Enterprise Risk Management

The Enterprise Risk Management Committee consolidates risks in the areas of strategy, operation, finance and hazard.

For above areas, evaluates the possibility of their occurrence and the severity of their impact on the company (the impact assessment includes finance, operations, personnel, and company reputation), draws a risk map, and defines the priority order and risk level of risk items. After balancing reasonable risks and preventive costs that the enterprise can sustain, the risk management plans are drawn up and adopted. The committee periodically reviews possibility and severity of risks for changes over time to monitor the effectiveness of risk management plans and related control operations. At the same time, we also grasp the opportunities that may accompany risks.

UMC targets strategic, operational, financial, and hazard risk areas, identifies key risks and formulates countermeasures, including environment, social, corporate governance and emerging global risks related to the company's operations. For detailed response measures, please refer to 2020 CSR Report Chapter 1-3 Implementing Risk Management.

The company has actively promoted and implemented the risk management mechanism since 2018, and began reporting its operations to the Nominating Committee and the Board of Directors at least once a year in 2020.

• The Enterprise Risk Management Committee submitted the company’s risk management policies, mechanisms, procedures, scope, and organizational structure to the Nominating Committee and the Board of Directors, and received approval in February 2020. It also reported the company’s major risks in 4 areas : strategies, operations, finances, and hazard, countermeasures and risk management results, including considerations of environmental, social, corporate governance risks and emerging global risks related to the company's operations.
• The Enterprise Risk Management Committee formulated the "Enterprise Risk Management Manual" standard in 2020 for all employees to follow; it also organized risk education and training for core members of risk management to enhance the risk awareness of the company's employees and strengthen the establishment of a risk culture.