22fun

Risk Management»Corporate Governance Aspect»Asset Risk Management

Asset Risk Management

• Aside from following past practices of insuring tangible assets (e.g., buildings, equipment, inventories, logistics cargo) and intangible assets (e.g., information security, accounts receivable) against risks in accordance with or exceed industry standards, the Company has also facilitated sound self-risk management practices and conducted risk audits and training. During the year, asset risk management tasks that the team has completed are outlined as follows:
• A. Tangible Assets Management:
• Assets with economic value are inventoried on a regular or irregular basis to confirm the correctness of the number of entities and their values, and corresponding insurance is in place to achieve risk transfer.
• Risk audit and self-inspection on the Company’s operations in Taiwan: the Company's internal specialized unit conducts regular self-inspections on all tangible assets to ensure normal and safe operations. Further, post-earthquake inspections was performed on sites located in Taiwan in April, 2024 to verify asset risks at the manufacturing end, and the inspection results show no impact on the production.
• Risk audit and self-inspection operations in Mainland China, Mexico, and Thailand: considering the distance, in addition to the self-inspection operations carried out by on-site personnel, the Company also has entrusted local risk management experts to conduct supervision and inspection for fire safety and major power equipment on both sites to avoid relevant issues to increase operational risks. Further, asset risk assessments were completed at sites located in Shanghai and Chongqing by external experts in 1Q 2024 and 2Q 2024 respectively. Additionally, external trainers also provided training for disaster recovery planning to our Shanghai site in 1Q 2024.
• B. Intangible Assets Management:
• To address the expectations of our stakeholders and to enhance the Company’s information security standards, we annually engage with world-class cybersecurity firm to conduct Red Team Assessments. This year's assessment results demonstrated the maturity of the Company's advanced security and comprehensive security measures, with various implemented security controls that can be assessed from a defense in-depth perspective. Additionally, our major clients have contracted information security experts to assess the risk of our information security, and the results have met our clients' requirements. Overall, the Company is gradually completing our information security defenses, and continue to operate effectively and to improve. We will continue to conduct Red Team Assessments, coupled with continuous monitoring of threat intelligence and external exposures, while implementing Breach and Attack Simulation mechanisms to review our intrusion prevention capabilities from the outside in and to optimize our systems to strengthen our defenses. Furthermore, to ensure the comprehensiveness of our internal information environment and information security framework, we conduct annual information security assessments by contracting “A Grade” government-certified cybersecurity companies. Areas of these assessments include important and critical IT and operational equipment in the headquarters, manufacturing sites, R&D centers, and overseas operations. Areas of assessments encompass four major aspects, including network, endpoint, configuration, and data. The assessment results also provide us with clear guidance for future improvements, reinforcing our confidence in the continuous and positive development of our overall information security defense. Details on the Company’s information security management is highlighted in the "Information Security Management" report.