The Board of Directors has an overall responsibility for the governance of risks. The Audit Committee assisted the Board of Directors in the oversight of risk management system, including the review of TSMC’s enterprise risk management (ERM) framework and process for the identification and management of risks and reports to the Board of Directors on material matters, findings and recommendations pertaining to risk management.
Risk Management Policy approved by the Board of Directors affirms TSMC’s commitment for mature and effective risk management system and culture in assisting management in making informed business decisions, by integrating and managing all potential risks to provide assurance that TSMC’s risks are known and within risk appetite and tolerance.
Risk Management Policy
The Audit Committees supports the Board of Directors in its oversight of risk management.
At the management level, it is supported by the various committees including risk management steering committee, risk management executive council, risk management division, risk management taskforces and champions. The composition, roles and responsibilities are illustrated in the following Risk Management Organization Chart.
Risk Management Organizations
With close reference to ISO31000:2018 Risk Management System and The Committee of Sponsoring Organizations of the Treadway Commission (COSO)’s Enterprise Risk Management - Integrated Framework, TSMC’s risk management process is adopted. In support in the achievement of corporate visions and business objectives, a proactive and robust risk management system is maintained to safeguard the interests of TSMC and our stakeholders. Resources are prioritized to focus on enterprise growth and strategy to effectively capitalized on opportunities and minimize the potential impact of threats, leading to value creation.
Enterprise Risk Management Framework and Procedure
TSMC’s enterprise risk management (ERM) framework is a systematic approach to effectively implement and continuously improve risk management system.
The Risk Management Division, working in conjunction with functional departments/divisions, supports management in applying the ERM framework to ensure risks across TSMC are assessed and adequately mitigated.
ERM framework outlines the risk governance structure, risk management process and tools in the identification, assessment, response, monitoring and review of identified risks.
ERM implementation will be supported by an integrated risk management IT system and augmented with the establishment of Risk Management Academy focusing on building competencies and awareness in fostering a risk-aware mindset and culture.
Enterprise Risk Management (ERM) Framework and Procedure
Risk Management Scope
The scope of TSMC’s Risk Management encompasses, but not limited to the following listed risk items:
Annual Implementations and ongoing Key Enhancements
2022 annual implementations and ongoing Key enhancements in risk management are summarized below: