The Board of Directors plays a key role in helping TSMC identify and manage risks. According to the Audit Committee’s charter, approved by the Board of Directors, the Audit Committee is authorized to review TSMC’s enterprise risk management (ERM), including business continuity management policy and plans, ERM procedures and implementation execution status. The risk management organization annually briefs the Audit Committee on TSMC’s ever-changing risk environment, the key points of TSMC’s ERM, and risk assessment and mitigation efforts. The Audit Committee’s Chairperson also reports to the Board of Directors on the risk environment and risk mitigation measures to be taken.

TSMC operates an ERM program based on its corporate vision and its long-term, sustainable responsibility to both industry and society, integrating and managing potential sustainability risks including strategic, operational, financial and hazardous risks. ERM seeks to provide the appropriate management of risks on behalf of all stakeholders. TSMC applies a risk management framework (including risk identification and assessment, risk control and mitigation, risk response, risk monitoring and reporting) and a risk map to assess the risk levels by defining likelihood and impact severity of events on TSMC’s operations, and to prioritize controls and implement corresponding mitigation measures.

 

Scope of Risk Management

Strategic Perspective

  • Changes in technology (including IT security) and industry
  • Decrease in demand and average selling price
  • Competition
  • Changes in the government policies and regulatory environment

Operational Perspective

  • Capacity expansion
  • Construction of new fabs
  • Sales concentration
  • Purchasing concentration
  • Intellectual property rights
  • Litigious and non-litigious matters 
  • Mergers and acquisitions
  • Recruiting quality personnel
  • Future R&D plans and expected R&D spending
  • Change in corporate reputation
  • Change in management

Financial Perspective

  • Interest rate fluctuation, foreign exchange volatility, inflation, and amendments to tax regulations or implementation of new tax laws
  • External financing
  • High-risk/highly leveraged investments; lending, endorsements, and guarantees for other parties; and financial derivative transactions
  • Impairment charges 

Hazardous Event Perspective

  • Earthquakes and natural hazards
  • Fire or chemical spills
  • Climate change
  • Pandemics
  • Utility supply disruption

 

Risk Management Organization

RM Steering Committee

  • Consist of functional heads, with internal audit head sitting in as an observer
  • Report to the Audit Committee of the Board of Directors
  • Advise and approve risk control prioritization
  • Supervise continuous improvements for risk management

RM Executive Council

  • Consist of director-level representatives from each function
  • Identify and implement risk control plans
  • Continuously improve risk management practices and effectiveness

RM Program

  • Consolidate ERM reports and update the RM Steering Committee
  • Coordinate and facilitate the RM Executive Council’s risk management activities
  • Facilitate RM task forces to enhance the effectiveness of risk controls

RM Task Force

  • Identify potential scenarios and business impacts
  • Plan and execute risk prevention and mitigation actions in accordance with various scenarios
  • Establish crisis management procedures and conducts exercises

 

Enterprise Risk Management Framework and Procedure

 

The Implementation in 2021

Systemic Risk Management Enhancement

  • In addition to current risk identification and assessment, compliance check, lessons learned from internal and external incidents, and benchmarking, a series of risk interviews and analysis are conducted to identify any unknown systemic risks and risk control measures to be enhanced. TSMC continuously improves the effectiveness of risk controls and risk culture through cross-functional collaborations.

Continue Existing ERM Organization’s Activities

  • For enterprise risks, each RM task forces conduct risk assessment and lesson-learned from incidents, identify potential risk scenarios continuously, plan and implement risk prevention and mitigation measures, emergency response, crisis management and corresponding exercises.
  • The RM executive council reviews and follows up on the progress and results of RM task force activities, including the response to systemic risks and emerging risks, improving opportunities identified from compliance checks, and sharing and learning of best practices.
  • The RM steering committee advises and approves the risk map and the prioritization of risk controls and review the continuous improvement in managing systemic risks.