R&D training – patent-related information introduction” to introduce patent related information to the new recruits. Courses include trademark rights, copyrights, patents and information security protection, and related notices when participating in a project so that the new recruits can have a certain understanding of patent. When the R&D Department had a demand, the Patent Department designed advanced individual education training courses. By illustrating and sharing different patent themes for different functional departments, the employees improved their knowledge about patents.​​


September 03, 2021