Risk Management Policy and SOP

Based on ethical corporate management, we actively promote and implement the risk management mechanism to ensure steady operations and sustainable development and lower potential operational risk. In 2020, the BOD approved the establishment of the “Risk Management Policy and SOP.” Accordingly, the President’s Office shall supervise the operations and performance of each risk management unit, periodically assess risk every year, define different types of risk according to USI’s overall business policy, establish a risk management mechanism for the early identification, accurate measurement, effective supervision, and strict control of risks to prevent potential risks within the bearable range. The President’s Office should also keep track on the development of the risk management system at home and abroad to review and improve this policy and optimize the risk management method through continual adjustment, in order to enhance USI’s risk management effectiveness to protect the interests of USI, employees, shareholders, and stakeholders.

A complete policy includes the risk management organization, risk management process, and risk management category and mechanism.

Please refer to the Risk Management Policy and SOP for details.

Risk Management Organization Framework

For effective risk management, the BOD, Audit Committee, President’s Office, Audit Office, all risk management units, and all subsidiaries participate in and operate the risk management mechanism.

Please refer to the Risk Management Policy and SOP for details.

USI-CSR-Risk Management

Risk Management Process

The risk management units of USI review the characteristics of their business and operations, identify the potential risk factors in business operations, develop a complete risk category framework, and establish appropriate measuring methods for the reference of risk management.

All risk management units shall constantly monitor the risks in their business and propose countermeasures, periodically report the risk status to the senior management for the reference of management, and ensure the normal operation of the management framework and risk control functions.

USI-CSR-Risk Management

Scope of Risk Management

We establish the risk categories after integrating the major risk sources of business operations and considering the feasibility of mitigating controls. Every year the working group of the CSR Committee conducts the questionnaire survey to identify risks. In 2021, we identified two emerging risks: transportation safety risk and environmental protection event risk. After combining with the 12 risks found in 2020, we identified the likelihood of occurrence and degree of impact. Each risk management unit periodically adjusts the controls with respect to the changes in the internal (external) operational environment.

Risk Management Matrix

USI-CSR-Risk Management

Operation of Risk Management in 2020

  • In December 2020, the President reported to the Audit Committee and board of directors the risks that USI was facing, mitigating controls, and performance of risk management.
  • In response to the COVID-19 risk in 2020, USI’s HR division initiated epidemic control across affiliates with respect to the “Guidelines for Enterprise Planning of Business Continuity in Response to the Coronavirus Disease 2019 (COVID-19)” established by the Central Epidemic Control Center (EPCC) and made timely updates of related controls according to the EPCC notices.
  • For more information refer to Operation of Risk Management in 2020

Information Security Policy

After establishing the ISO 27001:2013 information security management system (ISMS) in May 2015, we began to hold the management review meeting every year and hire external certification body to audit the performance of our ISO27001 ISMS. So far, we have passed the audit and verification of the British Standards Institution (BSI) for six consecutive years.

Based on five concurrent and continuous functions—Identify, Protect, Detect, Respond, Recover of the Cybersecurity Framework (CSF) developed by the National Institute of Standards and Technology (NIST) of the USA, we have established our feasible three-stage defense system covering feed forward control, concurrent control, and feedback control.

USI-CSR-Risk Management

Network defense-in-depth deployment

USI-CSR-Risk Management
USI-CSR-Risk Management