• In order to build a complete risk management system; strengthen effectiveness of corporate governance; ensure comprehensiveness, effectiveness, and reasonableness of risk management, as well as effectively evaluate and oversee risk-bearing capabilities of the Corporation to determine risk response strategies and implementation of risk management procedures, the Corporation's "Risk Management Regulation" and related "Risk Management Policies" were established following approval of the 27th meeting of the 8th Board on June 19, 2019 to provide reasonable assurance of the Corporation's mid- to long-term strategic plans and achievement of targets.
  • The Company's Audit Committee assists the Board of Directors in supervising the relevant operating mechanisms of risk management.
  • The Corporation has inventoried and identified, in a proactive and cost-effective manner, possible risks that may impact operations and profits due to Corporation business and operational activities, the main considerations being business environments, operations, finances, hazardous incidents, and other aspects. We have also reviewed comprehensiveness of corporate risk management procedures and effectiveness of risk management controls, and conducted risk evaluations of environmental, social, and corporate governance issues relating to operations by principle of materiality; these evaluations are used to establish implementation systems and identify main risk categories. For more information regarding these risks and relevant response measures and actions, please refer to the following table.
  • The Corporation's various committees (such as the Audit Committee, Safety Committee, Information Security Committee, Sustainable Development Team under the Corporate Governance Promotion Committee, and so on) and each risk category management authority and responsibility unit all participated in establishing the aforementioned risk management measures, issues, evaluations, and polices, and are assisting in promotion thereof.
  • Implementation Statuses

    The Corporation began actively promoting risk management procedures in 2018 and reports on implementations to the Board of Directors once every year. Main implementations in recent years include:

    ✓ 2018

    ◦ Risk management report was acknowledged by the Board of Directors in December 2018.

    ✓ 2019

    ◦ Risk management regulation and risk management policy were issued in 2019.

    ◦ Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2019.

    ✓ 2020

    ◦ Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2020.

    ✓ 2021

    ◦ Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2021.

    ✓ 2022

    ◦ Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2022.

    ✓ 2023

    ◦ Annual risk management report (including risk management implementation status and progress) was presented to the Audit Committee and the Board of Directors in September 2023. The report encompasses the Corporation's risk categories, important items for risk management, and risk assessments. Units responsible for management of different risk categories have all adopted appropriate response measures and made suitable records of risk management procedures and implementation results.

    ◦To strengthen risk management mechanisms, risk management courses have been organized for relevant personnel. A total of 5,086 personnel underwent 6,790 hours of training to strengthen their corporate risk management awareness and understanding.

  • Implementation structure for risk management: Implementation structure for risk management
  • Main risk categories, risk assessments and response measures:
Main risk categories, risk assessments and response measures
Material Issues Main Risk Categories Risk Assessments Risk Management Strategies and Related Response Measures
Environmental Environmental Risks Assess various environmental risks (such as global warming, extreme weather conditions, earthquakes, land subsidence, and formation of new fault lines) can cause revisions in laws and regulations, system damages, regional power cuts, and water shortages, which may affect service quality and increase maintenance and operation costs.
  1. Established environmental policies and implemented management according to our environment management manual. We have applied for ISO14001 certification and are seeking to establish environment management systems that adhere to these standards.
  2. Identified climate change risks and estimated future mid-to long-term climate change risks to formulate plans and strategies for saving energy. We also collaborated with professional institutions to analyze and formulate response strategies to climate change, effectively decreasing possible impacts to our operations from climate change.
  3. Collaborated with professional institutions to establish an early-warning system for earthquakes.
  4. Conducted assessments on land subsidence, new fault lines, flood prevention, and earthquake prevention capabilities to formulate improvement measures.
  5. Gained a full understanding of environmental hazards through DWS hazard warning systems, and conducted annual hazard prevention audits and regular and irregular drills.
Social Operational Safety Risks Assess HSR systems that may be affected by internal and external factors such as malfunctions of facilities and equipment, human error, intentional sabotage, or other external factors, which may affect train safety; cause injury to our employees, passengers, contractors, or the general public; or cause delay or cessation of rail operations.
  1. Established our safety and health, corporate quality, and configuration management policies, and implemented management according to our operational safety plan, occupational safety and health management manual, corporate quality manual, high-speed rail system configuration management manual, corporate RAMS manual, management plan for rail security, and assurance plan for corporate safety.
  2. Established an Operational Safety Committee which convenes every quarter, and also an Occupational Safety and Health Committee which convenes every quarter.
  3. Implemented internal audits and safety inspections of rail operation safety, occupational safety and health, quality management, configuration management, and system assurance.
  4. Implemented rail safety training, education and training for occupational safety and health, hazard management training, and hazard prevention and response drills and training.
Corporate Governance Information Security Risks THSRC is a national critical information infrastructure provider, and the cyber security responsibility levels shall be submitted to the Executive Yuan for approval by the Ministry of Transportation and Communications.
Depending on its cyber security responsibility levels, aassess all HSR information systems and take into account various aspects including confidentiality, comprehensiveness, accessibility, and legal compliance..
  1. Formulated information security policy and Copyright Protection Policy for Computer Software, and implemented management according to information security management manual.
  2. Established Information Security Committee and convened information security review meetings once every six months.
  3. Established management procedures and systems according to international ISO27001 information security system.
  4. Depending on its cyber security responsibility levels requirements, Implemented internal information security audits, drills and evaluations, information security inspections, penetration testing, defense-in-depth mechanisms, and education & training.
Financial Risks Assess changes in domestic and overseas economic and financial conditions that may impact our income, maintenance and operation costs, interest rates, and exchange rates, which in turn may affect our profitability and cash flows.
  1. Adhered to "International Financial Reporting Standards (IFRS)," "International Accounting Standards (IAS)," and government regulations.
  2. Underwent annual financial audits by competent authorities.
  3. Our managerial departments underwent monthly budgeting and accounting reviews and presented these to the Board every six months.
  4. Periodically issue quarterly and annual financial reports.
  5. Our Board conducted reviews of important financial activities in accordance with relevant regulations and internal control systems.