Risk Management Organizational Structure

  • The risk control committee is chaired by the CEO, with the head of the QM department appointed as the Chief of Staff to oversee risk control matters. Each head department head serves as a committee member, assisting with related operations, while the Audit Committee supervises the operation of the risk control organization.
  • The members of the Risk Control Committee are responsible for defining and assessing various potential risks and delegating decisions to the relevant departments for implementation, to ensure that the oversight of risk control mechanisms and procedures is effectively carried out.

Risk Identification, Assessment and Management Processes

In order to effectively identify, measure, monitor and control risks, M31 uses the ISO system PDCA (Plan → Do → Check → Action) management cycle to ensure the correctness of its objectives and the effectiveness of its action plans, and to minimize the gap between expected and actual results by eliminating future uncertainties at a reasonable and feasible cost.

Operation of the Risk Management Committee

M31 has been actively promoting the implementation of a risk management mechanism since 2016 and has been reporting its operation to the Board of Directors regularly each year since 2020 in response to corporate governance needs.

The main operational details over the years are as follows:

  • 2016
    M31 completed the establishment of the risk management concept, organizational structure, risk identification assessment, and management processes.
  • 2017
    Quarterly Risk Committee meetings have been held to update assessments/identifications of various risks and monitor/review the status of related handling.
  • 2020 Aug.
    The Board of Directors officially recognized and approved the Company’s risk management policy and continued to implement the objectives of risk identification, evaluation, and management in the area of risk management, strengthening the ability of crisis prevention, crisis resolution capabilities, and rapid recovery after a crisis, in order to effectively control risks.
  • 2021 Jul.
    The board of directors’ annual report detailing the implementation of risk control measures.
  • 2023
    The organizational structure of the Risk Control Committee was adjusted, with the highest level being the Audit Committee.

Operation of the Risk Management Committee

Significant Issues Assessment Item Management Policy Execution Effectiveness
Environment Environmental Protection and Ecological Conservation Our company is a professional silicon intellectual property (IP) firm that does not engage in manufacturing or physical product production, thus generating no manufacturing-related waste. General waste is managed through collaboration with authorized cleaning companies, ensuring daily cleaning and resource recycling practices to uphold environmental protection and resource reuse. We promote among our colleagues practices such as turning off air conditioning/computer monitors when not in use, switching off lights and air conditioning when leaving rooms, adopting paperless operations, conserving water, and more. The office’s use of construction materials adheres to international standards for environmentally friendly materials. In March 2023, the Greenhouse Gas Emission Plan Promotion Project was established. The guidance program will commence in January 2024, encompassing educational training, boundary establishment, emission source identification, calculation, and inventory creation. The completion of the report is anticipated by April 2024.
Society
 Workplace Safety The company is committed to maintaining employee health and a safe working environment. Regular fire safety drills are conducted, and subsidies are provided for access to fitness facilities. Additionally, routine employee health check-ups are organized, and on-site medical personnel are available to offer our colleagues health management and consultation services. An annual “Fire Safety Awareness” course will be conducted.
The evacuation drill for Building U was successfully conducted on July 13, 2023.
Product Safety The Company’s products and services are marketed in compliance with relevant laws and regulations, adhering to quality, service, and accountability principles. We provide customers with safe and high-quality designs, maintain open communication, and conduct customer satisfaction surveys regularly. An annual customer satisfaction survey is conducted at the end of each year.
Human Resources The company values its employees and regularly reviews talent development management, including recruitment and effective retention and recruitment plans to ensure workforce alignment and operations sustainability. In June 2023, the company plans to draft and implement a new version of the promotion system. The revised promotion (job title and grade promotion) procedures will include promotions in March and September, and grade promotions in April each year. The modification also involves updating the regulations for promotion bonuses and duty allowances.
Code of Integrity In order to establish an honest and integrity company culture and achieve the goal of corporate governance, we strengthen training and promotion, as well as provide channels for complaints and reports. The integrity management-related training is scheduled to be offered online to all employees in Q3 2023. As of the present year, there have been 0 reported cases from external sources and 0 reported cases from employees.
Personal Data Protection Through systematic authority control, training and promotion, the rights and interests of stakeholders will not be compromised. Each department operates in accordance with regulations to prevent potential disputes and litigation within the company.
Operation
 Epidemics of Statutory/
Emerging Infectious Diseases		 The company has established an Epidemic Response Team to formulate a Continuity of Operations Plan for critical business operations. This is aimed at ensuring uninterrupted functionality for personnel and business departments, safeguarding the health and safety of employees, and maintaining essential or regular business operations. Operate according to government policies through self-management practices, and no longer include it in managing major issues.
Supplier Risk The company conducts supplier audits annually based on ISO 9001 to ensure quality. Meet customer’s delivery schedule and enhance customer’s satisfaction and the company’s reputation.
Policy and Regulatory Changes The company constantly monitors and collects information regarding changes in laws and regulations, evaluating their impact. If necessary, immediate discussions and corresponding measures will be taken, and relevant departments will be informed. All operational activities of the company comply with legal regulations.
U.S.-China Trade War In relation to the U.S. export control regulations and entities listed in relevant technology and entity lists, thorough checks on these entities are conducted before engaging in contact or business development activities to avoid violating pertinent regulations. We will formulate verification criteria and procedures and implement them to ensure our company’s operations are unaffected.
Finance Exchange Rate Risk Our company provides quotations in foreign currency for significant exports and imports. We regularly process transactions in batches to diversify the exchange risk. We maintain close relationships with financial institutions and continuously monitor exchange rate fluctuations to mitigate the impact of cost changes on the company’s losses. Continuously diversify the risk of foreign currency exchange.
Cybersecurity
 Data Storage and Backup Management Prevent data loss and ensure recoverability using professional-grade storage equipment with high-availability backup capabilities. Establish a regular backup mechanism and implement off-site storage. Conduct annual data restoration drills to ensure the proper functioning of data recovery capabilities and to prevent significant data loss incidents.
Information Security To prevent and reduce the likelihood of infections, the company maintains ongoing system security data control, conducts regular information security awareness campaigns, ensures that computers are equipped with the latest antivirus software and firewall settings, and implements mechanisms to block untrusted devices. Authorization control is implemented for each research and development project to prevent data leaks, and a system transfer supervision mechanism is established. No virus infections and no significant data leakage incidents.
Machinery and Equipment Performance Management In order to prevent the performance of machines and equipment from exceeding the processing capabilities of existing specifications, the company has established an alert mechanism for continuous monitoring. It also employs a mechanism to detect optimal allocation based on the current data volume of workstations. A data classification and clearance mechanism is in place, and regular assessments are conducted to determine whether the equipment needs to be upgraded or expanded. Both the system and usage space remain stable, with no significant events affecting work efficiency or product development schedules.