In order to prepare for all the possible operating risks and minimizing potential impacts they may bring, Advantech developed a Business Continuity Plan (BCP) in 2009, to guarantee continuity when risks occur.

Managing Internal Audits and Controlling System Risks

Managing Internal Audits and Controlling System Risks Internal auditing serves to validate the company's risk management practices, to provide objective verifications to the board of directors, to ensure that the key management risks are properly managed, and to maintain the effective operation of internal control systems.

1.The annual auditing plan should be established based on risk assessments and take the following factors into consideration:

  • Risk of financial fraud
  • Other potential losses and risks
  • Managerial or regulatory requirements
  • Material changes in operation, project proposals, systems, and control
  • The possibility of achieving operating efficiency

2.Relevant information that should be considered when evaluating internal auditing risks. Information sources include:

  • Opinions of the board of directors and supervisors
  • Discussions with company executives
  • Discussion with internal auditors
  • Opinions of external auditors
  • Requirements of laws and regulations
  • Analysis of financial information and business data

3.Role of internal auditing in risk management Core role:

  • Verify the validity of the risk management process.
  • Verify the accuracy of risk assessments.
  • Assess the process of risk management.
  • Assess reports on primary risks and control measures.
  • Review the management of primary risks, including the effectiveness of risk control and response measures to risks.

4.Statutory role in asset protection:

  • Assist with risk identification and risk assessment.
  • Respond to and handle risks.
  • Consolidate risk reports
  • Maintain and develop the corporate risk management framework.
  • Propagate the establishment of corporate risk management.

Advantech established an Audit Committee in 2017, the company’s corporate governance includes the auditing of corporate risk management, in addition to auditing existing financial reports, business operations, as well as inspecting overseas subsidiaries. We plan to use the resources of this Audit Committee, including internal supervisors and external partners, to build a comprehensive risk management system for Advantech. This system aims to include appropriate risk assessments, management, and control in order to perfect the company’s governance framework that ensures Advantech's sustainable management and serves as a paradigm for other companies.

Risk Management and Strategies for Material Procurement

Because material management is a key factor that facilitates a smooth operation for Advantech, the company manages its procurement activities by requiring its suppliers to sign a procurement agreement to regulate the delivery dates, quality, and warranty policies of its suppliers. In addition, Advantech requests its suppliers to issue immediate notices with respect to delivery delays that are caused by natural disasters. Regarding universal electronic components, Advantech has built a second source management system and a safe inventory system for its primary materials to prevent risks such as material shortage or quality issues. In terms of strategies, Advantech classifies its materials and appoint procurement employees to monitor market information, which is then examined by supervisors during weekly and monthly meetings. Centralized procurement strategies are adopted to establish a preferred vendor list (PVL), which facilitates efficient cooperative management through vendor convergence and centralization. Subsequently, highquality and steady delivery are achieved to reduce relevant risks.

Financial Risk Management and Strategies

1. Exchange rate risks: The company's operating activities and net investments in foreign subsidiaries are conducted in foreign currencies. The company reduces risks by using forward exchange contracts to prevent foreign currency fluctuations, which would otherwise cause a reduction in foreign currency asset and future cash flow.

2. Interest rate risks: Because the company holds bank deposits associated with floating risks, the company's executives regularly monitor interest rate risks. If necessary, the executives will consider taking measures to prevent significant interest rate risks and to accommodate changes in the interest rate.

3. Other pricing risks: The company has investments in listed and OTC securities as well as beneficial certificates for open-end funds. The executives manage risks by holding different risk investment portfolios. In addition, the company is exposed to a relatively low degree of pricing risks since it is concentrated mostly on equity instruments and beneficial certificates for open-end funds in Taiwan.

4. Credit risk: To reduce the financial loss that results when counterparties delay the fulfillment of their contractual obligations, the company has appointed a team to take on the responsibilities in determining the credit limit, approving the credit, and monitoring other items to ensure that overdue payments for account payables are recovered. Furthermore, the company will review the recoverable amounts of account receivables individually on the balance sheet date in order to ensure that the recovered payables are recognized as impairment loss.

5. Liquidity risks: The company manages and maintains sufficient cash and equivalent cash to pay for operation expenditures and mitigate the impacts of cash flow fluctuation. Management executives monitor the usage of bank financing limit and ensure compliance with loan contract agreements. Management of liquidity risks is the responsibility of the board of directors. The company has established a suitable liquidity risk management framework to meet the needs for collecting short, mid, and long-term funds and to fulfill the demand for liquidity management.

IT Risk Management Strategies

1. Plant Stability

  • Uninterruptible power supply systems are used to provide a steady supply of electrical power. Each server uses a double loop. When power outage occurs, diesel oil generators can provide up to 3 days of power for the plant.
  • The plant has two air conditioners operating in turns, and a heat channel is established to provide a stable supply of uninterrupted air conditioning.
  • Smoke detectors connected to the HFC-23 Tomahawk fire extinguisher equipment are installed to facilitate fire prevention.
  • The plant's electrical power, temperature and humidity, and smoke conditions are monitored on a single platform. Once abnormalities occur, the central control room (B1) will activate the alarm and light indicators, security guards on duty will report the abnormality at the first instance, and IT personnel on duty will also receive SMS notifications on their mobile phones.

2. Server Stability

  • Server hard disks are protected by Raid 5 or Raid 1 systems, and core servers typically adopt multiple failure and load balancing mechanisms.
  • Server data are backed up on a daily basis. The backup system also sends backup success or failure messages to the administrator every day.
  • Enterprise resource planning (SAP) software has a backup server setup at the US branch company. A dedicated line is used to copy SAP data. When the SAP host server at the headquarters cannot restore the server immediately, the backup server in US will be activated to continue providing services.
  • Backup servers are also installed at Advantech’s Linkou Campus to provide key IT applications such as customer relationship management (CRM)/product lifecycle management (PLM).

3. Network Security

  • The company's Internet and Intranet adopt a multi-circuit mechanism to prevent impacts caused by a disconnection.
  • A monitoring platform is installed to monitor the network's traffic volume and connection status to facilitate instant troubleshooting when situations occur.
  • A firewall is built to protect external connections, and analysis based on abnormal records observed by the firewall is performed to reinforce protection.
  • Anti-virus software is installed on employee computers. When a virus is detected, the antivirus central control platform will notify IT personnel via email to eliminate the virus on the computer.
  • Since February 2018, network connectivity inspections have been included in the audits. All computers must be connected to a local area network and installed with antivirus software in order to access the internet.
Climate Change Risk Management

The rise of awareness on global warming and climate change issues has necessitated businesses to manage risks associated with climate changes in order to ensure sustainable development. Advantech has participated in the Carbon Disclosure Project (CDP) since 2009, which requires the company to publish its greenhouse gas inventory data regularly on the CDP website for customers and stakeholders. Advantech has also identified potential risks and opportunities as shown in Table.

Risk Items Risks or Impacts Opportunities
Legal risks Government units are exploring the possibilities of introducing a carbon tax or energy tax, which would increase the cost of business operations and raise the price of raw materials. 1. Including supplier management guidelines in CSR practices
2. Introducing green buildings and energy conservation programs in Advantech's Linkou Intelligent Campus
Regulatory requirements on a product's energy efficiency are likely to increase verification costs that are required during product development. 1. Employing energy-efficient designs and products must comply with energy star regulations
2. Formulating green product design criteria and obtaining green product labeling certification
Tangible risks Extreme climates increase the likelihood of drought, powerful typhoons, and higher power consumption, which exert a direct influence on production and operation. 1. Formulating emergency evacuation plans and drills
2. Proposing energy conservation solutions by Advantech's smart building team

Advantech considers corporate risk management as the responsibility of every member in the company. Department directors fully promote risk management policies and conduct process trainings, as well as manage those potential risks within their scope of responsibilities. All employees are requested to understand the company's risk management policies and incorporate risk management in their daily work, as well as report all possible risk factors in a timely manner. We expect to adopt a top-down education and management approach to internalize risk management as an essential part of the organizational culture, thus minimizing the possibility of risks.