Risk Management
Chia Hsin Cement Group adopts a prevention-centered approach to risk management and promotes a top-down risk management culture. Responsibilities are clearly defined among functional committees under the Board of Directors, including the Risk Management Committee and the Sustainability Committee. The Crisis Management Team and the Information Security Management Committee operate as part of the Company’s overall risk governance framework. Through this governance structure, the Company strengthens its overall risk control mechanisms. In addition, a comprehensive internal control system is in place, supported by regular audits to ensure effective implementation.
Risk Management Policy
In 2020, Chia Hsin Cement Group established its Risk Management Policy. To further enhance and institutionalize a comprehensive risk management system, the policy was revised in 2023 with reference to ISO 31000:2018 Risk Management, COSO’s Enterprise Risk Management Framework, and the “Risk Management Best Practice Principles for TWSE/GTSM Listed Companies.” The revised policy clearly defines the Company’s enterprise risk management (ERM) governance structure, as well as the risk management roles and responsibilities across the governance level and the three lines of defense. On December 12, 2024, the Board of Directors (BOD) approved the establishment of a Risk Management Committee to oversee risk management-related operational mechanisms, further enhancing the functionality of risk management. For detailed information, please refer to the “Risk Management Policy and Procedures”.
Risk Management Framework
- The BOD serves as the highest governing body for risk management. It approves risk management policies and related regulations, oversees the overall implementation of risk management, and maintains effective risk control.
- The Risk Management Committee assists the BOD in carrying out its risk management duties and supervises the risk management taskforce conducting comprehensive assessments of the company’s strategies, operations, legal compliance, finance, and other risks (including environmental, energy, and emerging risks , among others.) In response, the risk management taskforce reports the risk management operations to the Risk Management Committee and the BOD at least twice a year.
- The risk management taskforce is responsible for planning, implementing, and overseeing risk management-related matters. Its members are equipped with diverse professions from different departments, including macroeconomics, strategic management, investment, risk management, internal audit, human resources, finance, legal affairs, and sustainable development. This composition ensures various perspectives contribute to more comprehensive opinions during discussions and execution.
- Each operating unit (including subsidiaries):
- Responsible for risk identification, analysis, assessment, and response.
- Regularly report risk management information to the risk management taskforce.
- Maintain the implementation of risk management effectiveness and related control procedures in accordance with the risk management policy.
- The Auditing Office is an independent organization in the company affiliated with the BOD. Annually, it reviews whether the risk management taskforce enforces the identification, analysis, assessment, and response to various risk items consistent with risk management policy and procedure. During the execution of the annual audit plan, it also verifies the effectiveness of risk management activities to assist in properly managing significant operational risks
Risk Management Procedures
① Event Identification
- Based on company strategic objectives and business scope, each operational unit should consider internal and external risk factors, analyze stakeholder concerns, and comprehensively identify potential risk events that might hinder our company to achieve objectives or result in losses or negative impacts.
② Risk Analysis
- The Risk Management Taskforce develops appropriate quantitative or qualitative measurement criteria based on the Company’s risk profile, which serve as the basis for risk analysis.
- Each operational unit recognizes the features of identified risk events, considering the completeness of existing control measures, past experiences, industry cases, and other relevant factors. Subsequently, an analysis of the impact and likelihood of these risk events is conducted to calculate risk values.
③ Risk Assessment
- The results of risk analysis are compared with the risk appetite approved by the Risk Management Committee to determine risk events requiring priority handling. Responsible units then plan and implement subsequent risk response actions based on the assessed risk levels.
④ Risk Response
- Develop appropriate risk response action plans, ensure that relevant personnel are fully informed and responsible for their implementation, and continuously monitor execution progress.
- After considering the Company’s strategic objectives, internal and external stakeholder perspectives, risk appetite, and available resources, appropriate risk response strategies are selected to achieve a balance between objective attainment and cost-effectiveness.
⑤ Risk Monitor and Report
- Thoroughly review whether the risk management process and related risk measures continue to operate effectively, and to incorporate the review results into performance evaluation and reporting. The processes and outcomes of risk management execution are documented, reviewed, and reported, with relevant records properly retained for reference. The Risk Management Taskforce also reports regularly to the Risk Management Committee and the Board of Directors to ensure effective oversight and execution of risk management.
Status of Risk Management in 2025
- External professional consultants are engaged to provide guidance and oversight of the Risk Management Taskforce’s operational processes and reports.
- In 2025, external professional consultants provided guidance for the strategic risk enhancement project.
- The Risk Management Taskforce conducts risk management oversight and reviews on a semi-annual basis. The risk management review reports for the second half of 2024 and the first half of 2025 were submitted to the Risk Management Committee on March 27, 2025 and August 28, 2025, respectively. In addition, an annual report summarizing the overall risk management outcomes is presented to the Risk Management Committee and the Board of Directors at the beginning of each year.
- The 2026 Risk Assessment Report was presented to the Risk Management Committee and the Board of Directors on December 11, 2025, and the risk appetite was approved accordingly..
Risk Trainings in 2025
| Course Content | Hours | Target participants |
| Strengthening Organizational Resilience through Dual-Axis Transformation: AI Governance and Sustainability Governance | 3 hours | All the board members, department heads, and designated colleagues |
| Opportunities and Challenges of Generative AI for Enterprises | 3 hours | All the board members, department heads, and designated colleagues |
| Intellectual Property and Legal Compliance Governance in the AI-Driven Era: Challenges and Responses | 3 hours | All the board members, department heads, and designated colleagues |
| Monitoring and Responding to Global Economic and Geopolitical Risks | 3 hours | All the board members, department heads, and designated colleagues |
| Risk Assessment Interviews and Discussion Meetings (#) | 18 hours | Head of each business unit (BU), department heads, designated personnel, and the risk management taskforce |
| Review of Risk Management Fundamentals | 1 hour | The Risk Management Taskforce, Head of each business unit (BU), department heads, designated personnel |
- (Note) In order to establish effective risk awareness and risk culture, external consultants were commissioned in 2025 to conduct 6 risk assessment workshops. During the workshops, colleagues actively discussed the content of the questionnaire, achieving consensus, confirming any oversight, and conducting risk assessments.
Important Risks and Emerging Risks*
| Risk Description | Impact | Effectiveness | Possibility | Solution |
| Building durability, safety, and legality | Revenue reduction / Employee safety / Capital expenditure | Medium | Medium | ● Chia Hsin Building Front Wing Exterior Wall, Stairwell, Landscaping, and Road Renovation Project. |
| *Policy changes towards achieving net-zero carbon emissions by 2050 | Revenue reduction / Increased operational costs/ Corporate reputation | Medium | Medium | ● Actively seek new business opportunities and development directions. ● Negotiate contract modifications with the Taiwan international ports corporation timely based on market demands and development trends. ● Track and understand government policies and regulations, and duly propose responsive measures. ● Implement carbon reduction plans to support the achievement of the Company’s SBTi commitments. |
| Extreme climate | Property losses / Employee safety / Impact on operations | Medium | Medium | ● Establish comprehensive plans for ongoing operations, crisis management, and response plan, also conduct regular reviews. ● Periodically assess and enhance the resilience of infrastructure. ● Increase or ensure that insurance coverage meets the requirements. ● Comply with regulatory authority requirements by adopting the International Sustainability Standards (IFRS S1/S2) and disclosing relevant information in financial statements. |
| Labor shortages due to issues such as declining birth rates and regional factors | Impact on operations | Medium | Medium | ● Industry-Academia Collaboration Enhancement Program. ● Joint Recruitment Participation and Brand Promotion Enhancement. ●In-Home Babycare Program Planning. |
| Business continuity risks triggered by external factors such as diasters, accidents, or infectious diseases | Equipment losses/ Revenue reduction / Impact on reputation | High | Medium | ● Establish comprehensive plans for ongoing operations, crisis management, and response, and conduct regular reviews. ● Build a diversified supply chain. ● Regularly organize training courses and exercises to enhance employee response capabilities. ● Establish effective internal and external communication mechanisms to ensure accurate and timely dissemination of emergency messages and response measures. |
| Competitive Risk from Industry Peers | Increased operational costs / Impact on reputation | High | Low | ● Continue to maintain favorable relationships with upstream suppliers and strengthen strategic partnerships to jointly address competitive market challenges. |
| Strategic new market expansion risk | Property losses/ Impact on reputation | High | Medium | ● Leverage external professional consultants' expertise and internal management team capabilities to deliver accurate market analysis and operational insights, minimizing unnecessary time costs and related expenses. ● Expand existing postpartum care center services by developing complementary business lines and utilizing our professional team's strengths and comprehensive service portfolio to offer differentiated services. ● Expand evaluation of new care facilities: broaden target customer segments, integrate with wellness businesses, and provide service formats rarely found in the market to extend business reach. |
