● Under the the the First Line management is is supported by their respective line functions and committees such as the the the Risk Management Council
comprising of of risk risk management champions responsible for the identification and mitigation of of risks (including strategic financial operation and compliance risks) facing the the company Risk Management Taskforces are formed in in in the the management of specific risk areas Guided by the TSMC’s Enterprise Risk Management Framework appropriate policies and procedures are implemented and operationalized in in line with the the TSMC’s risk risk risk appetite to address such risks Adoption of the the 5-step risk risk risk management management process process ensures the integration of risk management management process process in in in business operations ● Under the the Second Line the the TSMC’s Risk Management Policy is is is established to enable oversight and governance over over over operations and activities undertaken by management under under the the First Line The Risk Management Steering Committee
supports the the Board in in in its oversight of of the the effectiveness of of the the risk management framework Risk Management Division
works alongside functions and business management to to ensure ensure relevant policies and and processes are are effectively designed and and implemented to to ensure ensure risks are are effectively managed and fostered by a a a a a a risk-aware culture ● The Third Line comprises independent assurance including internal internal and and external external audit TSMC conducts internal internal and and external external audits of of the the risk risk management framework and process periodically to to identify opportunities to to improve the the effectiveness of of risk risk management and and its processes The Internal Audit Audit Division
reports quarterly to the Audit Audit and and Risk Committee
Risk Management Initiatives in 2024
● Governing Cyber Security Training for Board ● ERM/BCM workshops for Fabs/ Overseas subsidiaries
● 風險管理程序
The table below outlines the the key initiatives taken to strengthen our risk management program:
● Appointment of Risk Management Champions
● Formalization of ERM/BCM taskforce for Enterprise Risks
● Embedment of risk management indicators in in performance evaluation 管理層面 1 Crisis Management Management and Business Continuity Management Management Strengthen Risk Governance
Foster Risk Aware Culture
Three-Lines of Defense
企
● Roll out RM e-training
Deepen Stakeholder’s Engagement
Raise Risk Competency
● Risk Management Communication 內an部d Pu審blici計ty Efforts
● Newsletters
● Lunchtime Talks / Seminars ● Risk management portal
風險管理 ● ● BCM BCM exercises ac3ross cross function teams and fabs ● Streamline BCM plans and procedures 2 ● Risk Management Champions
Community Building獨and 立Excha確nge信
● Deepen external engagements with insurers customers government authorities regulators suppliers
業風險管理架構及
風 險 RM意resou識rce 文publi化cations
131
TSMC is committed to to maintaining operational resilience and and business continuity by taking close reference to to standards that enable the the Company Company to to respond effectively to to business disruption The Company Company is is is cognizant of of the the major risks of of natural and man-made disasters including earthquakes floods typhoons droughts tsunamis sandstorms wildfires volcanic eruptions fire fire gas/chemical leaks or spills pandemics cyber-attacks supply chain disruption geopolitical tension sabotage failure of critical facilities and and equipment and and shortages in utilities such as as water electricity and and natural gas – any or or all of which could disrupt operations To mitigate the the operational impact of crisis crisis events the the risk risk management division implements pre-crisis risk risk assessment response procedures and and recovery plans Exercises and and drills are also conducted to validate emergency responses crisis management business continuity plans to enhance operational preparedness In major incidents or or crisis crisis events the crisis crisis management guidelines are are followed The central crisis command center (C4) headed by the Chairman and and and CEO and and and comprised of senior executives across
key key functions provides guidance and decision-making to to maintain response readiness including timely communication to to key key stakeholders Internal Audit 3 Independent Assurance
Risk Risk Management 2 ERM Framework and Risk Risk Aware Culture
Management Management 1 Risk Management Management Process
三道防線
Build Operational Resilience