Sustainable development is UMC’s highest priority, and robust risk management and appropriate crisis management are the major cornerstones to ensure sustainable operation. In order to reduce the negative impact and loss caused by major risk events, protect the rights and interests of stakeholders and maintain the company's image, UMC actively performs enterprise risk management, pre-crisis prevention and practice drills to facilitate timely and appropriate response capabilities for any possible crisis.
The Enterprise Risk Management Committee submitted the company’s risk management policies, procedures(mechanisms), areas, and organizational structure in the company's enterprise risk management manual to the Nominating Committee and the Board of Directors, and received approval on February 26, 2020.
The Company formulated the "Risk Management Policy" with reference to the framework of COSO ERM 2017, which was approved by the board of directors in 2019 as the highest guiding principle of the company's risk management.
Policy Content : Through risk management methods and organizations, UMC effectively prevents and controls enterprise risks, identifies possible opportunities, comprehensively implements risk management procedures in daily operations, shapes and deepens risk culture, and establishes complete and transparent risk communication with all stakeholders to maintain steady operations.
In accordance with the Company’s risk management policy, the Enterprise Risk Management Committee is responsible for coordinating relevant divisions and senior representatives of various organizations to identify internal and external risks, and to facilitate response measures for major risk affecting the entire organization. The Enterprise Risk Management Committee reports to the ESG Steering Committee to ensure alignment with the Company's sustainability strategy; and, the ESG Steering Committee is overseen by the Nominating Committee of Board-level (composed of 5 independent directors) and reports to the Board of Directors at least once a year to ensure alignment with the risk management policies, and implementation and effectiveness of risk management measures. In addition, UMC enterprise risk management also incorporates internal auditing and control functions, mainly led by the audit department and reports to the Audit Committee to ensure that the risks associated with operations have been effectively controlled.
The Enterprise Risk Management Committee consolidates risks in the areas of strategy, operation, finance and hazard.
The Enterprise Risk Management Committee consolidates risks in the areas of strategy, operation, finance and hazard, evaluates the possibility of their occurrence and the severity of their impact on the company (the impact assessment includes finance, operations, personnel, and company reputation), draws a risk map, and defines the priority order and risk level of risk items. After balancing reasonable risks and preventive costs that the enterprise can sustain, the risk management plans are drawn up and adopted. The committee periodically reviews possibility and severity of risks for changes over time to monitor the effectiveness of risk management plans and related control operations. At the same time, we also grasp the opportunities that may accompany risks.