Risk Management Committee

Risk Management Committee

For a robust operation of Chunghwa Telecom, CHT Board of Directors/Audit Committee are the highest decision-making bodies for risk management at CHT, in charge of the review, supervision, and oversight of the corporate risk management policies and mechanisms.

The “Risk Management Committee” was officially established at CHT with the President as the chairperson in 2016. Through regular committee meetings to improve mechanisms, monthly reporting on implementation progress, quarterly reporting to the board on operational status, and measures such as reporting significant risk events to the board, we ensure the effective execution of risk response actions and achieve effective risk management.

On August 9, 2023, CHT approved the addition of a "Risk Management Committee" to its functional committees under the Board of Directors, with a majority of independent directors as members and an independent director serving as the chairman. The previously chaired "Risk Management Committee" by the President was renamed as the "Risk Management Steering Committee." Prior to August 9, 2023, regular reports were submitted to the Audit Committee and the Board of Directors, and after that date, reports were regularly submitted to the Risk Management Committee and the Board of Directors. These measures were implemented to ensure the effective execution of risk management and achieve risk control.

In 2023, a total of 3 management-level risk management meetings were held, including 2 meetings of the Risk Management Committee and 1 meeting of the Risk Management Steering Committee. There were also 4 reports submitted to the Board of Directors' functional committees, which included 3 reports to the Audit Committee and 1 report to the Risk Management Committee, along with 4 reports to the Board of Directors.

The Board of Directors stipulated the risk management policies, framework, and culture at CHT. The Secretariat assists in promotion of company-wise risk management activities. Then, the Audit Department reviews the risks and reports to the Board of Directors. In 2020, the ESG risks (climate risks included) were incorporated into the overall corporate risk management process.

We attach special importance to management of corporate operational risks. In addition to the initial control through daily operational decision-making processes, we have established the “Risk Management Policy” and "Risk Management Operational Guidelines" as the second line of control for all employees' operations. The CHT Audit Department carries out annual audits for risks at “the corporate level” and “the operational level” based on the annual auditing plan besides management of major risks. The audit results will be submitted to the Board to facilitate the examination and review of deficiencies of internal control by the Board and management as well as evaluation of the managerial results and efficiency of various operational risks. This serves as the third line of control.

Practice of Corporate Risk Culture

An Enterprise Risk Management (ERM) System is in place at CHT to manage various business risks. Meanwhile, risk management is tied with the performance appraisal of the executives to practice the culture of risk management.

Aspect	Description
Organization	The "Risk Management Committee" was established in 2016. It holds regular committee meetings. Monthly updates on the implementation status are reported to the President of CHT; operational performance and material risk events are reported to the Board of Directors on a quarterly basis. On August 9, 2023, CHT approved the addition of a "Risk Management Committee" to its functional committees under the Board of Directors, supervising the mechanisms related to risk management operations. The previously chaired "Risk Management Committee" by the President was renamed as the "Risk Management Steering Committee," to facilitate cross-departmental communication and coordination within the company to implement risk management policies and risk management operations. Prior to August 9, 2023, regular reports were submitted to the Audit Committee and the Board of Directors, and after that date, reports were regularly submitted to the Risk Management Committee and the Board of Directors. In 2023, a total of 3 management-level risk management meetings were held, including 2 meetings of the Risk Management Committee and 1 meeting of the Risk Management Steering Committee. There were also 4 reports submitted to the Board of Directors' functional committees, which included 3 reports to the Audit Committee and 1 report to the Risk Management Committee, along with 4 reports to the Board of Directors.
Policy	Risk policies and framework stipulated by the Board of Directors “Risk Management Policy” as the basis for all personnel’s reference in conducting business
Management System	Enterprise Risk Management (ERM) System to manage business risks regularly and monitor risks on the rolling basis.
Assessment Tools	“Risk Assessment Matrix” as an assessment tool for assessments of operational risks, strategic risks, compliance risks, reporting risks, etc. Enhanced sensitivity analyses and stress tests for focused operational items and key ESG issues (risks of climate change included) Analysis of the scope of operation, upstream and downstream, and the short-, mid-, and long-term climate risks and opportunities across the whole lifecycle of assets in line with the Recommendations of the Task Force on Climate-related Financial Disclosures (TCFD)
Appraisal	Risk Management Steering Committee to promote implementation of risk management efforts in the Company and evaluate performances in risk management. Results of risk management are included in the performance appraisal of each business group.
Feedback and Improvement	Risk status is followed up monthly and reported to the Risk Management Steering Committee convener and the Audit Department. The Risk Management Steering Committee (in addition to the committee members, the Chief Audit Executive is present) convenes regularly as well as reports to the Audit Committee (prior to August 9, 2023)/Risk Management Committee (after August 9, 2023), and the Board of Directors. The Committee improves the current risk management mechanism based on Risk Management Steering Committee, Audit Committee/Risk Management Committee and Board of Directors’ decision to ensure the process is up to date and satisfies the operational need.
Implementation Results in 2023	3 management-level meetings convened with focuses on the enterprise-level risks tied with the objectives in the business plans and deliberations on directions of material risk issues on Feb. 8th, Jul. 4th, and Oct. 5th in 2023. Reports on the implementation of risk management to the Audit Committee on Mar. 29th, May 8th and Aug. 7th, and to Risk Management Committee on Oct. 25th, as well as to the Board of Directors on Jan. 31st, May 10th, Aug. 9th and Nov. 8th in 2023. In 2023, rigorous monitoring and execution of risk mitigation actions were carried out, successfully containing the residual risks within the defined risk appetite.