The Organizational Structure of Risk Governance and Management
In order to actualize the sustainable development of St.Shine Optical, we implement risk management throughout operational processes, uphold corporate governance, safeguard shareholders' interests, protect the rights of stakeholders, and achieve our business strategies and objectives. Hence, in accordance with the relevant provisions of the “Regulations Governing Establishment of Internal Control Systems by Public Companies” and the “Risk Management Best Practice Principles for TWSE/TPEx Listed Companies” we have formulated the 'Risk Management Policy and Procedures.
Board of Directors: The top governance unit in the risk management of the company, the responsibilities and roles are as follows:
- Validate risk management policies, procedures, and frameworks.
- Ensure alignment between operational strategies and risk management policies.
- Ensure the establishment of appropriate risk management mechanisms and a risk management culture.
- Oversee and ensure the effective operation of the overall risk management mechanisms.
- Allocate and guide sufficient and appropriate resources for the effective functioning of risk management.
Audit Committee: Responsibilities and roles in supervising risk management operational mechanisms are as follows:
- Review risk management policies, procedures, and frameworks, and regularly assess their applicability and effectiveness in execution.
- Determine risk tolerance levels and guide resource allocation.
- Ensure that the risk management mechanisms adequately address the risks faced by the company and integrate them into the daily operational processes.
- Determine the priority order and risk levels for risk control.
- Review the implementation of risk management, propose necessary improvement suggestions, and report annually to the Board of Directors.
- Execute risk management decisions of the Board of Directors.
Risk Management Team: The CEO serves as the convener, with the highest executives from each department as risk management members. Their responsibilities and roles are as follows:
- Formulate risk management policies, procedures, and frameworks.
- Develop risk tolerance levels and establish qualitative and quantitative measurement standards.
- Analyze and identify sources and categories of company risks, regularly reviewing their applicability.
- Compile an annual report summarizing and submit it regarding the company's risk management execution.
- Assist and oversee the implementation of risk management activities in various departments.
- Coordinate inter-departmental interaction and communication for the operation of risk management.
- Execute risk management decisions made by the Audit Committee.
- Plan risk management-related training to enhance overall risk awareness and culture.
Operating Units: Responsibilities and roles are as follows:
- Responsible for identifying, analyzing, assessing, and responding to risks within their respective units, establishing relevant crisis management mechanisms when necessary.
- Regularly report risk management information to the Risk Management Team.
- Ensure the effective implementation of risk management and related control procedures within their units to comply with risk management policies.
Audit Room: As an independent unit reporting to the Board of Directors, it formulates an annual audit plan based on this policy, procedures, and risk assessments. It reports to the Board of Directors regarding the execution status of risk management and audit results.
Operation and Execution of Risk Management
The company's risk management process includes risk identification, risk analysis, risk assessment, risk response, and supervision and review mechanisms. The Risk Management Team formulated the "Risk Management Policy and Procedures," which were reviewed by the Audit Committee and approved by the Board of Directors, and conducted identification of strategic risks, operational risks, financial risks, information risks, and compliance risks in accordance with the principles of significance and the company's strategic objectives. A comprehensive enterprise and operational-level risk identification is conducted at least once a year, with reports submitted to the Audit Committee and the Board of Directors.
The operation and execution of risk management of 2024 is as follows :