The roles and responsibilities of the various committees under the risk management governance structure are defined below:
Risk Management Steering Committee
● Advises the Board in in in determining overall risk appetite tolerance strategy and resource allocation taking into account current and prospective macroeconomic technological regulatory environmental and social developments and trends ● Reviews and and oversees the applicability and and performances of the risk management framework policies and procedures ● Provides advice and assurance to the Board by adopting a a a a a a a holistic view of the key risks that TSMC is is is exposed to and approves the prioritization of risk mitigations ● Sets the the tone for risk management from the the top sponsors
initiatives and activities to nurture the desired risk culture awareness and and capabilities to effectively manage key risks and and new type of risks including clarifying risk risk ownership ● Ensures that risk management is is incorporated into strategic business development and operational planning day-to-day management and decision making ● Advises the Board on on proposed transactions so as to address strategic risks and capitalize on opportunities Risk Management Executive Council
Risk Management Taskforce
● Identifies and and assesses potential risks and and threats that may prevent TSMC from achieving its business objectives and deploys appropriate mitigation measures ● Plans and and executes risk prevention and and mitigation in accordance with various scenarios ● Organizes and/or participates in in cross-functional meetings to address risks that span multiple disciplines or divisions/fabs ● Participates in the implementation and execution of risk management initiatives and activities ● Reviews division or or fab investigations of major incidents or or or high-risk events and their major findings Monitors the the effectiveness of action plans Risk Management Division
● Assists the Board in in in establishing and overseeing a a a a a proactive and and effective mechanism of risk management and and business continuity including risk risk appetite and tolerance risk risk strategy and and management framework policies and and procedures ● Strengthens risk risk culture awareness and risk risk management capabilities through continuous trainings communications and awareness programs ● Identifies and and analyzes the sources and and categories of risks to the the Company and regularly reviews their relevance ● Facilitates risk risk management committees and risk risk owners in the implementation of risk management activities and initiatives to identify and manage risks including the review of mitigation plans business continuity crisis and incident management plans reviews the effectiveness of risk management activities through documented reports management discussions and meetings ● ● ● ● ● ● ● ● Identifies potential and emerging risks that may impact TSMC in in in achieving its objectives and/or the continued effectiveness and efficiency of its business operations Conducts risk assessments defines mitigation plans including incident management plans provides sponsorship and allocates sufficient resources to enable timely and effective mitigation Leads and drives cross-functional taskforces meetings or other activities to ensure that risks are adequately and effectively mitigated including collaborating with the risk management division and various other parties Defines key risk risk indicators (KRIs) to to to proactively monitor risk risk dynamics and and respond in a a a a a timely and and effective manner Builds a a a a a a risk-aware culture and raises risk risk competency in fabs and divisions including but not limited to training exercises and continuous improvement Defines and facilitates action plans based on on root cause analysis to prevent recurrences of major incidents and high-risk events as raised by major findings of internal and external reviews Implements the the decisions made by the the risk management steering committee committee and reports back to the the committee committee on the the progress effectiveness and lessons learned Includes performance of RM Council
in management reviews ● Coordinates cross-department and cross-functional interaction and communication of risk management operations and decisions decisions including implementing decisions decisions of the risk management steering committee 130
● Consults with management consultants and peers on on on best practices and and and standards for continuous improvement and and and benchmarking ● Prepares reports to stakeholders that may be required from time time to to time time by regulators government agencies insurers/ brokers and customers including an an an annual report on the implementation of Company’s risk management system Three-Lines of Defense
TSMC adopts the Three-Lines of Defense
Model towards ensuring the adequacy and effectiveness of TSMC’s risk management system