• In order to build a complete risk management system; strengthen effectiveness of corporate governance; ensure comprehensiveness, effectiveness, and reasonableness of risk management, as well as effectively evaluate and oversee risk-bearing capabilities of the Corporation to determine risk response strategies and implementation of risk management procedures, the Corporation's "Risk Management Regulation" and related "Risk Management Policies" were established following approval of the 27th meeting of the 8th Board on June 19, 2019 to provide reasonable assurance of the Corporation's mid- to long-term strategic plans and achievement of targets.
  • The Corporation has inventoried and identified, in a proactive and cost-effective manner, possible risks that may impact operations and profits due to Corporation business and operational activities, the main considerations being business environments, operations, finances, hazardous incidents, and other aspects. We have also reviewed comprehensiveness of corporate risk management procedures and effectiveness of risk management controls, and conducted risk evaluations of environmental, social, and corporate governance issues relating to operations by principle of materiality; these evaluations are used to establish implementation systems and identify main risk categories. For more information regarding these risks and relevant response measures and actions, please refer to the following table.
  • The Corporation's various committees (such as the Audit Committee, Safety Committee, Information Security Committee, Corporate Social Responsibility Team under the Corporate Governance Promotion Committee, and so on) all participated in establishing the aforementioned risk management measures, issues, evaluations, and polices, and are assisting in promotion thereof.
  • The Corporation's risk management implementation status and progress are reported to the Board each year.

    ✓ A risk management report for 2019 was approved by the 30th meeting of the 8th Board on September 18, 2019.
    ✓ A risk management report for 2020 was approved by the 6th meeting of the 9th Board on September 16, 2020.

  • Implementation structure for risk management: Implementation structure for risk management
  • Main risk categories, risk assessments, and response measures and actions:
Main risk categories, risk assessments, and response measures and actions
Material Issues Main Risk Categories Risk Assessments Risk Management Strategies and Related Response Measures and Actions
Environmental Environmental Risks Assess various environmental risks (such as global warming, extreme weather conditions, earthquakes, land subsidence, and formation of new fault lines) can cause revisions in laws and regulations, system damages, regional power cuts, and water shortages, which may affect service quality and increase maintenance and operation costs.
  1. Established environmental policies and implemented management according to our environment management manual. We have applied for ISO14001 certification and are seeking to establish environment management systems that adhere to these standards.
  2. Identified climate change risks and estimated future mid-to long-term climate change risks to formulate plans and strategies for saving energy. We also collaborated with professional institutions to analyze and formulate response strategies to climate change, effectively decreasing possible impacts to our operations from climate change.
  3. Collaborated with professional institutions to establish an early-warning system for earthquakes.
  4. Conducted assessments on land subsidence, new fault lines, flood prevention, and earthquake prevention capabilities to formulate improvement measures.
  5. Gained a full understanding of environmental hazards through DWS hazard warning systems, and conducted annual hazard prevention audits and regular and irregular drills.
Social Operational Safety Risks Assess HSR systems that may be affected by internal and external factors such as malfunctions of facilities and equipment, human error, intentional sabotage, or other external factors, which may affect train safety; cause injury to our employees, passengers, contractors, or the general public; or cause delay or cessation of rail operations.
  1. Established our safety and health, corporate quality, and configuration management policies, and implemented management according to our operational safety plan, occupational safety and health management manual, corporate quality manual, high-speed rail system configuration management manual, corporate RAMS manual, management plan for rail security, and assurance plan for corporate safety.
  2. Established an Operational Safety Committee which convenes every quarter, and also an Occupational Safety and Health Committee which convenes every quarter.
  3. Implemented internal audits and safety inspections of rail operation safety, occupational safety and health, quality management, configuration management, and system assurance.
  4. Implemented rail safety training, education and training for occupational safety and health, hazard management training, and hazard prevention and response drills and training.
Corporate Governance Information Security Risks THSRC is a Critical Information Infrastructure provider, and also a Level-A Cyber Security Responsibility Unit. Assess all HSR information systems and take into account various aspects including confidentiality, comprehensiveness, accessibility, and legal compliance.
  1. Formulated information security policy and software intellectual property rights protection policy, and implemented management according to information security management manual.
  2. Established Information Security Committee and convened information security review meetings once every six months.
  3. Established management procedures and systems according to international ISO27001 information security system.
  4. Implemented internal information security audits, drills and evaluations, information security inspections, penetration testing, defense-in-depth mechanisms, and education and training in accordance with requirements for Level-A Cyber Security Responsibility Units.
Financial Risks Assess changes in domestic and overseas economic and financial conditions that may impact our income, maintenance and operation costs, interest rates, and exchange rates, which in turn may affect our profitability and cash flows.
  1. Adhered to "International Financial Reporting Standards (IFRS)," "International Accounting Standards (IAS)," and government regulations.
  2. Underwent annual financial audits by competent authorities.
  3. Our managerial departments underwent monthly budgeting and accounting reviews and presented these to the Board every six months.
  4. Periodically issue quarterly and annual financial reports.
  5. Our Board conducted reviews of important financial activities in accordance with relevant regulations and internal control systems.