Chapter 3 Organization Structure and Duties of Risk Management |
| Article 10 | (Risk management organization structure)
In addition to the board of directors being the top governance unit of risk management, a TWSE or TPEx listed company may, taking into account the scale, business features, risk nature, and operating activities of the company, also establish a risk management committee under the board of directors and appoint an appropriate risk management promotion and enforcement unit.
|
|
| Article 11 | (Establishment of a risk management committee)
To ensure sound and strong risk management, it is advisable for a TWSE or TPEx listed company to take into account its scale, business features, risk nature, and operating activities and establish a risk management committee under the board of directors to oversee the operation of risk management. It is advisable that a majority of the committee members be independent directors and that the committee be chaired by an independent director.
The risk management committee is accountable to the board of directors and shall submit all proposals to the board of directors for resolution.
The risk management committee shall enact a committee charter, for which a resolution of the board of directors shall be passed. Said charter shall include the number, tenure, and authoritiesof members, rules of procedure of the committee, and resources to be made available by the company when the committee exercises authority.
A TWSE or TPEx listed company may also consider its scale and replace the functions of the risk management committee with other functional committees or task forces.
|
|
| Article 12 | (Establishment of a risk management promotion and enforcement unit)
A TWSE or TPEx listed companyshall designate or establish an appropriate risk management promotion and enforcement unit to be in charge of planning, enforcing, and overseeing risk management related affairs. Said unit may be in the form of a dedicated unit appointed or be composed as a task force, taking into account the scale, business features, risk nature, and operating activities of the company.
|
|
| Article 13 | (Duties and role of the board of directors)
The duties and role of the board of directors are as below:
- approve the risk management policy, procedures, and structure;
- ensure consistency between the direction of operational strategy and the risk management policy;
- ensure an appropriate risk management mechanism and risk management culture have been established;
- oversee and ensure effective operation of the entire risk management mechanism;
- allocate and designate adequate and appropriate resources for effective operations of risk management.
|
|
| Article 14 | (Duties and role of the risk management committee)
The duties and role of the risk management committee are as below:
- examine the risk management policy, procedures, and structure, and review their applicability and the effectiveness of their enforcement on a regular basis;
- approve the risk appetite (risk tolerance) to facilitate allocation of resources;
- ensure the risk management mechanism is able to address adequately risks faced by the company and incorporate the mechanism in day-to-day operating procedures;
- determine the priority order and risk levelof risk control;
- examine the enforcement of risk management, propose necessary recommendations for improvement, and report to the board of directors on a regular basis (at least once a year);
- enforce the risk management policy of the board of directors.
|
|
| Article 15 | (Duties and role of the risk management promotion and enforcement unit)
The duties and role of the risk management promotion and enforcement unit are as below:
- devise the risk management policy, procedures, and structure;
- determine the risk appetite (risk tolerance) and developqualitative and quantitative metrics;
- analyze and identify sources and types of company risks and review the relevant applicability on a regular basis;
- compile and present a company risk management enforcement report on a regular basis (at least once a year);
- assist with and oversee the conduct of each department's risk management activities;
- coordinate interdepartmental interaction and communication in regard to risk management;
- enforce the risk management policy of the risk management committee;
- devise risk management related training programs to enhance overall risk awareness and culture.
|
|
| Article 16 | (Duties and role of operating units)
The duties and role of an operating unit are as below:
- responsible for identification, analysis, and assessment of, and response to, risks of the unit to which it belongs, and create the relevant crisis management mechanism where necessary;
- present risk management information to the risk management promotion and enforcement unit on a regular basis;
- ensure effective enforcement of risk management and relevant control procedures of the unit to which it belongs, to ensure compliance with the risk management policy.
|
|