Risk Policy

Risk Management Organization

RichWave Technology Corporation has established a cross-functional Business Continuity Planning (BCP) Management Office, including an Emergency Response Team, Logistics Support Team, and Climate Change Risk Response Team. The President serves as the Chief Convener of the Management Office, with representatives from various departments participating. The Board of Directors serves as the highest governing unit for risk management. To mitigate potential harm from significant risk events to the company, the BCP Management Office conducts rigorous risk assessments, formulates response strategies, arranges emergency response measures, conducts regular drills, and continuously improves.

Risk Policy and Management Process

To ensure that the company operates in a proactive and cost-effective manner, it integrates and manages a variety of strategic, operational, financial, and hazard-related risks that may affect its operations and profitability. The company enhances the oversight function of its board of directors in the area of risk management. RichWave has established a "Risk Management Policy and Procedures" which has been approved by the board of directors. The company conducts a comprehensive evaluation and management of existing risk factors through the processes of risk identification, risk analysis, risk assessment, risk response and control, and risk monitoring. The company maintains regular monitoring of emerging risks that may potentially have an impact, and endeavors to acquire a comprehensive understanding of the extent of each risk. The company implements appropriate measures and allocates resources to ensure the effective management of relevant risks.

Business Continuity Plan (BCP) Management Process

The SOP of BCP management and its performance are included in the ISO 9001 management review meeting.

Risk Item Identification and Management

By analyzing the global conditions, industry trends, and regulatory trends, RichWave can identify risks related to five dimensions including strategy, operation, finance, hazardous events, and legal compliance:

Furthermore, for risks that the Company may encounter in its daily operations, the company has established Risk and Opportunity Management Procedures. SWOT analysis is conducted based on the company's background, and issues and demands from stakeholders are addressed through risk analysis and control conducted by the risk analysis team. High-risk items identified in 2023 include product competitiveness, price competitiveness, and supplier management. Plans are made to address these risks by strengthening product audits, establishing ongoing BCPs, enhancing supplier management procedures, and managing key suppliers on-site.

To effectively respond to and manage significant operational risks, the Board of Directors proposed in 2022 that the company should regularly review the business dealings with distributors, their financial credit status, and the implementation status of contractual provisions. The Business Continuity Management Office identifies actual risk items through the BCP system for improvement. The main projects executed in 2023 are as follows:

1. Review all distributor/agent lists and terminate business with distributors/agents with no transactions in the past two years.
2. The World Logistics Office and Customer Service Department jointly reorganize distributor conditions, review the contracts of effective distributors/agents, confirm credit guarantee regulations for distributors/agents by the Finance Department, approve the commission percentages for distributors/agents by the President, and ensure that business units effectively comply with related operational procedures, especially requiring approved distributors to provide credit guarantees.

On December 21, 2023, a report on the company's risk management identification status and response measures was presented to the Board of Directors and approved.

Audit and Internal Control

RichWave has established the "Internal Control System Self-Assessment Procedures," which apply to the company and its subsidiaries and cover all operational activities. The internal control system comprises five primary components: the control of the environment, risk assessment, control of operations, information and communication, and monitoring operations. Each component possesses a distinct set of detailed items.

• The control of the environment:
  Refers to the various factors that contribute to the formation of an organizational culture and impact employees' awareness of control. Employees' integrity, values, and capabilities; the board of directors' and management's philosophy and management style; methods of recruiting, training, organizing, and assigning employees; and the board of directors' attention and guidance all influence the control environment.
• Risk assessment:
  Refers to the process of identifying internal and external factors that may prevent a company from attaining its goals and evaluating their impact and likelihood.
• Control operations:
  Refers to the establishment of a robust control framework and the creation of control procedures at multiple levels to assist the board of directors and management in ensuring that their directives are carried out. Control operations include approval, authorization, verification, adjustment, review, periodic inventory, record reconciliation, division of duties, safeguarding physical assets, and monitoring subsidiary policies and procedures.
• Information and Communication:
  Information refers to the identification, measurement, processing, and reporting of financial and non-financial information by information systems related to operational, financial reporting, or compliance objectives. Communication is the dissemination of information to the appropriate personnel, both inside and outside the organization. The internal control system should include mechanisms for generating and delivering the information required for planning, monitoring, and information users' timely access.
• Monitoring:
  Refers to the process of self-evaluating the quality of the internal control system, which includes evaluating the adequacy of the control environment, the timeliness and accuracy of risk assessment, the adequacy and effectiveness of control operations, and the reliability of information and communication systems.

The effectiveness of the internal control system in the organization is evaluated using the above evaluation criteria. We concluded the internal control operations for 2022 on February 23, 2023, confirming the effectiveness of the operations in the company, the achievement of efficiency objectives, and compliance with laws and regulations, and releasing an internal control system statement which was approved by the board.