Risk Management Policy
- In order to build a complete risk management system; strengthen effectiveness of corporate governance; ensure comprehensiveness, effectiveness, and reasonableness of risk management, as well as effectively evaluate and oversee risk-bearing capabilities of the Corporation to determine risk response strategies and implementation of risk management procedures, the Corporation's "Risk Management Regulation" and related "Risk Management Policies" were established following approval of the 27th meeting of the 8th Board on June 19, 2019 to provide reasonable assurance of the Corporation's mid- to long-term strategic plans and achievement of targets.
- The Corporation has inventoried and identified, in a proactive and cost-effective manner, possible risks that may impact operations and profits due to Corporation business and operational activities, the main considerations being business environments, operations, finances, hazardous incidents, and other aspects. We have also reviewed comprehensiveness of corporate risk management procedures and effectiveness of risk management controls, and conducted risk evaluations of environmental, social, and corporate governance issues relating to operations by principle of materiality; these evaluations are used to establish implementation systems and identify main risk categories. For more information regarding these risks and relevant response measures and actions, please refer to the following table.
- The Corporation's various committees (such as the Audit Committee, Safety Committee, Information Security Committee, Sustainable Development Team under the Corporate Governance Promotion Committee, and so on) all participated in establishing the aforementioned risk management measures, issues, evaluations, and polices, and are assisting in promotion thereof.
- Implementation Statuses
The Corporation began actively promoting risk management procedures in 2018 and reports on implementations to the Board of Directors once every year. Main implementations in recent years include:✓ 2018
◦ Risk management report was acknowledged by the Board of Directors in December 2018.✓ 2019
◦ Risk management regulation and risk management policy were issued in 2019.
◦ Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2019.✓ 2020
◦ Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2020.✓ 2021
◦ Annual risk management report (including risk management implementation status and progress) was acknowledged by the Board of Directors in September 2021.✓ 2022
◦ Annual risk management report (including risk management implementation status and progress) was presented to the Audit Committee and the Board of Directors in September 2022. The report encompasses the Corporation's risk categories, important items for risk management, and risk assessments. Units responsible for management of different risk categories have all adopted appropriate response measures and made suitable records of risk management procedures and implementation results.
◦ To strengthen risk management mechanisms, risk management courses have been organized for relevant personnel. A total of 88 personnel underwent 260 hours of training to strengthen their corporate risk management awareness and understanding.
- Implementation structure for risk management:
- Main risk categories, risk assessments and response measures:
|Material Issues||Main Risk Categories||Risk Assessments||Risk Management Strategies and Related Response Measures|
|Environmental||Environmental Risks||Assess various environmental risks (such as global warming, extreme weather conditions, earthquakes, land subsidence, and formation of new fault lines) can cause revisions in laws and regulations, system damages, regional power cuts, and water shortages, which may affect service quality and increase maintenance and operation costs.||
|Social||Operational Safety Risks||Assess HSR systems that may be affected by internal and external factors such as malfunctions of facilities and equipment, human error, intentional sabotage, or other external factors, which may affect train safety; cause injury to our employees, passengers, contractors, or the general public; or cause delay or cessation of rail operations.||
|Corporate Governance||Information Security Risks||THSRC is a Critical Information Infrastructure provider, and also a Level-A Cyber Security Responsibility Unit. Assess all HSR information systems and take into account various aspects including confidentiality, comprehensiveness, accessibility, and legal compliance.||
|Financial Risks||Assess changes in domestic and overseas economic and financial conditions that may impact our income, maintenance and operation costs, interest rates, and exchange rates, which in turn may affect our profitability and cash flows.||