Risk management and Cyber Security

Risk Management System and Structure

Sustainable Operations Philosophy
  • The risk management policy will be adopted on March 15, 2022 as the highest guideline of risk management of the Company. The policy follows international standards and takes learning from benchmark companies. This policy is a realization of regulatory compliance to ensure Compal's sustainable operations.
  • Compal adopts a management system for finances, business and accounting pursuant to the FSC's Regulations Governing the Establishment of Internal Control Systems by Public Companies; and evaluates and monitors risk in operating activities. Managerial personnel ensure that any such risk is within an acceptable range by drawing up a risk management plan and response guidelines.
  • The Company adheres to regional government policies and regulations of its critical production base.
Designed for full participation in internal controls
  • The internal control system is based on the structure of the organization, authority and responsibilities, as well procedure control points. It is implemented through internal self-assessment and performance audits.
  • Internal self-assessments throughout all levels of operations and across 395 units are carried out (including departments and independent units). This year a total of 282 assessments were conducted according to procedure (including directors, vice-directors, general managers, independent directors, and other relevant managerial personnel).
3 Lines of defense - risk management structure
Taking into consideration IIA's Three Lines of Defense model, and practical operations based on Compal's organizational structure, we built a risk management organization system and procedure.
          
            Source of the materials: ECIIA/FERMA Guidance on the 8th EU Company Law Directive, Rule 41

2023 Risk identification and corresponding strategy

Compal performed Identification, Analysis and Evaluation based on the ISO 31000 framework and methodology, and determined 24 risk issues in five areas: Strategy, Finance, Operations, Regulatory Compliance, and the Environment. Considering the Company's resources, these issues were then prioritized in a risk matrix.

Following an analysis of the matrix, we determined specific risks for the three main risks based on the internal and external environment and drafted the  strategy:

Cyber Security

ISO 27001Information Security Policy
Compal Information Security Committee
Policies and Regulation for the Protection of Personal Data and Privacy

Compal formulates " Compal Group - Policies and Regulations for the Protection of Personal Data and Privacy ", stating that employees should abide by and protect various forms of personal data processing procedures, the scope of application, corrective actions, and disciplinary actions. " Compal Group - Policies and Regulations for the Protection of Personal Data and Privacy " applies to all group-wide in Compal. Compal has a designated department responsible for privacy issues and adopts a zero-tolerance policy for privacy protection.

If any relevant personnel is in breach of duty, Compal will take disciplinary actions and corrective actions to protect data privacy.

 
 
ISO 27001 Certification      Compal Group Policies and Regulations for the Protection of Personal Data and Privacy
 

Updated on July 14, 2023