跳到主要內容
:::
:::

Risk Management Policy

  • In order to build a complete risk management system; strengthen effectiveness of corporate governance; ensure comprehensiveness, effectiveness, and reasonableness of risk management, as well as effectively evaluate and oversee risk-bearing capabilities of the Corporation to determine risk response strategies and implementation of risk management procedures, the Corporation's "Risk Management Regulation" and related "Risk Management Policies" were established following approval of the 27th meeting of the 8th Board on June 19, 2019, the "Risk Management Measures" were revised to "Risk Management Procedures" in 2024 and were approved by the 15th Board of Directors of the 10th session on July 10 to provide reasonable assurance of the Corporation's mid- to long-term strategic plans and achievement of targets, and to assist the company's stable operation and sustainable development.
  • The Company's Audit Committee assists the Board of Directors in supervising the relevant operating mechanisms of risk management.
  • The Corporation has inventoried and identified, in a proactive and cost-effective manner, possible risks that may impact operations and profits due to Corporation business and operational activities, the main considerations being business environments, operations, finances, hazardous incidents, and other aspects. We have also reviewed comprehensiveness of corporate risk management procedures and effectiveness of risk management controls, and conducted risk evaluations of environmental, social, and corporate governance issues relating to operations by principle of materiality; these evaluations are used to establish implementation systems and identify main risk categories. For more information regarding these risks and relevant response measures and actions, please refer to the following table.
  • The Corporation's various committees (such as the Audit Committee, Safety Committee, Information Security Committee, Sustainable Development Promotion Committee, and so on) and each operating units all participated in establishing the aforementioned risk management measures, issues, evaluations, and polices, and assist in promotion.

Implementation Statuses

The Corporation began actively promoting risk management procedures in 2018 and reports on implementations to the Board of Directors once every year. Main implementations in recent years include:

2018
• Risk management report was acknowledged by the Board of Directors in December 2018.

2019
• Risk management regulation and risk management policy were issued in 2019.
• Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2019.

2020
• Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2020.

2021
• Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2021.

2022
• Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2022.

2023
• Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2023.

2024
• Annual risk management enforcement report was presented to the Audit Committee and the Board of Directors in September 2024. The report encompasses the Corporation's risk categories, important items for risk management, and risk assessments. Units responsible for management of different risk categories have all adopted appropriate response measures and made suitable records of risk management procedures and implementation results.
• To strengthen risk management mechanisms, risk management courses have been organized for relevant personnel. A total of 5,224 personnel underwent 6,453 hours of training to strengthen their corporate risk management awareness and understanding.

Implementation structure for risk management:

Risk Assessments and Response Measures

Main risk categories, risk assessments and response measures:

Main risk categories, risk assessments and response measures:
Main Risk Categories Risk Assessments Risk Management Strategies and Related Response Measures
Strategic Risks Assess the possible impact of the company's adoption of other alternative renewable energy sources or measures to reduce greenhouse gas emissions under the green energy policy.
  1. There is an Environmental Management Committee, which holds regular meetings to supervise the operation of the environmental management system.
  2. We conduct greenhouse gas inventory and verification every year, continue to promote the optimization of operating equipment to save energy and reduce carbon, and launch a sustainable information financial disclosure project.
  3. Provide education and training to familiarize employees with environmental laws and strengthen environmental awareness.
Operating Risks Assess HSR systems that may be affected by internal and external factors, such as malfunctions of facilities and equipment, human error, intentional sabotage or other external factors, which may affect train safety; cause physical or mental harm to our employees, passengers, contractors or the general public; or cause delay or cessation of rail operations.
  1. Established our safety and health, corporate quality, and configuration management policies, stating that illegal violations in the workplace will not be tolerated, and implemented management according to our operational safety plan, occupational safety and health management manual, grievance Regulation, corporate quality manual, high-speed rail system configuration management manual, corporate RAMS manual, management plan for rail security, assurance plan for corporate safety, and other regulations.
  2. Established an Operational Safety Committee which convenes every quarter, and also an Occupational Safety and Health Committee which convenes every quarter.
  3. Continue to promote occupational safety culture and prevent illegal violations in the workplace to all colleagues.
  4. Implemented rail safety training, education and training for occupational safety and health, hazard management training, and hazard prevention and response drills and training, and conduct climate change hazard prevention lectures in a timely manner.
  5. Implemented internal audits and safety inspections of rail operation safety, occupational safety and health, quality management, configuration management, and system assurance.
Environmental Risks Assess various environmental risks (such as global warming, extreme weather conditions, earthquakes, land subsidence, formation of new fault lines, and natural resource loss) can cause revisions in laws and regulations, system damages, regional power cuts, and water shortages, which may affect service quality and increase maintenance and operation costs.
  1. Established environmental policies and implemented management according to our environment management manual. We have applied for ISO14001 certification and are seeking to establish environment management systems that adhere to these standards.
  2. Identified climate change risks and estimated future mid-to long-term climate change risks to formulate plans and strategies for saving energy. We also collaborated with professional institutions to analyze and formulate response strategies to climate change, effectively decreasing possible impacts to our operations from climate change.
  3. Collaborated with professional institutions to establish an early-warning system for earthquakes.
  4. Conducted assessments on land subsidence, new fault lines, flood prevention, and earthquake prevention capabilities to formulate improvement measures.
  5. Gained a full understanding of environmental hazards through DWS hazard warning systems, and conducted annual hazard prevention audits and regular and irregular drills.
Financial Risks Assess changes in domestic and overseas economic and financial conditions that may impact our income, maintenance and operation costs, interest rates, and exchange rates, which in turn may affect our profitability and cash flows.
  1. Adhered to "International Financial Reporting Standards (IFRS)," "International Accounting Standards (IAS)," and government regulations.
  2. Underwent annual financial audits by competent authorities.
  3. Our managerial departments underwent monthly budgeting and accounting reviews and presented these to the Board every six months.
  4. Periodically issue quarterly and annual financial reports.
  5. Our Board conducted reviews of important financial activities in accordance with relevant regulations and internal control systems.
Information Risks THSRC is a national critical information infrastructure provider, and the cyber security responsibility levels shall be submitted to the Executive Yuan for approval by the Ministry of Transportation and Communications. Depending on its cyber security responsibility levels, assess all HSR information systems and take various aspects into account, including confidentiality, comprehensiveness, accessibility, and legal compliance.
  1. Formulated information security policy and Copyright Protection Policy for Computer Software, and implemented management according to information security management manual.
  2. Established Information Security Committee and convened information security review meetings once every six months.
  3. Established management procedures and systems according to international ISO27001 information security system.
  4. Depending on its cyber security responsibility levels requirements, implemented internal information security audits, drills and evaluations, information security inspections, penetration testing, defense-in-depth mechanisms, and education & training.
Compliance Risks Based on the understanding and measurement of laws and regulations issued by the competent authorities, we effectively update the company's internal rules and regulations to reduce any possible impact.
  1. The company's relevant policy statements state that it abides by laws, establishes a legal compliance culture, and has Law Compliance Management Regulation to facilitate all business activities to comply with relevant laws and regulations and reduce legal risks.
  2. Each business unit regularly reviews applicable laws, formulates relevant regulations in accordance with the laws of the competent authorities, and self-assesses legal compliance risks and implementation in the internal control system.
  3. Convene legal compliance representative meetings every quarter to continuously improve and track legal compliance status.
Goodfaith Risks Evaluate that company personnel, in the course of executing business, directly or indirectly provide, accept, promise or request any improper benefits in order to obtain or maintain benefits, or engage in other violations of integrity, illegality or breach of fiduciary obligations, which may have a negative impact on the company's reputation, finance and shareholder's trust, etc.
  1. There is the Ethical Management Team, which is responsible for reviewing and improving the Company's integrity management policies and promotion measures.
  2. There are regulations such as a code of ethical conduct, Ethical Corporate Management Best Practice Principles, Code of Conduct, work rules, Reward and Discipline Regulation, etc. to prevent and control behavior that do not comply with the principle of integrity and violate internal regulations.
  3. Formulate Supply chain management policy, Procument Regulation and other regulations, as well as principles for handling abnormal behavior of manufacturers to strengthen sustainable supply chain management, and indicate anti-corruption policies and procedures, to comply with fair, just and open bidding practices.
  4. Continue to hold relevant training courses and promotions for new employees and all employees to convey correct values and company regulations.