Corporate Governance in ESG

Performance Evaluation

To enhance the functions of the Board of Directors, the Company has established the "Board of Directors and Functional Committees Performance Evaluation Procedures." The Board of Directors and its functional committees conduct an internal evaluation once a year and an external evaluation every three years. Based on the results, improvement suggestions are proposed to further strengthen the effectiveness of the Board.

2024 Internal Performance Evaluation Results Exceeded Standards

(Evaluation score of 90 points or above)

Board of Directors / Audit Committee / Remuneration Committee / Sustainable Development Committee / Nomination Committee

Implementation Status of External Performance Evaluation Recommendations

In 2022 (2022.1.1~2022.12.31), the Company engaged the "Taiwan Corporate Governance Association" to conduct an external evaluation of the Board of Directors’ performance. Through the independence and professional review of external experts and scholars, the evaluation examined and provided recommendations on seven aspects: Board composition and structure, director selection and training, participation in company operations, decision-making quality, internal controls, sustainability and environmental responsibility, and value creation. The recommendations and follow-up measures are as follows:

Business Ethics

Operate with the highest ethical standards, integrating integrity and ethical values into the company's business strategy. This ensures that the DNA of integrity is deeply rooted within the organization, fulfilling the mission of being a high-quality enterprise in harmony with society.

Risk Management

In 2024, the Company established the "Risk and Security Management Policy and Procedures" and set up the Risk and Security Management Representative Committee. The members of the committee are appointed by the Chief Executive Officer and are responsible for consolidating risk and security issues. At least once a year, the committee submits proposals and reports on risk and security matters to the Audit Committee and the Board of Directors.

Organizational Chart

The Risk and Security Management Representative Committee consolidated 68 risk items and 825 risk factors, which were further categorized into 10 aspects comprising 69 risk items.

Risk Classification

Based on the results of the matrix analysis, there are 8 high-risk items, 13 medium-risk items, and 48 low-risk items. The 8 high-risk items were grouped into four major categories:
1. Paradigm shifts and industry changes driven by technological transformation
2. Trade protectionism and geopolitical issues
3. Information security
4. Material management
Corresponding response measures were developed and approved by resolution of the Audit Committee and the Board of Directors on February 27, 2025. The Company will continue to promote and foster a risk-aware corporate culture to advance sustainable development.

Risk Matrix

Risk Response Strategies

Risk Education × Performance Incentives

At the beginning of each year, approximately 200 global functional representatives receive "Risk and Opportunity" training. The program covers risk assessment and identification, regulatory compliance and internal controls, as well as continuous improvement and monitoring mechanisms. The purpose is to strengthen employees’ risk awareness and response capabilities. Tangible achievements in risk reduction are incorporated into performance evaluations, including indicators such as reduced employee turnover, decreased occupational injury rates, lower Lost Time Incident Rate (LTIR), and maintenance of third-party information security ratings. Incentives and rewards are linked to KPI attainment, thereby enhancing the overall effectiveness of the organization’s risk management.

Regulatory Compliance

Wiwynn continuously monitors regulatory changes and updates internal systems as needed to strengthen compliance management. Annual regulatory compliance audits are conducted to identify and manage risks. No major violations occurred in 2023.
The Company established an RBA Management Committee, committed to complying with the Responsible Business Alliance (RBA) Code of Conduct, and encourages suppliers to follow suit. Multiple ISO management systems have been adopted to enhance risk management, promote environmental protection, reduce waste, lower carbon emissions, improve energy efficiency, and safeguard human rights and workplace safety.
In 2024, the Company was not subject to any legal proceedings or penalties related to anti-competitive behavior, antitrust violations, or monopolistic practices.
In 2024, a total of 33,680 employees received training on regulatory compliance and management systems, amounting to 61,069 training hours.

Information Security

Information Security Management Structure

A cross-functional, top-level Information Security Management Committee was established to monitor current conditions, strengthen management, and ensure agile responses. The Chief Information Security Officer (CISO) reports annually to the Board of Directors, with the most recent update presented on January 8, 2025. The Board is responsible for overseeing information security matters.

In November 2024, Wiwynn obtained ISO/IEC 27001:2022 certification, covering critical systems and infrastructure at its Taipei headquarters, as well as core systems and data centers at the Tainan facility. This certification scope covers approximately 71% of the Company’s global core systems and will be progressively expanded to include other operational sites, such as subsidiaries in Malaysia and Mexico.