Enterprise risk management

 

Primax's main purpose for implementing ERM was to develop a robust system that supports its sustainability goals, addresses aspects of customers' concern and conforms with international trends. A risk assessment team was subsequently assembled under board of directors' authority to establish risk management system, perform operational risk assessments and devise response strategies according to the requirements of ISO 31000.

Primax adopted "Enterprise Risk Management" (ERM) in accordance with ISO 31000 - Risk Management in 2018, and assigned the CSR Office to serve as consultant and the COO Office to oversee execution. A task force comprising representatives from IT, legal & intellectual property rights, quality assurance, human resources, finance, supply chain management, public relations, procurement and internal audit has been assembled to perform regular analysis and review of operational risks. The task force produces risk management plans for review by the COO, who then reports to the board of directors.

Through the above risk assessment and management practices, we aim to identify risks that may impact business continuity and take pro-active measures to mitigate or eliminate risks over the long term. The board of directors has agreed to perform overall assessments once every two years. Main risks identified in the 2019 assessment are being followed up with strategies formulated to address legal requirements, customers’ requirements, stakeholder communication, and social trends. Backed by confirmation of senior managers, the CSR Office reports to the board of directors on the latest risk management status, plans and execution of mitigation measures.

After going through the risk management process, we have identified the following risks that Primax is currently susceptible to: (1) Information security and customers privacy control, (2) Product and production procedures, and (3) Workplace fire safety measures. The risks identified and corresponding response plans are presented in the following table. For operational risks and response strategies, please refer to "P91~P94 of the 2019 Annual Report."