133
● Risk Management Organization Chart
● Risk Management Executive Council
1 Identifies potential/emerging risks that may impact TSMC in in achieving our objectives and/or the continued effectiveness
and efficiency of our business operations 2
Conducts risk risk assessments defines risk risk mitigation plans including incident management plans as as well as as provides sponsorship and allocate sufficient resources to enable timely and effective mitigations 3 Leads and drives cross-functional taskforce meetings or or activities to ensure that risks are adequately & effectively mitigated including collaboration with Risk Management Division and various parties 4 Defines key risk risk indicators (KRIs) to to to proactively monitor risk risk dynamics to respond in a a a a timely and effective manner 5 Builds a a a a a a risk-aware culture and raise risk risk competency in fab/ division including but not limited to training/exercises and continuous improvements 6 Defines and facilitates action plans based on on root cause analysis to prevent reoccurrences of major incidents high-risk events and major findings raised from internal/ external reviews 7 Reports to Risk Management Steering Committee on the progress effectiveness
review lesson learned and implements the decisions made by Risk Management Steering Committee ● Risk Management Taskforces
1 Identifies and assesses potential risks/threats that may impact TSMC achieving its business objectives as as well as as deploying the risk mitigations 2
Plans and and executes risk prevention and and mitigations in accordance with risk scenarios 3 Organizes and/or participates in in cross-functional meetings in in in addressing risks that cross multi-disciplines or divisions/
fabs 4 Participates in the implementation and execution of risk management initiatives and activities 5 Reviews the investigation of major incidents high-risk events and major findings raised from internal/external checks for division Monitor the effectiveness
of action plans ● Risk Management Division 1 Assists the board in in in establishing overseeing a a a a proactive and and effective management management system of risk management management and and business continuity management including risk appetite and tolerance risk risk strategy and risk risk management framework policy and procedures 2
Strengthens risk risk culture awareness and risk risk management capabilities through continuous training education and awareness programs Risk management is is a a a a shared responsibility of both management and employees employees All employees employees are required to be competent and accountable for managing risks related to their area of responsibility with an emphasis on on clear risk ownership The roles and responsibilities of the risk management organization are defined as below:
1 2
3 4 5 6 Advises the Board in in in determining overall risk appetite tolerance strategy and resources allocation (taking into account of the current and prospective macroeconomic technological regulatory environmental and social developments
and trends) Reviews and and oversees the applicability and and performances of risk management framework policy and procedures Provides advice and assurance to the Board by adopting a a a a a a a holistic view of the key risks that TSMC is is is exposed to and approves the prioritization of risk mitigations Sets the the tone at the the top provides sponsorship to to to risk management initiatives and activities bringing about the desired risk culture awareness and capabilities of effectively and and sufficiently managing the key risks and and new type of risks including clarifying the risk risk ownership Ensures that risk management is is incorporated into strategic business development and operational planning day-to-day management and decision making Advises the the Board on on proposed transactions
to address the the strategic risks and capitalize on opportunities ● Risk Management Steering Committee Board of Directors Management Board Audit and Risk Committee Risk Management Steering Committee (Functional heads VP level)
Risk Management Executive Council
(Members titled as Risk Management Champion (RMC) director-level)
Risk Management Division Risk Management Taskforces
(Representatives from each Fab/Division)