The Board of Directors plays a key role in helping TSMC identify and manage risks. According to the Audit Committee’s charter that approved by the Board of Directors, Audit Committee is authorized by the Board of Directors to review TSMC’s enterprise risk management (ERM), including business continuity management policy and plan, ERM procedure and the execution status. The risk management organization annually briefs the Audit Committee on TSMC’s ever-changing risk environment, the key points of TSMC’s ERM, and risk assessment and mitigation efforts. The Audit Committee’s Chairperson also reports to the Board of Directors on the risk environment and risk mitigation actions to be taken.

TSMC operates an ERM program based on both its corporate vision and its long-term, sustainable responsibility to both industry and society, integrating and managing potential sustainability risks including strategic, operational, financial and hazardous risks. ERM seeks to provide the appropriate management of risks on behalf of all stakeholders. TSMC applies a risk management framework (including risk identification and assessment, risk control and mitigation, risk response, risk monitoring and reporting) and a risk map to assess the risk level by defining likelihood and impact severity of risk events on TSMC’s operation, and to prioritize risk controls and implement corresponding risk mitigations.

 

Scope of Risk Management

Strategic Perspective

• Regulatory change and compliance
• Government policies
• Changes in technology and industry
• Technology development and competition
• Demand and capacity expansion
• Information security

Operational Perspective

• Sales and purchasing concentration
• Intellectual property rights
• Antitrust and competition law
• Mergers and Acquisitions
• Recruitment of qualified personnel
• Corporate image

Financial Perspective

• Interest rate, foreign exchange, inflation, deflation and taxation
• External financing
• High-risk and/or highly leveraged investments; financial derivative transactions
• Strategic investments

Hazardous Events

• Earthquakes and natural hazards
• Fire or chemical spills
• Climate change
• Pandemic
• Utility supply

 

Risk Management Organization

RM Steering Committee

• Consists of functional heads (with internal audit head sitting as an observer)
• Reports to the Audit Committee of the Board of Directors
• Reviews and approves risk control prioritization
• Reviews and approves continuous improvement for risk management

RM Executive Council

• Consists of director level representatives from each function
• Identifies and implements risk controls 
• Continuously improves risk management practice and effectiveness

RM Program

• Consolidates ERM reports and updates to the RM Steering Committee
• Coordinates and facilitates the RM Executive Council’s risk management activities
• Supports RM task forces to enhance the effectiveness of risk controls 

RM Task Force

• Identifies potential scenarios and business impacts
• Plans and executes risk prevention and mitigation actions in accordance with risk scenarios
• Establishes crisis management procedures and conducts exercises

 

Enterprise Risk Management Framework and Procedure

 

The Implementation in 2021

Systemic Risk Management Enhancement

• In addition to current RM task forces’ risk identification and assessment, RM program’s compliance check, lesson learned for internal and external major incident, benchmarking to worldwide class practices, a series of risk interviews were conducted to identify unknown systemic risk. Through cross-functional celebrations to register the identified systemic risk and take mitigation actions. 

New Site Risk Management Enhancement

• Conduct risk assessment for global capacity expansion, taking risk mitigation to address the identified risks.

Third Party Risk Management Enhancement

• Conduct risk assessment for key third parties, taking risk mitigation to address the identified risks.

Continue Existing ERM Organization’s Activities

• All RM task forces monthly or irregularly conduct risk assessment to responsible enterprise risks, identifying potential risk scenarios, planning risk preventions, mitigation, crisis management procedure and corresponding exercises.
• Quarterly RM Executive Council meeting to discuss, follow-up, review the progress and result of RM task forces’ activities, including systemic risks, emerging risks, improvement opportunity that identified from compliance check, sharing and learning of best practices. 
• Semi-annual RM Steering Committee meeting to direct and approve the prioritization of risk controls and review the continuous improvement for systemic risks.
• Annual brief to the Audit Committee on TSMC’s ever-changing risk environment, the key points of TSMC’s ERM, and risk assessment and mitigation efforts. The Audit Committee’s Chairperson also reports to the Board of Directors on the risk environment and risk mitigation actions to be taken.