“Comprehensive risk strategies and steadfast operations” are important parts of thinking on OUCC’s sustainable development. In addition to overall management planning for risks and setting up the general responsive strategies and procedures, individual units will also make their own appropriate plans. Such precautionary planning will ensure the impact of an untoward event on company operation will be minimized through regular testing and drills.
Risk Management Organization
To ensure a balance between business operation and risk management, we have established a sound management and organizational system. Responsive measures can be taken for all business operation risks starting from the management level to ensure business stability and reliability.
Assess and Respond to Climate Change Risk
The impact of climate change on company operations has become a vital concern for global companies. In recent years, the entire planet has been affected by increasingly severe and more extreme climate. Floods and draughts, typhoons, and all kinds of other natural disasters have struck every corner of the globe, bringing the impacts such as compound disasters, water shortages, and devastating infrastructural damage. To gain a better understanding of the impact of extreme weather, in 2018 OUCC completed a questionnaire from the Industrial Development Bureau, Ministry of Economic Affairs, addressing extreme climate issues such as “flooding”, “water shortage”, “high temperature” and “power shortage”. A preliminary assessment of the level and extent of the impact of these issues on the manufacturing industry was then conducted.
In addition, OUCC also adopted the “Recommendations of the Task Force on Climate-Related Financial Disclosure (TCFD)” framework since 2019 to measure and evaluate the impact of climate change, and draft an energy resource usage strategy that would save energy and reduce carbon emission, and mitigate the impact of extreme climate and the consequential forces on the plants. Also, more investment is dealt to improve the energy consumption of manufacturing processes, which is also part of the action plan of OUCC in response to the climate change.
OUCC follows TCFD to formulate the management and control mechanism as follows:
Sound Internal Control System
Approved by the Board of Directors, the internal control system of the OUCC is to be implemented by the Board, the management, and other employees and is designed to provide sound management and to achieve objectives of the internal control system.
Effective operation of the internal control system is ensured by an independent audit department directly responsible to the Board of Directors. In addition to regular business audit reports to the audit committee, the audit officer also reports at the Board of Directors meetings. At the same time, abide by corporate governance code of practice regulations, the appointment and removal, evaluation, salary of audit staff are submitted to the Chair for approval by the audit manager on a regular basis.
OUCC places high value on CSR related issues, internal control, and the internal audit. The 2020 audit plan included reviews on corporate governance, financial operations, environmental and labor safety, as well as information, R&D and other related operations, which were conducted to ensure company operations and information disclosure met the expectations of all the stakeholders.
Information Security Risk Management
To safeguard the information from the impact of unendurable risks, OUCC adopts the concept of Business Continuity Planning (BCP) to regulate the information management mechanism, and establish the systematic analysis and information security management guidelines.
1. Information Security Organization
OUCC’s risk transfer and contingency strategies include management mechanisms such as risk assessment, risk transfer, emergency response and audit maintenance for proper operation of the information system.
2. Management Approach
OUCC’s risk transfer and contingency strategies include management mechanisms such as risk assessment, risk transfer, emergency response and maintenance audit to secure proper operation of the information system.
3. Action Program
In 2020, necessary steps were taken to strengthen the information security mechanism. The original OUCC application system that allows external suppliers to log in was changed to a direct login procedure through the OUCC official website. To further strengthen security and allay concern, a safer two-tier authentication mechanism was implemented for external personnel login from outside for business purposes.
In addition, we also introduced SSL certificates to establish a standard specification for a password link between the website server (host) and the website browser (client), so that personal data and internal information is retained when sending information to the website through the reliable connection between the two sides. This complied with corporate standard specifications, and protected the safety of the customers’ online information. SSL certificates were utilized to protect the data, so that they cannot be accessed when sending between the server and browser in order to avoid being monitored by others.