2016
M31 completed the establishment of the risk management concept, organizational structure, risk identification assessment, and management processes.
Risk Management Organizational Structure
- The Risk Management Committee is chaired by the CEO, with the head of the QM department appointed as the Chief of Staff to oversee risk control matters. Each head department head serves as a committee member, assisting with related operations, while the Audit Committee supervises the operation of the risk control organization.
- The members of the Risk Management Committee are responsible for defining and assessing various potential risks and delegating decisions to the relevant departments for implementation, to ensure that the oversight of risk management mechanisms and procedures is effectively carried out.
Risk Identification, Assessment and Management Processes
In order to effectively identify, measure, monitor and control risks, M31 uses the ISO system PDCA (Plan → Do → Check → Action) management cycle to ensure the correctness of its objectives and the effectiveness of its action plans, and to minimize the gap between expected and actual results by eliminating future uncertainties at a reasonable and feasible cost.
Operation of the Risk Management Committee
M31 has been actively promoting the implementation of a risk management mechanism since 2016 and has been reporting its operation to the Board of Directors regularly each year since 2020 in response to corporate governance needs.
The main operational details over the years are as follows:
Material Issues in Risk Management
| Material Issues | Evaluation Items | Management Policies |
Implementation Results |
| Environment | Environmental Protection and Ecological Conservation | The company is a professional silicon intellectual property (IP) company that does not engage in production or manufacturing (with no physical products) and therefore does not generate manufacturing-related waste. General waste is handled through collaboration with a licensed cleaning company for daily cleaning and recycling, implementing environmental protection and resource reuse. Employees are encouraged to adopt eco-friendly practices, such as turning off air conditioning/computer screens when not in use, switching off lights when leaving a room, paperless operations, and water conservation. All office building materials comply with international environmental standards for sustainable materials. | Obtained the ISO 14064-1 Greenhouse Gas Inventory certification in May 2024. |
|
Society
|
Workplace Safety | The company is committed to maintaining employee health and workplace safety, regularly conducting fire safety drills, and providing gym membership subsidies, periodic employee health check-ups, and on-site medical staff services to assist employees with health management and consultation services. | 1. In coordination with Taiyuen’s activities, assigned two colleagues to participate in the 2024 Civil Defense Team Restructuring Implementation Plan and the first half-year Firefighting training. 2. Gym Facility: Increased employee subsidy amount. 3. Employee Health Check-ups: Provided year-round flexible scheduling for employees. 4. Arranged on-site medical staff services to support employees’ physical and mental well-being. |
| Product Safety | The company’s product and service marketing complies with all relevant regulations, adhering to a code of conduct based on quality, service, and accountability. Customers are provided with safe and high-quality designs, good communication with clients is maintained, and customer satisfaction surveys are conducted regularly. | Conduct a customer satisfaction survey at the end of each year. | |
| Human Resources | The company values its employees and regularly reviews talent development management, including recruitment, effective retention strategies, and hiring plans, to ensure workforce continuity and sustainable operations. | 1. Talent assessments were conducted across all departments in June 2024. Moving forward, a talent retention plan, including compensation and non-compensation strategies, will be developed in collaboration with the SPC Office. 2. In Q2 2024, a company-wide awareness campaign was completed, and an ethical management training course was held. |
|
| Code of Ethics | To establish a culture of ethics and achieve corporate governance goals, enhance training and awareness, and provide complaint and whistleblowing channels. | As of 2024, the company has received zero external whistleblowing cases and zero employee whistleblowing cases. | |
| Personal Data Protection | Through system access control, training, and awareness programs, the company prevents harm to the interests of stakeholders. | Each department operated in accordance with regulations to avoid potential company disputes and litigation. | |
|
Operation
|
Notifiable/ Emerging Infectious Disease Outbreaks | The company has established a pandemic response measures team to formulate a business continuity management plan for critical operations, ensuring that departmental personnel and business functions remain uninterrupted, thereby safeguarding employee health and safety while maintaining basic or normal company operations. | In accordance with government policies, operations are conducted through self-management and are no longer included in the management of material issues. |
| Supplier Risks | The company conducts annual supplier audits in accordance with ISO 9001 to ensure quality. | Met customer delivery deadlines while enhancing satisfaction and corporate reputation. | |
| Policy and Regulatory Changes | The company continuously monitors and gathers information on relevant regulatory and policy changes, assesses their impact, and, if necessary, promptly discusses and implements appropriate measures while notifying relevant departments. | The company’s operational activities fully complied with legal regulations. | |
| China-U.S. Trade War | Regarding the relevant technologies and entities listed under U.S. export control regulations, thorough due diligence is conducted before engagement or business development to avoid violating related regulations. | Established audit standards and procedures and ensured effective implementation to maintain uninterrupted company operations. | |
| Finance | Exchange Rate Risk | The company quotes significant export and procurement transactions in foreign currency, processes them in batches periodically to mitigate exchange rate risks, maintains close relationships with financial institutions, and continuously monitors exchange rate fluctuations to manage the impact of cost changes on company profits and losses. | Continuously diversify the risk of foreign currency exchange. |
| Cyber Security | Data Storage and Backup Management | To prevent irretrievable data loss, use professional-grade storage devices with high availability and redundancy capabilities, establish a regular backup mechanism, and implement off-site storage. | An annual data restoration drill was conducted to ensure that data recovery capabilities function properly and to prevent any major data loss incidents. |
| Information Security | To prevent and reduce the risk of virus infections, the company continuously strengthens system information security management, conducts regular cybersecurity awareness training, ensures all computers are equipped with the latest antivirus software and firewall settings, and implements a mechanism to block untrusted devices. To prevent data leaks, access controls are enforced for all R&D projects, and a system transfer monitoring mechanism has been established. | No virus infections and no major data leakage incidents. | |
| Machine and Equipment Performance Management |
To prevent the performance of machines and equipment from exceeding the processing capacity of existing specifications, the company has established an early warning mechanism for continuous tracking, as well as a mechanism to detect the current data volume at workstations for optimal allocation. A data classification and deletion mechanism has also been implemented, along with regular assessments to determine the need for equipment upgrades or expansions. | The system and user environment remained stable, with no major incidents impacting work efficiency or product development timelines. |