Risk management
Organization of The Risk Management Team
Development for Corporate Governance, The Risk Management Team was formed in 2022 and the president serves as the convener of the Risk Management Team, which identifies and manages risk factors and facilitates command and dispatch, assessment, and implementation of the risk management policy by the risk management organization. By classifying the risks through their characteristics, with the exception of Risk Management Team, which oversees all risk management-related matters, each functional unit is also responsible for the preliminary risk identification, risk assessment and risk control. This promotes the efficiency in command and dispatch, self-assessment, and executions in the risk management organization. Projects involving major risks are submitted to each project review group for review in accordance with the company‘s regulations based on the nature of the risk and the monetary value involved. Those that meet the required standards will be sent to the Audit Committee and the Board of Directors for approval.
Operational Summary for 2023
The Risk Management Team has reported risk identification and evaluation related to climate change to the Audit Committee and the Board of Directors on November 7, 2023.
Risk Management Mechanism
To establish robust risk management operations and raise risk awareness, the Company established identification, assessment, control, and supervision processes for potential risks, thereby ensuring the Company’s healthy operations and strengthening corporate governance. The Company established the Risk Management Policy and Procedures, which was passed by the Board of Directors, in 2022 as the highest guiding principles of the Company’s risk management.
The Company identifies risk factors through the Risk Management Team every year and identifies risks that may impact the Company’s sustainable development, selecting the scope of risk management on this basis.
Risk Management Policy
The boundary of the Company's risk assessment is Taiwan Synnex Technology International Corporation, including wholly owned subsidiary Synergy Intelligent Logistics Corp. Risk-related units in the organization were integrated into the Risk Management Team, and the president serves as the convener of the Risk Management Team. The team identifies and manages risk factors based on the materiality principle, and in accordance with environmental, social, or governance (ESG) issues related to the company's operations, and facilitates command and dispatch, assessment, and implementation of the risk management policy by the risk management organization, as described below:
Risk Management Measures
As our company operates in the distribution industry and is a publicly traded company, financial risk management is a key operational focus. We have established policies and analyses related to interest rate, exchange rate, and inflation risks (please refer to the company's 2023 annual report for details). In addition to financial risks, other risks relevant to our operations are listed as follows:
| Risk item |
Change of government policy and regulations
|
| Risk factor |
As the company is a channel business with strong logistics capabilities, the risk of product R&D focuses solely on suppliers or customers. At present, the industrial policies of the governments of each country in which the company is located tend to encourage the development of high value-added logistics operations, especially in Taiwan and the China. Thus, the risk of change of government policies and regulations is limited at present.
|
| Impact on the company in 2023 |
There are no major changes in government policies and regulations. |
| Response measures |
The company will continue to observe and analyze the future direction of government policies and regulations in order to facilitate immediate response.
|
|
Risk item
|
Technology changes and industry changes
|
|
Risk factor
|
The company's product range is mostly high-tech products; thus, sales change triggered by change of technology will result in operational risk, for example, unable to become an agent for innovative products.
|
|
Impact on the company in 2023
|
The company's product distribution rights have both increased and decreased.
|
| Response measures |
The Company operates on its policy of “multi-brand, multi-products.” The products that the Company distributes include well-known global brands. In general, most major brands have good control over their technological advantages; thus, the Group's operational risk is effectively reduced.
|
| Risk item |
Change of corporate image
|
| Risk factor |
As the end-user of the company's IT and Telecom products are consumers, corporate image is very important to the company's operation.
|
| Impact on the company in 2023 |
The corporate image of the company remains positive and there is no event that significantly damaged the company's image.
|
| Response measures |
1.Strengthen the service skills of the customer service department, and fully utilize the functions of customer feedback and consumer complaint mailbox.
2.In case of major consumer disputes, an inter-departmental team shall be formed to keep the situation from worsening.
|
|
Risk item
|
Mergers and acquisitions |
|
Risk factor
|
Mergers and acquisitions can facilitate the expansion of product distribution and range while expanding market share. However, there are risks of overpricing, under-valuing liability, and failure in integration.
|
|
Impact on the company in 2023
|
The company did not participate in any mergers and acquisitions.
|
| Response measures |
N/A.� |
| Risk item |
Expansion of plants
|
| Risk factor |
Synnex's core competitive advantage is effective and quality back office logistics operation that enhances value added services, expands market share, and enhances overall performance. However, there exists risks of poor cash flow resulting from over-expansion, low utilization, or idleness.
|
| Impact on the company in 2023 |
The cost of establishment or expansion of logistics centers was approximately NT$983 million.
|
| Response measures |
Before expansion: Careful evaluation of investment effectiveness and cost.
After expansion: Introduce successful operational experience and management to develop its effectiveness.
|
|
Risk item
|
Centralized purchasing or sales |
|
Risk factor
|
The risk of centralized purchasing is the impact to the company's performance when distribution rights or when the represented product has lost its competitiveness. The risk of centralized sales is the significant impact to the company's performance when loosing a customer.
|
|
Impact on the company in 2023
|
The company does not have over centralized purchasing and sales issues. See the statistics of the "Group's list of key clients and amounts in the past two years"
|
| Response measures |
The Company operates on its policy of “multi-brand, multiproducts” and “open channel management to establish dense reseller network” to develop markets, which can also effectively avoid risk of centralized purchasing and sales.
|
| Risk item |
Mass transfer or change of shares of directors, supervisors, or shareholders holding more than 10% interest
|
| Risk factor |
May have significant impact to shareholder rights and Synnex's share price. |
| Impact on the company in 2023 |
No significant equity transfer or change. |
| Response measures |
The company has established reporting mechanism to effectively manage relevant situations and the disclosure of information. |
|
Risk item
|
Change in management rights |
|
Risk factor
|
May have significant impact to shareholder rights and Synnex's share price. |
|
Impact on the company in 2023
|
There is no change in management rights. |
| Response measures |
The company will promptly publish major information shall there be any change in management rights.� |
| Risk item |
Information security
|
| Risk factor |
Information security risk refers to the threat that may affect the assets, processes, and operating environment of the entire enterprise organization. The business operations of the company are highly dependent on the establishment and development of information systems. Thus, the control of information security is very important to avoid losses due to information confidentiality, integrity, or availability
|
| Impact on the company in 2023 |
The Company has no major deficiencies in information securityrelated audits and has no major information security incidents resulting in leakage of customer information and fines.
|
| Response measures |
1. Continue to rigorously monitor and strengthen information security protection mechanisms, track information security threats and formulate response measures to control the risk events that may exist in the enterprise, and continue to track improvement.
2. Strengthen information security awareness promotion and training to reduce personnel errors and enhance personnel's awareness of information security protection.
3. Continue to pay attention to international trends and standard requirements, and conduct international standard verification through external third-party organizations every year (passed ISO 27001 information security verification for 8 consecutive years).
|
|
Risk item
|
Litigation or non-litigation events |
|
Risk factor
|
Major litigation and non-litigation events of the Company and the Company's Directors, Supervisors, President, actual owner, major shareholders with over 10% of shareholding, and subsidiaries will damage the Company's image, shareholder rights, and Synnex's share price
|
|
Impact on the company in 2023
|
Description below |
| Response measures |
With the established reporting system, the Company will minimize the damage through honest, fast, and open process. |
|
Risk item
|
R&D
|
|
Risk factor
|
In order to expand its semiconductors business, the Company has a dedicated department responsible for providing product testing and design services for brand manufacturers and customers. However, the Company is positioned to provide technical services, and the risk of product R&D is concentrated solely on suppliers or customers.
|
|
Impact on the company in 2023
|
None
|
| Response measures |
The Company's technology application department is positioned to "assist the sales of semiconductor products through pre-sales services", and resources are invested depending on market conditions to provide customer services; the final risk of R&D is borne by the customers.
In addition, the Company is positioned as an "Management Service Platform", and has invested a fair amount of human resources and funds; it has continually refined its services and systems to satisfy requirements of the industry supply chain. However, this investment is innovation of operation management and service, and does not apply to R&D investment.
In conclusion, the Group has no plan to invest in R&D.
|
Internal Audit Unit Supervision and Management
The Company has established the Internal Audit Office under the Board of Directors to established and follows effective accounting systems and internal control systems, and conducts reviews regularly so as to ensure that the design and enforcement of the systems continue to be effective. The company's internal audit unit shall regularly and irregularly review the status of the company's internal control systems compliance and prepare audit reports for submission to the Board of Directors. The "Ethical Corporate Management Best Practice Principles" and "Procedures for Ethical Management and Guidelines for Conduct" formulated by the Group have clearly prohibited the giving and receiving of bribes, the provision of illegal political donations, and the prohibition of improper charitable donations or sponsorships. Integrity clauses have also been clearly specified in relevant business contracts. Each unit's internal control system conducts self evaluation on its operations to achieve effective control and implementation, and is independently reviewed by the Internal Audit Office to ensure the effective implementation of the overall mechanism.
The annual audit plan of the Internal Audit Office has listed integrity clauses of suppliers and customers as key integrity criteria. It reviews the rationality of the operations from the auditing target and assesses its hidden risks. When necessary, CPAs or relevant professionals are also appointed to assist in the audit to ensure compliance.