Risk Management Policy
- In order to build a complete risk management system; strengthen effectiveness of corporate governance; ensure comprehensiveness, effectiveness, and reasonableness of risk management, as well as effectively evaluate and oversee risk-bearing capabilities of the Corporation to determine risk response strategies and implementation of risk management procedures, the Corporation's "Risk Management Regulation" and related "Risk Management Policies" were established following approval of the 27th meeting of the 8th Board on June 19, 2019 to provide reasonable assurance of the Corporation's mid- to long-term strategic plans and achievement of targets.
- The Corporation has inventoried and identified, in a proactive and cost-effective manner, possible risks that may impact operations and profits due to Corporation business and operational activities, the main considerations being business environments, operations, finances, hazardous incidents, and other aspects. We have also reviewed comprehensiveness of corporate risk management procedures and effectiveness of risk management controls, and conducted risk evaluations of environmental, social, and corporate governance issues relating to operations by principle of materiality; these evaluations are used to establish implementation systems and identify main risk categories. For more information regarding these risks and relevant response measures and actions, please refer to the following table.
- The Corporation's various committees (such as the Audit Committee, Safety Committee, Information Security Committee, Corporate Social Responsibility Team under the Corporate Governance Promotion Committee, and so on) all participated in establishing the aforementioned risk management measures, issues, evaluations, and polices, and are assisting in promotion thereof.
- Implementation Statuses
Starting from 2018, the Corporation is active in promotion of risk management mechanism and reports to the Board of Directors regarding the operation statuses. Main operation implementation statuses are as follows:✓ 2018
◦ In December 2018, the risk management report was reported to the Board of Directors.✓ 2019
◦ The risk management regulation and policy were issued in 2019.
◦ In September 2019, the annual risk management report (risk management implementation status and progress) was reported to the Board of Directors.✓ 2020
◦ In September 2020, the annual risk management report (risk management implementation status and progress) was reported to the Audit Committee and the Board of Directors. The report included risk category, risk management and assessment, as well as relevant response measurement of each responsible unit and information of implementation status and result.
◦ In order to strengthen the risk management mechanism, as well as corporate cultural awareness and cognitive, the Corporation arranged risk management training courses for a total number of 383 employees, with a total number of 1,245 training hours.
- Implementation structure for risk management:
- Main risk categories, risk assessments and response measures:
|Material Issues||Main Risk Categories||Risk Assessments||Risk Management Strategies and Related Response Measures|
|Environmental||Environmental Risks||Assess various environmental risks (such as global warming, extreme weather conditions, earthquakes, land subsidence, and formation of new fault lines) can cause revisions in laws and regulations, system damages, regional power cuts, and water shortages, which may affect service quality and increase maintenance and operation costs.||
|Social||Operational Safety Risks||Assess HSR systems that may be affected by internal and external factors such as malfunctions of facilities and equipment, human error, intentional sabotage, or other external factors, which may affect train safety; cause injury to our employees, passengers, contractors, or the general public; or cause delay or cessation of rail operations.||
|Corporate Governance||Information Security Risks||THSRC is a Critical Information Infrastructure provider, and also a Level-A Cyber Security Responsibility Unit. Assess all HSR information systems and take into account various aspects including confidentiality, comprehensiveness, accessibility, and legal compliance.||
|Financial Risks||Assess changes in domestic and overseas economic and financial conditions that may impact our income, maintenance and operation costs, interest rates, and exchange rates, which in turn may affect our profitability and cash flows.||