Risk Foresight and Crisis Management

The purpose of risk management is to protect and enhance corporate value, being able to structure and systematically assess risks that may be faced, making timely and responsive decisions that meet the company's operational goals, and ensuring that goals are achieved while enabling improvement. As a global leader in our industry, Advantech has had a continuous focus and drive for significant strategic and operational risk management.

In recent years, Advantech has re-examined the governance structure of risk management, the composition and operation of the risk management team, and the operation process of risk management. Hence, risk management is ensured in a systematic and structured manner which has been promoted. The Board of Directors is the highest governance unit for risk management, and directly supervises general strategic risks and information security risks. The Sustainable Development Committee and Remuneration Committee also participate in overseeing some strategic risks. The Audit Committee is mainly responsible for supervising the pan-operational risks.

The risk management team is responsible for the risk management process and reviewing as well as tracking the implementation on a quarterly basis. The responsible supervisor is responsible for formulating response measures for risk items and actual implementation. Internal auditors shall closely monitor or in driving all risk management processes. It shall also provide opinions and conduct audits on various risk topics as needed.

Advantech develops risk management policies and operational continuity plans to prepare for possible business interruption risks, or various emerging risks. We also regulate operations when risks occur in order to minimize their potential impact and influence. Then, subsequent correction and management are achieved. In addition, Advantech strives to provide transparent and real-time information delivery and communication to potentially affected stakeholders for various related risks.

Risks identified by Advantech's risk management process involve economic, environmental, and social issues. If there is no effective management and response to each risk item, the possible negative impact on the company includes the impact of the promotion of the company's strategy and operating performance, the impairment of the company's goodwill, or the increase of the company's operating costs and expenses. On the other hand, risks can be transformed into future business opportunities and competitiveness through early identification and effective response to risk items.

• Experts/consultants are arranged to conduct training and communication on evolutionary risk management to directors and key executives.
• Establishment of risk management mailbox: All employees are encouraged to take the initiative to provide suggestions.
• Investigation of risk issues: The scope of investigation has been expanded to global vice president and the level of associate managers, managers and deputy managers on both sides in cross-strait.

• Risk management courses and training are extended to all overseas employees. The target completion rate has exceeded 80% of the global employees (excluding direct employees).
• At least two project discussions of high-level strategic risk issues were facilitated.

• Over 90% of the global employees (excluding direct employees) have completed the education and training of risk management courses.
• The organizational level of risk management is reasonably improved compared with benchmark peers.

• Please refer to the chapter 2.4. Risk Foresight and Crisis Management for the action plan for material operational risks.
• Advantech not only reduces or avoids the possible negative impact of risk items on the Company through various actions, but also explores the opportunities that risk items may bring. The latter includes the development of solar energy, wind power industry, related applications of electric vehicles, and the development of energy management platforms.

• Important risk topics are included in the tracking items of the quarterly risk management meeting and reported to the Board of Directors or the audit committee.
• The management owner builds data dashboards and KPIs for real-time exception reporting and tracking for major risks.
• Risk issues are listed as audit topics by the audit department for discussion and tracking.
• The risk team proposes proposals every year with reference to the best practices of risk management of DJSI and benchmark peers.

Advantech conducts risk surveys every year. The objects of the investigation include directors, accountants, external consultants, etc. In addition to identifying major risk items, the survey also collected opinions on improving risk management. Moreover, a risk mailbox has also been set up to encourage employees to put forward suggestions for improvement. The main risks and related countermeasures are fully disclosed through channels such as the official website, sustainability report, investor conference, press release, and so on to facilitate investors, corporate shareholders and other stakeholders to fully understand.