NANPAO Risk management policies and procedures

Risk management policies and procedures

Risk management policies and procedures

The "Risk Management Policies and Procedures" of the company was approved by the board of directors on December 17, 2020, as the highest guiding principle of the company's risk management. Since 2021, the company regularly assesses risks every year and formulate risk management policies which covers management objectives, organizational structure, ownership of rights and responsibilities, and risk management procedures, to effectively identify, measure, and control various risks of the company, and control the risks arising from business activities to an acceptable level range.


Risk management category

In order to implement risk management, the company integrates and manages all potential risks such as various strategies, operations, finances and hazards that may affect operations and profitability. Through the establishment of corporate risk management implementation methods, the purpose is to provide stakeholders appropriate risk management, use a risk matrix to evaluate the frequency of risk events and the severity of the impact on the company’s operations, define the priority and level of risk, and adopt corresponding risk management strategies based on the risk level.


The company uses the environment, society and corporate governance as the starting point to further identify risk items. The main risk management areas include "environmental safety", "information security", "regulatory compliance" and "corporate governance".



The company integrated various risk management units into a "risk management team" in 2021, and subordinated to the board of directors, with the chief executive officer serving as the convener of the risk management team, the top supervisor of each functional unit as a member of the management team, and each functional unit regularly conducts risk project identification and risk control. The previous year’s risk assessment and management will report to the board of directors in the first quarter of each year.


Operational situation

The company's main implementation of risk management in 2021 are as follows:

  • The initial meeting of the risk management team was held in October 2021 to report the risk assessment process to the risk management team members, and identify the next year's risk projects and current risk management strategies in accordance with risk issues of concern to the environment, society, and corporate governance.
  • Before the end of November, 2021, each functional unit will perform departmental risk assessment work, and the executive secretary will complete the risk assessment form collection.
  • It is expected that the risk matrix will be completed and a risk management report will be issued by the end of December 2021, explaining the results of the risk assessment and countermeasures.
  • The implementation of 2021 risk management was reported to the board of directors on December 22, 2021.


Chart-Risk management organization structure