To respond to the rapidly changing business environment and ensure the company's sound operation and sustainable development, the Board of Directors has formulated "Risk Management Policies and Procedures" to establish an effective risk management mechanism. As the highest guiding principle for risk management, the Board of Directors is the highest authority for risk management and authorizes the General Manager to execute risk management decisions. The company's risk management process includes risk identification, risk measurement, and risk management execution. The effective execution of the risk management process ensures the implementation of the company's risk management strategy.
Risk Management Process: Risk Identification -> Risk Measurement -> Risk Management Execution
Board of Directors: The highest-level unit for risk management in the company. Based on the overall operational strategy and business environment, with the goal of complying with laws and regulations, promoting and implementing overall risk management, clearly understanding the risks faced in operations, ensuring the effectiveness of risk management, and bearing ultimate responsibility for risk management.
Management: The decision-makers of each operational cycle are responsible for risk management. Through internal control self-assessment, they analyze and monitor relevant internal and external risks within their respective units to ensure that internal control mechanisms and procedures can effectively control risks.
Audit Department: Based on risk management policies and risk assessment results, formulates and implements annual audit plans. Each year, it promotes internal control self-assessment and risk assessment for each operational cycle and submits the audit results and self-assessment results to the Board of Directors.
Management Department: The unit responsible for formulating and revising these policies and procedures.
Our company categorizes the risks we face into four main types, as described below:
| Risk Types | Detailed Risk Items (including but not limited to the following risk items) |
|---|---|
| Operational Risks | Risks include those related to corporate governance, credit and reputation, business strategy, human resources, and significant domestic and international policies, laws, regulations, and changes. |
| Financial Risks | Risks include those related to financing, investment, lending, guarantees, derivatives trading, and financial decision-making. |
| Work-Related Risks | Risks include those related to information security, the effectiveness of internal controls, raw material supply, occupational safety and health management, and fraud. |
| Environmental Risks | Risks include those related to climate change, environmental pollution liability, natural disasters, and significant external hazards. |
✓ Monthly Meetings: The company holds regular monthly management meetings for various categories. Department heads can raise relevant issues for discussion at these meetings.
✓ Annual Issue Collection: Each department collects issues of concern to internal and external stakeholders and assesses whether these issues pose a risk/opportunity to the company. Issues identified as risks/opportunities must be accompanied by corresponding strategies and implementation plans, which are tracked at the annual management audit meeting.
✓ Annual Reports to the Audit Committee and Board of Directors: Annually, the company reports to the Audit Committee (composed of four independent directors) and the Board of Directors on the operation and implementation of significant environmental, social, and corporate governance issues related to the company's operations and their risk management.
| ITEM | Risk statement | Countermeasures |
|---|---|---|
| environment | Climate change risks | 1. Continuously maintain ISO 14001:2015 Environmental Management System certification. 2. Conduct greenhouse gas inventory checks in accordance with the GHG protocol, regularly check greenhouse gas emissions, and review the impacts on company operations. Based on the carbon inventory results, continuously implement carbon reduction measures. 3. Referencing the TCFD framework, construct the company's climate risk identification process, integrate internal operational experience and suggestions, and ultimately identify 3 opportunities and 7 risks. |
| society | Occupational disaster risk | 1. Continuously maintain ISO 45001:2018 Occupational Safety and Health System certification to ensure workplace safety and hygiene, guaranteeing the safety of employees' lives and property, and environmental safety. 2. Conduct regular fire drills annually to cultivate employees' emergency response and self-safety management capabilities, allowing every colleague to work safely in the workplace. 3. Care for employee health by having an agreement with a hospital for monthly doctor-provided health consultations and annual routine health checkups. |
| society | Product Quality | 1. Continuously obtain third-party certifications such as "ISO 9001:2015 Quality Management System" and "IATF 16949:2016 Automotive Quality Management System". 2. Regularly conduct customer satisfaction surveys to collect customer feedback and opinions on product quality and safety. |
| governance | Risks of interest rate and exchange rate fluctuations | 1. Employ financial instruments with a conservative and prudent approach to mitigate the risks associated with interest rate fluctuations. 2. Financial personnel should continuously collect information on exchange rate changes and refer to financial and economic information provided by banks and investment institutions to stay abreast of exchange rate dynamics. |
| governance | Operational risks related to competition and economic fluctuations in the semiconductor industry | In response to the ever-changing semiconductor industry market and its technologies, the company continuously develops new products, establishes long-term partnerships with customers, and provides them with high-value-added foundry services. As markets such as high-performance computing, 5G, IoT, and automotive electronics continue to expand, the company's customers have diversified their product portfolios to mitigate operational risks arising from weakening demand for mature products. Moving forward, MicroSilicon will continue to collaborate with its customers, leveraging various foundry processes and equipment improvements to enhance its advantages in quality, cost, and delivery time, in order to adapt to rapid market changes and competition from peers. |
| governance | Information and communication security risks | Regarding cybersecurity risk management, the company has established a "Computer Operation Cycle" to regulate corporate information security, build and maintain a secure information system environment, and has also formulated relevant cybersecurity management policies for operations including internet and email use, password setting, software downloads, storage media, and file backups. The company actively monitors network traffic and takes immediate action against any anomalies. Cybersecurity training for employees is also conducted regularly to promote awareness of potential risks. |
✓ Relevant issues raised were discussed at monthly meetings.
✓ The implementation status of risk items and countermeasures raised by each unit in the previous year was tracked during the management review meeting; and during the annual planning period, each unit collected and evaluated risk items and countermeasures for the new year.
✓ Our company continues to focus on climate change response and management. Based on the TCFD framework, we promote low-carbon transformation and climate adaptation through four major aspects: governance, strategy, risk management, indicators and targets, and implement a public climate change governance and operation mechanism.
✓ ✓ The Company regularly reports to the Board of Directors on the progress of matters related to corporate sustainability, and reports on the operation and implementation of major environmental, social, and corporate governance issues and risk management related to the Company's operations to the Audit Committee (composed of 4 independent directors) and the Board of Directors (the most recent report date was December 17, 2023). The report includes a summary of the ESG risk issues identified by the Company in the current year. The risk issues identified by the Company include: "Government: risk of exchange rate fluctuations and information security; Environment: risk of climate change; Social: risk of occupational hazards." ✓ The Company regularly reports to the Board of Directors on the implementation of matters related to corporate sustainability, and reports the operation and implementation of major environmental, social, and corporate governance issues related to the Company's operations and their risk management to the Audit Committee (composed of 4 independent directors) and the Board of Directors (the most recent report date is December 17, 2025). The report includes a summary of the ESG risk issues identified by the Company in the current year. The risk issues identified by our company include: "Governance: risk of exchange rate fluctuations and information security; Environmental: risk of climate change; Social: risk of occupational accidents." ✓ To strengthen employees' risk awareness and implement risk management concepts in daily work, we also conduct risk management education and training. In 2025, we conducted courses such as "Information Security Awareness, Essential Knowledge and Responsibility" (6 hours of training), "Product Safety and Conformity Representative (PSCR) Qualification Training" (14 hours of training), "Hazard Identification, Risk Assessment & Environmental Considerations" (3 hours of training), "Emergency Response/Production Emergency Response Management" (1 hour of training), "Fire Safety Education and Training" (2 hours of training), "How Enterprises Can Implement Energy Conservation and Carbon Reduction to Improve Company Profitability" (3 hours of training), and "Global Risk and Corporate Social Responsibility" (3 hours of training). A total of 575 people participated. These courses discussed risk management from a corporate sustainability perspective and used real-world risk management case studies to strengthen our company's risk management thinking and implementation capabilities.
✓ Relevant issues raised were discussed at monthly meetings.
✓ The implementation status of risk items and countermeasures raised by each unit in the previous year was tracked during the management review meeting; and during the annual planning period, each unit collected and evaluated risk items and countermeasures for the new year.
✓ Our company continues to focus on climate change response and management. Based on the TCFD framework, we promote low-carbon transformation and climate adaptation through four major aspects: governance, strategy, risk management, indicators and targets, and implement a public climate change governance and operation mechanism.
✓ ✓ The Company regularly reports to the Board of Directors on the progress of matters related to corporate sustainability, and reports on the operation and implementation of major environmental, social, and corporate governance issues and risk management related to the Company's operations to the Audit Committee (composed of 4 independent directors) and the Board of Directors (the most recent report date was December 17, 2023). The report includes a summary of the ESG risk issues identified by the Company in the current year. The risk issues identified by the Company include: "Government: risk of exchange rate fluctuations and information security; Environment: risk of climate change; Social: risk of occupational hazards." ✓ The Company regularly reports to the Board of Directors on the implementation of matters related to corporate sustainability, and reports the operation and implementation of major environmental, social, and corporate governance issues related to the Company's operations and their risk management to the Audit Committee (composed of 4 independent directors) and the Board of Directors (the most recent report date is December 17, 2025). The report includes a summary of the ESG risk issues identified by the Company in the current year. The risk issues identified by our company include: "Governance: risk of exchange rate fluctuations and information security; Environmental: risk of climate change; Social: risk of occupational accidents." ✓ To strengthen employees' risk awareness and implement risk management concepts in daily work, we also conduct risk management education and training. In 2025, we conducted courses such as "Information Security Awareness, Essential Knowledge and Responsibility" (6 hours of training), "Product Safety and Conformity Representative (PSCR) Qualification Training" (14 hours of training), "Hazard Identification, Risk Assessment & Environmental Considerations" (3 hours of training), "Emergency Response/Production Emergency Response Management" (1 hour of training), "Fire Safety Education and Training" (2 hours of training), "How Enterprises Can Implement Energy Conservation and Carbon Reduction to Improve Company Profitability" (3 hours of training), and "Global Risk and Corporate Social Responsibility" (3 hours of training). A total of 575 people participated. These courses discussed risk management from a corporate sustainability perspective and used real-world risk management case studies to strengthen our company's risk management thinking and implementation capabilities.
