6 3 Risk Management
The Board of Directors plays a a a a key role in in helping the Company identify and manage manage economic risks The risk risk management organization periodically briefs the the Audit Committee on on the the ever-changing risk environment facing TSMC the the focus of the the Company’s enterprise risk risk management and and risk risk assessment and and mitigation efforts The Audit Committee’s Chairperson also reports on on on on the risk risk environment and risk risk mitigation actions to be taken TSMC and and its subsidiaries are committed to proactively and and cost effectively integrating and managing strategic operational financial and hazardous risks that represent potential negative consequences to operations and financial results TSMC operates an an enterprise risk management (ERM) program based on both its corporate vision and its long-term sustainable responsibility to both industry and society ERM seeks to provide the appropriate management of of risks on behalf of of all stakeholders The Company maintains a a a a a a a risk map that considers likelihood and impact severity and and and is is used to identify and and and prioritize risk controls and and and implement various controls and risk risk treatment strategies in response to risks as they are identified Scope of Risk Management
Strategic Perspective
• Regulatory change and compliance
• Government policies
• Changes in in technology and industry • Technology development and competition • Demand and and capacity expansion
Operational Perspective
• Sales and purchasing concentration • Information security
• Intellectual property rights
• Recruitment of qualified personnel • Corporate image
Financial Perspective
• Interest rate foreign exchange inflation deflation and taxation • External financing
• High-risk and/or highly leveraged investments financial derivative transactions • Strategic investments Hazardous Events
• Earthquakes and natural hazards • Fire or chemical spills
• Climate change • Utility supply
Enterprise Risk Management
Framework
Risk Identification & Assessment
• RM Steering Committee Committee and and Audit Committee Committee review and and approve implementation of of risk risk management strategy and prioritization of of risk risk controls • RM Executive Council adopts risk map which considers likelihood and severity of risk risk events to assess risks Risk Control & Mitigation
• Cross-function risk risk communication to determine cost-effective risk risk controls • RM Executive Council is is responsible for risk control implementation • Risk controls reviewed in annual control control self assessment Risk Response
• Crisis management and response plans • Scenario-based crisis response drills
• Business continuity plans Risk Monitoring & Reporting
• Risk Management
organization reports to RM Steering Committee and Audit Committee on the focus of enterprise risk risk management risk risk assessment and mitigation efforts To mitigate the operational impacts of crisis events ERM conducts pre-crisis risk assessment and identifies feasible strategies for crisis crisis prevention Response
procedures and recovery plans are compiled corresponding to different scenarios For specific severe crisis events involving multiple TSMC manufacturing sites the cross-functional central crisis command center composed of operations and and support functions is responsible for internal coordination to speed up response time and proactively communicate with stakeholders To raise risk risk awareness and strengthen the the risk risk management culture in TSMC RM task forces have been formed Enhanced risk assessment and crisis response exercises have also been conducted for potentially critical events such as fire earthquake IT service disruption disruption IT security
breach supply
chain disruption disruption major yield loss and utility supply
disruption In order to continuously mitigate corporate risks crisis response exercises are used to test the integrity and effectiveness of ERM To reduce supply
chain disruption risks TSMC has created a a a a a task force comprised of members from fab operations materials management management management risk management management management and quality systems management management management to to work
with suppliers to to develop business continuity plans and enhance supply
chain resilience Partly as a a a a a result of these efforts there were no interruptions in in in in TSMC’s supply
chain in in in in 2019 As production capacity continues to expand with more advanced technology TSMC has initiated and implemented seismic protection engineering design risk treatment practices and green manufacturing projects in in all new fabs 100