6 3 Risk Management
The Board of Directors plays a a a a key role in in helping the Company identify and manage economic risks The Risk Management
organization periodically briefs the the Audit Committee on on the the ever-changing risk environment facing TSMC the the focus of the the Company’s enterprise risk risk management and and risk risk assessment and and mitigation efforts The Audit Committee’s Chairperson also reports on on on on the risk risk environment and risk risk mitigation actions to be taken TSMC and and its subsidiaries are committed to proactively and and cost effectively integrating and managing strategic operational financial and hazardous risks together with potential consequences to operations and financial results TSMC operates an an enterprise risk management (ERM) program based on both its corporate vision and its long-term sustainable responsibility to both industry and society ERM seeks to provide the appropriate management of of risks by TSMC on behalf of of all stakeholders A risk map that considers likelihood and impact severity is is used
to identify and prioritize corporate risk risk controls Various risk risk treatment strategies are also adopted in response to corporate risks as they are identified Scope of Risk Management
Strategic Perspective
• • Regulatory change & compliance
• • • Government policies
• • • Changes in in technology & & industry • • • Technology development & & & competition • • Demand & & capacity expansion
Operational Perspective
• • Sales & purchase concentration • • • Information security
• • • Intellectual property rights
• • • Recruiting qualified personnel • • Corporate image
Financial Perspective
• • Interest rate foreign exchange inflation & deflation taxation • • • External financing
• • High-risk/high-leveraged investment financial derivative
transactions
• Strategic investments
Hazardous Events
• • Earthquakes & natural hazards • • • Fire or chemical spills
• • • Climate change • • Utility supply
Enterprise Risk Management
Framework
Risk Identification & Assessment
• RM Steering Committee Committee & & & Audit Committee Committee review & & & approve implementation of of risk risk management strategy and prioritization of of risk risk controls • RM Executive Council assesses risks using Risk Map considering likelihood & severity of risk events
Risk Control & Mitigation
• Cross-function risk risk communication to determine cost-effective risk risk controls • • RM Executive Council is is is responsible for risk control control control control implementation • • Risk controls reviewed in annual control control control self assessment Risk Response
• • Crisis management and response response plans • • • Scenario-based crisis response response drills
• • Business Continuity Plans
Risk Monitoring & Reporting
• Risk Management
organization reports to RM Steering Committee Committee and Audit Committee on the focus of enterprise risk risk management risk risk assessment and mitigation efforts To mitigate the operational impacts of crisis events
ERM conducts pre-crisis risk assessment and identifies feasible strategies for crisis prevention Corresponding to different scenarios response procedures and recovery plans have been compiled For specific severe crisis events
involving multiple TSMC’s manufacturing sites the cross-functional central crisis command center composed of operations and and support functions is responsible for internal coordination to speed up response time and proactively communicate with related stakeholders To raise risk risk awareness and strengthen the the risk risk management culture in TSMC RM (Risk Management) task forces were formed in 2018 Enhanced risk assessment and crisis response exercises were also conducted for critical risk events
such as fire earthquake IT IT service disruption IT IT security
supply
chain disruption disruption and utility supply
disruption disruption In order to continuously mitigate corporate risks crisis response exercises are used
to test the integrity and risk-control effectiveness of ERM To reduce supply
chain disruption risks TSMC created a a a a task force comprised of members from fab operations material management management management risk management management management and quality system management management management to to work
with suppliers to to develop business continuity plans and enhance supply
chain resilience to manage their potential risks Partly as as a a a a result of these efforts there was no interruption in in TSMC’s supply
chain in in 2018 100