1. Risk Management Policies and Procedures
For the purpose of stable operation and sustainable development of the company, the company has formulated "Risk Management Policies and Procedures", which are supervised by the Audit Committee and approved by the Board of Directors on August 10, 2023 as the highest guiding principle of the company's risk management.
The company's risk management team regularly coordinates the planning and implementation of risk factor identification for each operating unit every year to identify relevant risks that may affect the sustainable development of the company, select risk management areas, and monitor potential risks based on the latest developments and standards requirements. Implement preventive measures to strengthen risk management; formulate risk management policies for various risks, covering management objectives, organizational structure, rights and responsibilities, risk management procedures and other mechanisms, and implement them to control various risks arising from business activities. acceptable range.
For the full text of the company's "Risk Management Policies and Procedures", please refer to the "Risk Management" section of the company's website:
Risk Management
2. Risk Management Structure
The company’s Risk Management Structure is as follows:
Board of Directors: The top governance unit of risk management, approving “risk management policies and procedures”. Audit Committee: Assist the board of directors in supervising the company's establishment of a risk management operation mechanism.Risk management team: The general manager serves as the convener, gathering managers at all levels to participate in promoting implementation, and integrating various risk issues through the "risk management team" for overall risk-related analysis, prevention and monitoring or major risk management and control issues, report the annual risk assessment and risk management operations to the board of directors at least once a year.Each operating unit: identify, analyze, evaluate and respond to risks within the unit, establish relevant crisis management mechanisms when necessary, and regularly report risk management information to risk management promotion and execution units.
3. Risk Management Operating Status in 2023
The company actively promotes the implementation of the risk management mechanism, which is supervised by the audit committee. The risk management team reports its operations to the board of directors at least once a year. The main operations in 2023 are as follows:
- 1. Formulate the company's "Risk Management Policies and Procedures" and organizational structure, submit them to the Audit Committee for review and supervision, and approve them by the Board of Directors on August 10, 2023.
- 2. Evaluate various risks faced by the company, including risk categories, management units, risk content and management and control mechanisms, identify the company's eight main types of risks for the current year, report the response actions in the above risk categories, and submit a report to the audit committee Supervision, and report to the board of directors on November 13, 2023.
Scope of Risk Management
In order to reduce the attack and impact of internal and external risks, the company identifies risks related to corporate governance and economic, environmental, social and other issues related to operations based on the principle of materiality and the company's business and operating characteristics, plans relevant management and monitoring measures, and conducts regular reviews risk management status and report it to the board of directors. The identified risk categories, risk content, control mechanisms and management units are summarized as follows:
| Item | categories | Risk content | Control mechanisms | management units |
|---|---|---|---|---|
| Governance | Strategy risk | The risk of losses caused by improper business strategies or changes in the company's operating environment. | Business report: The management team reports, communicates and discusses based on its business strategy and operating overview before each board meeting. Board of Directors Supervision: Board members make suggestions on the content of the management team’s reports based on their professional or expertise areas. If the goals and strategies involve possible projects that involve major operational risks, the board of directors will prioritize them. | CEO's Office |
| Operation risk | In the process of business operation, the risk of changes in corporate value arises due to uncertain factors and business decisions in production, supply, marketing, service and other processes, such as customer relationships, product safety, supply chain, and technological trends. | Each unit manages annual operating plans and goal achievement through operating meetings. Customer relations: Establish standards and customer complaint channels for products, services, personal information protection and other matters related to consumer rights, and conduct customer service training. Product safety: data management and quality information such as Department of Health license, manufacturing date, expiration date, product quantity, finished product inspection records, etc. Supply chain management: Prudently evaluate and actively develop new material sources, strengthen strategic supply chain partnerships; establish safety stocks and expiry date management to flexibly respond to market demand; grasp market conditions through business information collection or market research to respond in advance. Technology trends: Understand technological developments such as customer and terminal application needs, product applications and equipment upgrades to respond to rapid changes in the external environment; Understand the changes and dynamics of peers, markets, industries and customers in order to respond to and serve as services, technologies and products Development direction reference. | Ophthalmology Business Division Optometry Business Division | |
| Finance risk | Factors such as overall economic and industrial changes at home and abroad have an impact on the company's finances, such as interest rates, exchange rates, credit and solvency, liquidity risks, accounting policies and other risks. | Interest rate risk: Monitor changes in the interest rate market, grasp capital demand conditions, maintain good bank relationships, and strive for the best financing and deposit interest rates. Exchange rate risk: The company's main foreign currency translation adjustment is for long-term foreign investment positions; the receivables and payments generated from operations are currently mainly based on the receipt and payment of New Taiwan dollars in local market transactions and purchases through agents. Direct import and export and There are few external sales, so the impact of exchange rate risk is small. Credit risk: The recipients of payment are brand-authorized cooperative clinics (monitoring of monthly receivable statements) and customers of direct-operated optical stores (monitoring of daily cash/credit card statements). Financial changes: Regular financial statements monitor financial structure, solvency, operating ability, profitability, cash flow, etc. | Finance and Accounting Division | |
| Cyber security risk | The company's information system security fails, hackers attack, customers or employees' personal information is leaked, and corporate business secrets are stolen, resulting in risks to the company | Information security protection mechanism: Introduce ISO 27001 information security protection measures, and conduct vulnerability risk assessment and improvement for hosts/networks/applications; establish a file encryption mechanism, and plan secure cloud services to reduce the risk of sensitive data leakage; regularly Examine the weaknesses of the external service system and perform penetration testing and network risk detection tools, and make timely improvements to ensure the security of the external service system; conduct regular disaster recovery drills, strengthen the data security backup mechanism, and establish incident response capabilities to ensure the company's operational sustainability. Information Security Policy: A total of more than 20 specifications such as the "Information Security Policy" and related implementation procedures have been formulated and revised, and announced in the company's document management system for compliance. The "Personal Data Protection Act" has been formulated and revised to protect and manage personal information, and information and human resources are responsible for relevant protective measures. The legal department also implements business secret protection to ensure the implementation of confidentiality obligations. Information security risk awareness: Improve employee security risk awareness through education and training. As of August 2023, 296 people have completed training on the "Personal Data Protection Act", 293 people on "Information Security Promotion", and 292 people have completed training on the "Business Secrets Act". New employees will be trained one after another. | Information System and Equipment Division | |
| Legal compliance risk | Risks such as improper conduct, illegal infringement, transaction risks, intellectual property infringement and other risks. | Implementation of honest management: We have established the "Code of Integrity Management", "Code of Ethical Conduct", and "Promotion and Reporting System of Ethical and Moral Standards for Employees" to regularly promote the values and corporate culture of honest management, and guide the company's colleagues to behave ethically standards to avoid illegal activities. Internal control and internal audit operation: The internal control process controls the company's transactions, projects, risks or disputes, and timely discovers and tracks improvements through internal audit. Full-time legal function: providing legal consultation and handling suggestions on legal compliance, disputes and litigation, investment and mergers and acquisitions, intellectual property management and other matters. Contract Seal Intellectual Property: Manage the signing status of various types of company contracts and control related risks through the contract system; and supervise and manage the issuance, use, abolition and other matters of the company's seal through the seal management system to reduce the overall risk of the company. Legal risks; formulate "Intellectual Property Rights Management Measures" and conduct regular inventory of intellectual property and confirm validity. | CEO’ office Each operational units | |
| Social | Occupational safety risk | The working environment includes issues related to the working environment of employees or suppliers, occupational safety, health and health, product management, safety protection and emergency response, and risks to the company caused by personnel misconduct or mistakes. | Improve occupational safety management: The company promulgated the "Occupational Health and Safety Management Manual", "Human Hazard Prevention Plan", "Abnormal Workload-Promoted Disease Prevention Plan", "Unlawful Infringement Prevention Plan during the Performance of Duties", etc. , there are relevant regulations for labor safety and health measures, including accidents, fire safety, electrical work safety, machine equipment work safety, first aid and rescue, preparation, maintenance and use of protective equipment, accident notification and reporting, etc. Monthly occupational safety promotion, on-the-job education and training for new employees, as well as related drills and environmental safety inspections. Implement contracting management: For cooperative clinic/store decoration and other manufacturers, set regulations in accordance with labor safety, health, environmental protection and other laws and regulations, include them in the contracting contract, and check from time to time during the project whether the manufacturers have carried out the work in accordance with the regulations. Promotion and implementation. Employee physical and mental health: pre-treatment of emerging infectious diseases, annual employee health examinations, subsidized employee travel, monthly birthday parties, etc. | Store Expansion and Construction Division Human Resources and Administration Division |
| Labor dispute risk | Risks such as labor tension, forced labor, workplace discrimination, human rights issues, recruitment shortages, and brain drain. | Labor-management communication channels: regular labor-management meetings, establishing communication channels and employee grievance mechanisms to promote harmonious labor-management relations. Workplace-friendly protection: Strengthen management measures for the collection, processing and utilization of personal data, continue to improve written regulations and respect the rights and interests of employees (parties). Selection and retention system: strengthen the diverse channels and equality of personnel recruitment, the planning and implementation of education and training, and the fair and appropriate performance evaluation and promotion system. Compliance with labor laws and regulations: Ensure that existing human resources management procedures and related administrative operations comply with legal requirements. | Human Resources and Administration Division | |
| Environmental | Climate change | response to issues related to climate change and natural disasters, greenhouse gases, carbon emission management, energy use and other related issues, as well as the need to comply with international norms and local government laws, may have risks that may affect the company. | Climate-related implementation: The physical risks of natural disasters (such as floods and droughts) caused by global climate warming will expose enterprises to operational pressures and impacts, as well as the transformation risks of increasing the proportion of renewable energy use due to government regulations and international initiatives (Taiwan Electric Power Will increase costs due to upgrading and use of renewable energy). Based on its own business characteristics, it conducts annual climate risk and opportunity identification and climate change-related response actions as recommended by TCFD, including governance, strategy, climate risk and opportunity analysis, climate scenario analysis, risk management, indicators and goals. Carbon emission management: regularly establish carbon inventory and carbon emission estimation, as well as specific reduction indicators. Promote power energy-saving projects and set carbon reduction performance indicators to facilitate carbon emission management. Implement "ESG Procurement": Promote ESG management points to suppliers, set ESG supply chain performance indicators, and respond to the international initiative SDGs sustainable development goals. | Store Expansion and Construction Division Governance and Sustainable Development Office |