Corporate Governance
Risk Management Mechanism
Risk Review
Chunghwa Telecom established and maintains a set of sound corporate risk management system to ensure risks (including categories like “strategic risk,” “operational risk,” “reporting risk,” and “compliance risk”) identified. Also, it actively tracks risks mitigation action indicators corresponding to various risks on a regular basis to maintain within the scope or overall risk appetite. The amount of the overall risk appetite was NT$2.34 billion in 2022.
Category | Risk Appetite & Tolerance |
---|---|
Strategic Risk |
NT$ 585M |
Operational Risk |
NT$ 1,638M |
Chunghwa Telecom assesses the severity of operational impacts based on the likelihood and impact of individual risk event, ranks the priority and level of risks via a risk matrix, and takes corresponding risk control actions in accordance with risk levels.
Prioritization of identified risks in 2022 |
---|
Competitive market changes, information security and privacy protection, sustainability and climate strategies, human resource management and development, information system and information technology management, new service market development, network quality and infrastructure maintenance, and overseas market service development. |
Risk Event | Chunghwa Telecom Mitigating Action |
---|---|
Competitive market changes |
|
Sustainability and climate strategies |
|
Human resource management and development |
|
Cybersecurity and privacy protection |
Please refer to our cybersecurity and privacy protection |
Sensitivity Analysis and Stress testing
Chunghwa Telecom conducts sensitivity analysis and stress testing on key risk factors in operations and reduces potential losses through risk responses such as acceptance, transfer, mitigation, and avoidance.
- Financial Risk: Analysis, control, and management of potential financial volatility (e.g. market, exchange rate, other prices, etc.)
- Operational & Market Risk: Video platform system control and management (MOD/Hami Video, and other platforms), system sensitivity analysis, stress testing (target value stress simulation), load testing, etc. executed to maximize the benefits of video playback and customer maintenance
- Strategic Risk: Sensitivity analysis for huge capital expenditure on construction and investment (with hypothetical scenarios) and assessment of costs and net present value change
- Compliance Risk: Analysis of the overall operational impacts arising from legal compliance issues involving information security laws and regulations in Taiwan
Review of Risk Exposure
Regarding the monthly operational focus on the risk management tracking, respective responsible unit tracks and reports relevant indicators of actions taken to mitigate risks, and assesses risk exposures, including reviews of goals aligned with market trends and our corporate vision, the management to the progress towards achieving these objectives and updates of target estimates and the annual and monthly forecast results on a rolling basis, to verify if the actions taken are actually executed and whether risk events are within the manageable range.
Audit of Risk Management Process
The risk management processes at Chunghwa Telecom encompass audits by the internal audit department and external audit by certified public accountants. Regarding the policies and procedures for the internal control system (including financial, operational, risk management, information security, outsourcing, legal compliance, and other control measures) of the Company, the Audit Committee also assesses if the risk management and internal control system of the Company are effective. The Company has adopted necessary control mechanisms to monitor and correct violations.
In line with the New York Stock Exchange (NYSE) listing standards, the Company ought to establish an internal audit system for the management and the Audit Committee to assess the risk management operations and internal control system of the Company. Chunghwa Telecom has established the internal control/internal audit systems in accordance with the “Regulations Governing Establishment of Internal Control Systems by Public Companies,” which is in line with the requirements of the Code of Corporate Governance.
The Audit Committee assesses the effectiveness of the policies and procedures of the internal control systems (including financial, operational, risk management, information security, outsourcing, legal compliance, etc.) of the Company as well as reviews the regular reports from the audit department, certified public accountants, and the management, including risk management and compliance. With reference to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control – Integrated Framework (2013), the Audit Committee is convinced that the risk management and internal control systems of the Company are effective and that the Company has adopted necessary control mechanisms to monitor and correct violations.