Risk Management | ACER ESG

Home

ESG Governance

Commitment and Implementation

Risk Management

Acer's corporate philosophy is based on the ultimate goal of “sustainable development.” We believe that rigorous and pragmatic risk management not only reflects Acer's persistent commitment to our customers, employees, supply chain partners and investors, but also to our long-term commitment to ensuring sound business performance and compliance of corporate social responsibility. It is also a concrete act of ensuring sound business performance and fulfilling corporate social responsibility. The relationship between sustainable corporate development and risk management is intricate. Only by continuously identifying and analyzing the short-term dynamic changes and long-term trends of risks and implementing relevant risk management strategies, and by establishing a risk-conscious corporate culture through frank internal communication and training programs, can we ensure our hard-earned business results and achieve our goal of "sustainability."

Risk Management

To realize the vision of sustainable development and establish a risk-conscious corporate culture, the Company not only follows the relevant risk management measures under the organizational management system and operational processes at all levels, but also commits to continuously improve the Company's risk management practices through the participation of senior managers, using international standards such as ISO 31000:2018 risk management system and the Corporate Risk Management Integrated Framework (COSO ERM 2017) issued by the National Council on Fraudulent Financial Reporting (NCFR) as references. The Company will continue to improve its risk management practices through the participation of its senior management, and will establish a risk management policy based on international standards such as ISO 31000:2018 risk management system and COSO ERM 2017, which was approved by the Board of Directors on March 16, 2022.

Acer takes a proactive and cost-efficient approach to manage risk. The risk management scope is based on strategic, operational, financial, disaster and climate change risk components, and regular overall assessment of the internal and external business environment (external business environment assessment includes various external international risk reports and relevant reports/research results of the insurance industry/risk management consultants for the purpose of assessing the integrity of risk perception) and establishing a risk radar.

The Acer Risk Radar for 2022 identified 19 internal risks and 26 external risks, totaling 45 risks, through the aforementioned process. Risk Prioritization and Risk Appetite are conducted for the purpose of business growth and effective resource allocation, and corresponding risk management strategies and preventive/mitigation measures, implementation mechanisms and responsible organizations are formulated to ensure that the relevant key risks are effectively controlled and responded to appropriately. To continuously monitor and strengthen risk management practices and response measures, the Audit Committee evaluates and incorporates them into the regular agenda based on the importance and urgency of the risk ranking, and decides on the reporting issues and the responsible units. The Audit Committee regularly summarizes the risk environment, risk management priorities, risk assessment results and related countermeasures together with information security risk management implementation in the Board of Directors' report (at least once a year).

Scope of Acer Risk Management

Acer Risk Management Organization Structure

Risk Management Procedures

o achieve our vision of sustainable development and establish a corporate culture that prioritizes risk awareness, the Company not only adheres to organizational management systems and operational procedures at all levels to implement relevant risk management measures, but also strives for continuous improvement in our risk management practices through the active involvement of senior executives. We rely on international standards such as the ISO31000:2018 Risk Management System and the Enterprise Risk Management - Integrated Framework (COSO ERM 2017), as recommended by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), to guide our efforts. In line with this commitment, the Company has developed risk management policies, which was approved by the Board of Directors and implemented on March 16, 2022.。

The Company's scope of risk management encompasses major risk aspects of strategic risks, operational risks, financial risks, disaster risks, information risks, climate change-related risks, and other emerging risks. We strictly adhere to the provisions of relevant laws and regulations and follow a cyclical process of identifying, analyzing, evaluating, responding to, monitoring, and reviewing risks in order to effectively manage them. We are committed to continuously enhancing our risk management practices through ongoing learning and experience.

01 | Risk identification

Risk identification utilizes risk management tools and is informed by past experiences,information, and assessments of internal and external risk factors, as well as stakeholder concerns. By conducting a thorough analysis and discussion from both a bottom-up and top-down approaches, potential risk events that could impede the Company's objectives or result in losses or negative impacts are identified.

02 | Risk analysis

To conduct risk analysis, it is important to establish appropriate quantitative or qualitative measurement standards based on the Company's risk characteristics. The Risk Management Working Group should have a thorough understanding of the nature and characteristics of identified risk events. This analysis should consider factors such as the effectiveness of existing control measures, past experiences, and cases within the industry. By analyzing the probability and impact of risk events, the risk value can be calculated.

03 | Risk assessment

The purpose of risk assessment is to provide businesses with a foundation for making decisions. By comparing the results of risk analysis with risk appetite, priority can be designated to the management of risk events and serve as a guide for selecting subsequent response measures.

The Risk Management Working Group should develop and execute risk response plans based on the results of the risk analysis, in alignment with the approved risk appetite set by the Risk Management Committee.The results of the pertinent risk analysis and assessment should be accurately documented and submitted to the Risk Management Committee for approval.

04 | Risk responses

The purpose of risk assessment is to provide businesses with a foundation for making decisions. By comparing the results of risk analysis with risk appetite, priority can be designated to the management of risk events and serve as a guide for selecting subsequent response measures.
The Risk Management Working Group should develop and execute risk response plans based on the results of the risk analysis, in alignment with the approved risk appetite set by the Risk Management Committee.
The results of the pertinent risk analysis and assessment should be accurately documented and submitted to the Risk Management Committee for approval.

05 | Risk monitoring and review

The risk monitoring and review mechanism should thoroughly examine whether the risk management process and relevant risk strategies are being continuously and effectively implemented. The Company should also ensure that risk management is connected to the key processes within the organization to effectively supervise and enhance its implementation.

Three Layers of Defense Structure for Risk Management Organization

Risk Identification and Management Effectiveness in 2023

The Company identifies, evaluates and discusses potential and emerging corporate risks in three major areas: environmental, social and corporate governance. Risk management organizations use the Risk Map to assess the potential threat level of each risk to the company's future operations based on the likelihood of occurrence of each risk and the degree/severity of loss that may be caused once the risk occurs, and to prioritize risk management strategies by classifying the risk level. We also use Sensitivity Analysis and Stress Test to further quantify and analyze the risks and examine whether there is a high correlation between the risk factors. The Risk Map for 2022 includes six risk items with a medium to high level, including geopolitical risk, information security risk, inventory risk, ICT market downside risk, downtime/operational disruption, and ESG-related risk (Refer to the 2022 Risk Map for details).

The Risk Management Working Group compiles the results of the aforementioned analyses and tests, draws up a follow-up implementation plan, and reports them to the Risk Management Committee on a regular basis (quarterly); in 2022, the Risk Management Working Group has a total of 16 departments/units to coordinate with. To integrate the implementation of ERM with the daily operation procedures of each department/unit and the Business Objective, each department/unit first compiles 46 Key Performance Indicators (KPIs) and then develops/identifies 82 Risk Scenarios that may actually cause operational impacts on the aforementioned KPIs. Based on the identified and analyzed risk items, the relevant department staff are assigned to prepare the subsequent risk management strategy and related implementation plan (Risk Mitigation), including the common risk management responses in practice: Loss Prevention, Avoidance, Separation & Duplication, Transfer and Retention. Duplication, Transfer, and Retention, etc., and evaluate the appropriate resource input, implementation priorities, and follow-up progress tracking methods. At the same time, we have developed the Incident Response and Crisis Management plans to minimize the negative impact of potential risks on our business objectives and to strengthen the risk resilience of our overall operations. The aforementioned risk management strategy and related implementation plan are based on the cycle of Plan, Do, Check, and Action, and the effectiveness of the risk management plan and the room for improvement are reviewed periodically during the working group meetings for continuous adjustment/refinement. Finally, progress reports on material risk information and corporate risk management operations are made regularly to the Risk Management Committee and the Audit Committee.。

In summary, we continue to actively engage in risk management activities with a proactive approach to address current and future risks and challenges in a prudent manner. The Audit Committee also summarizes the risk environment, risk management focus, risk assessment results and the corresponding response measures, which are reported by the Chairman at the Board of Directors' meeting.

2023 Risk Map

Risks are ranked based on their severity/likelihood. The more severe a risk is, the further to the right it is placed on the risk scale. Likewise, the higher the likelihood of a risk, the higher it is placed on the risk scale.

Note：
- The process of identifying/analyzing risks is initiated in the fourth quarter of each year and completed in the first quarter of the following year.
- The risk map presents the results of risk ranking and risk level scoring based on the 2023 risk radar chart.
- Materiality analysis is a crucial component of the Enterprise Risk Management (ERM) integration process. Therefore, ESG-related risks,compliance requirements, human rights issues and other factors have been integrated into the procedures for identifying, analyzing,assessing, and implementing response measures for risks.
- Risk Item Codes: (S) - Strategic Risk, (O) - Operational Risk, (F) - Financial Risk, (H) - Disaster Risk. The numbers represent the serial number in the risk register database, and are not related to the risk level.

Connections between Risk Management Procedures and Internal Control and Internal Audit Systems

In addition to reporting to the highest governing body of the Company's risk management, namely the Board of Directors/Risk Management Committee, the internal audit officer also attends the quarterly Risk Management Executive Committee meetings in an observer role. The personnel of each department/unit regularly identify and record all major risks and their corresponding control measures, and review the effectiveness of the controls in the annual internal control self-assessments.

In 2024, the Company plans to hire a third-party international risk management consultant to validate and ensure the effectiveness of our risk management system/procedures. This verification will be conducted in accordance with the ISO31000:2018 Risk Management System and the Enterprise Risk Management - Integrated Framework (COSO ERM 2017) developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Upon completion, the aforementioned third-party consultant will provide an ERM compliance certification.

Emerging Risks

Emerging Risks	Risk Description	Potential Impact	Responsive Measures
Geopolitics/economy Risk Level-High Likelihood - high Severity - high Risk appetite – Geopolitics/economy includes major compliance, information security and other aspects,the overall risk appetite is low based on Acer RAS	The current global geopolitical and geoeconomic risks are primarily evident in the following areas: Intensification of strategic competition between China and the United States. As the world's two largest economies, the competition between China and the United States in the fields of economy, technology, and military is becoming increasingly intense. The direction of China-US relations will significantly impact the global geopolitical landscape. Continued war between Russia and Ukraine. The Russia-Ukraine war is the largestscale military conflict in Europe since World War II. The ongoing war not only severely impacts the global economy but also exacerbates turbulence in global geopolitics and geoeconomics. Israel-Hamas conflict and the Red Sea crisis. The Israel-Hamas conflict and the Red Sea crisis are major geopolitical risks in the Middle East region. Escalation of the Israel-Hamas conflict could trigger a large-scale war in the region, while the Red Sea crisis could threaten global energy security. Global supply chain restructuring. The global supply chain is undergoing reconstruction due to the impact of COVID-19 and the Russia-Ukraine war. The regionalization, diversification, and fragmentation of the supply chain will have farreaching implications for the global economic landscape.	Increase in production/procurement costs: Geopolitical/geoeconomic risks may result in price increases in strategic resources and higher trade costs, thereby raising the production costs of technology products. Potential disruptions in the supply chain that affect the availability of technology products. The Russo-Ukrainian war has caused global energy prices to rise, which also impacts the supply of global technology products. The global supply chain is becoming more complex, making it more vulnerable to the impact of geopolitical/geoeconomic risks. For instance, the supply chain of global technology products involves multiple countries and regions; if a country or region experiences political turmoil or natural disasters, it can lead to disruptions in the supply chain that affect the availability of technology products Impediment to technological innovation: Geopolitical/geoeconomic risks can hinder technological cooperation and brain drain, thereby impeding technological innovation. Exacerbation of market volatility: Geopolitical/geoeconomic risks can cause a decline in investor confidence and increased market volatility, thereby impacting the financing and development of technology companies.	In the aspect of the supply chain: Disperse ODM production bases to India, Southeast Asia, and other countries/regions that meet the assessed conditions. Reduce dependency on critical components. Continuously monitor the market and provide real-time alerts. Maintain a safe inventory level. In the aspect of financial market/finance: Estimate cash flow and optimize operational fund allocation. Prepare at least two additional banks, in addition to the main correspondent bank, as backups Maintain a safe level of liquid assets and cash. Conduct foreign exchange hedging operations. Establish standards for foreign exchange hedging principles, tools,and level of authorities. Adjust transaction currencies to currencies with lower volatility and hedging costs.
Emerging Technologies/Transition (e.g.,AI Risk level – medium-high Likelihood – medium-high Severity - high Risk appetite- the overall risk appetite is low based on Acer RAS	Emerging technology development/transition refers to the adoption of emerging technologies by companies to improve existing businesses or develop new ones.However, emerging technology development/transition, such as AI, may bring the following risks: Security risks: AI systems may be hacked or maliciously used, resulting in data leaks, system paralysis, and other damages. For example, hackers can attack the AI system's database and steal sensitive data, or exploit vulnerabilities in the AI system to launch DDoS attacks, causing system paralysis. AI technology may also be used for military or terrorist activities, posing security threats. For example, AI technology can be used to develop autonomous weapons, making wars even more deadly, or AI technology can be used to create fake news or false propaganda. Reliability risks: AI systems may experience errors or failures, leading to decision-making mistakes or unexpected accidents. For example, autonomous vehicles may cause traffic accidents due to system failures, or medical diagnosis systems may delay patient treatment due to incorrect diagnoses. Bias risks: AI systems may have biases, resulting in discrimination or unfair treatment towards specific groups. For example, AI systems used for recruitment may have biases against women or ethnic minorities, or AI systems used for credit rating may have biases against low-income individuals. Privacy risks: AI systems may infringe on personal privacy. For example, facial recognition systems can collect and analyze individuals' facial data for tracking or monitoring purposes, or voice assistants can collect and analyze individuals' voice data for targeted advertising.	Technical aspect: Emerging technologies may still be immature, with technical defects or instability. Market aspect: The market for emerging technologies may not have formed yet,with uncertainties in demand or intense competition. Management aspect: Companies may lack the experience and capability to manage emerging technologies, leading to project failures or cost overruns. Legal and regulatory aspect: Emerging technologies may face uncertainties in laws and regulations, resulting in legal disputes or regulatory penalties for companies. Brand aspect: Consumers demand compensation arising from product liability and personal data-related responsibilities, as well as subsequent negative impacts on brand image, may be severe.	Regularly visit customers/distributors. Monitor the activities of competing companies. Track technological developments. Conduct experimental analysis to assess the feasibility of new technology and review data on technical completion and stability. Stay updated on regulatory changes by legislative authorities Seek professional advice from external experts.
Green Inflation Risk level – medium-high Likelihood – high Severity – medium-high Risk appetite- the overall risk appetite is medium-low based on Acer RAS	Green inflation refers to the increase in prices caused by factors such as rising production costs and disruptions in the supply chain during the process of promoting green transformation. The potential risks of green inflation include the following: Intensifying inflationary pressures:Green inflation will intensify existing inflationary pressures, leading to price increases and reducing people's purchasing power. For example, the implementation of carbon pricing will raise production costs for businesses, resulting in higher product prices. Similarly, the development of green energy requires significant investment, which can also drive up energy prices. Impact on economic recovery:Green inflation will increase the cost burden on businesses, affecting economic recovery. For instance, businesses need to invest funds in green transformation, which can lower their profitability. Additionally, the implementation of green policies can increase compliance costs for businesses, impacting their competitiveness. Exacerbating social inequality:Green inflation may worsen social inequality, with low-income groups experiencing greater impacts. For example, low-income groups may find it more difficult to afford the costs of green products and services. Furthermore, the implementation of green policies may lead to an increase in the unemployment rate among low-income groups.	Inflation refers to the phenomenon of a continuous increase in the overall price level. It has several impacts on the operations of companies in the technology industry, which are mainly manifested in the following aspects: Increased production costs: Inflation leads to price increases in raw materials, labor, energy, and other production factors, thereby increasing the production costs of technology products. For example, semiconductor manufacturing requires a large amount of raw materials and energy. If the prices of these raw materials and energy increase, it will result in an increase in the production costs of semiconductor chips • Impact on demand: Inflation leads to a decrease in consumer purchasing power, thereby affecting the demand for technology products. • Impact on profitability: Inflation leads to an increase in production costs and a decrease in demand for companies in the technology industry, thereby affecting their profitability	Real-time production and sales reports and alerts. Improving component interoperability. Enhancing the management of special components.
Key Talent Risk Risk level – medium Likelihood – medium Severity – medium-high Risk appetite- the overall	The scarcity of key talent can hinder industrial development and impact economic growth. For instance, in the technology industry, the lack of software engineers, data scientists, and other key talent can impede technological innovation and industry upgrading. Similarly, in the manufacturing industry, the absence of highly skilled labor can affect production efficiency and competitiveness. Moreover, in the high-tech sector, the long-term trend of talent shortage and declining birth rates often results in significant increases in compensation for highly skilled professionals, while the wages for low-skilled labor tend to stagnate, leading to widening income disparities.	Insufficient research and development manpower is affecting product innovation and competitiveness. Rising production costs are impacting profitability Declining operational efficiency is affecting enterprise value (such as decreased productivity as well as inferior customer service quality).	Expand the channels or opportunities for talent acquisition, such as Acer Group's annual campus recruitment event starting in every March. Continuously optimize the talent recruitment process. Evaluate the salary structures for relevant positions to ensure competitiveness in the industry. Assess the feasibility of offering sign-on bonus, additional benefits, or incentive measures. Enhance collaboration with globally recognized recruitment channels to ensure the recruitment of top talent. Highlight Acer Group's ESG sustainable business philosophy and its diverse business engine.
Strategic Resource Competition: Minerals, Energy, Food, and Water ChainRisk level – medium Likelihood – medium- high Severity – medium Risk appetite – the overall risk appetite is medium based on Acer RAS	The competition for strategic resources refers to conflicts and disputes among countries over the control of resources that are of significant importance to national security and economic development, including minerals, energy, food, and water. The potential risks of this competition include the following: Triggering regional conflicts:The competition for strategic resources may lead to regional conflicts and even wars. For example, in the Middle East, the competition for oil resources has been a major cause of multiple wars. Similarly, in Africa, the competition for water resources has resulted in numerous armed conflicts. Exacerbating global inequality:The competition for strategic resources can worsen global inequality, widening the gap between wealthy and poor countries. Wealthy countries can leverage their economic and military advantages to control more strategic resources, while poor countries may face resource scarcity. Damaging the global ecological environment:The excessive exploitation and utilization of strategic resources can harm the global ecological environment, leading to issues such as climate change and resource depletion. For instance, mining activities can cause environmental pollution, the development of energy resources can increase greenhouse gas emissions, and the excessive consumption of food and water can deplete resources.	The increase in production costs and the rise in prices of strategic resources will lead to higher production costs for companies in the technology industry, which will affect their profitability. The interruption of the supply of strategic resources in the supply chain will result in production disruptions for these companies, impacting their operational efficiency.	Diversify suppliers. Enhance supply chain resilience. Research/adopt alternative technologies.