Sustainability communication Operations Governance Value Creation Environmental Protection Personnel structure Social prosperity Social Contribution Appointed Store Online questionnaire ESG Reports ESG Contact Information

Risk Management

Risk Management


As a company dedicated to providing high quality steel structure products, CT regards sustainable development as one of its core corporate values. Continuously monitor risks in operating activities, and through management mechanisms, reduce operational risks, financial risks, information security risks, environmental and carbon reduction energy risks, and corporate sustainability risks. By ensuring the effectiveness and sustainability of risk management, sustainable corporate operations can be achieved. To assess and address various potential risks, the Company has implemented multiple risk management measures and integrated them with ISO management systems to continuously monitor major risk issues.

圖片1.png

 

1.3.1 Internal Audit System: Oversee and manage operational processes to prevent potential governance risks

 

An Internal Audit Department has been established and reports directly to the Board of Directors. Its duties are to audit various operational activities and provide recommendations for improvement in areas such as operational effectiveness and efficiency, reliability of financial information, and compliance with relevant laws and regulations. The internal audit reports and audit followup reports are submitted to the independent directors for review, and the Head of the Audit Department attends board meetings to report on audit work carried out according to the audit plan.

 

Internal audits are conducted in accordance with the requirements set by the FSC. In addition to the major transaction cycles (engineering and collections, procurement and payments, investment, financing, production, payroll, and fixed assets), the audits also focus on guarantees and endorsements, loans to others, asset management, budget management, financial statements, derivative financial instruments, relatedparty transactions, supervision and management of subsidiaries, board meeting procedures, and prevention of insider trading. The internal audit reports and audit followup reports are submitted to the Audit Committee for review as required by regulations.

To prevent potential ethical risks among employees during corporate operations, in addition to imposing strict standards on personnel integrity, the Company has established governance structures and implemented internal control mechanisms to ensure that all staff and operations fully comply with relevant laws and regulations, thereby deterring misconduct.

ž   Planned Audit Operations

Before the end of each year, the Internal Audit Office formulates the annual audit plan based on risk assessment results, and after executing the audits, submits any identified internal control deficiencies and anomalies along with recommendations for improvement to the independent directors for review in order to ensure the internal control system is continuously and effectively implemented.

 

ž   Self-assessment Operations

To implement the Company’s selfmanagement and supervision mechanisms, a selfassessment is conducted at the end of each year, whereby each department carries out its own internal control system evaluation, which is then reviewed by the Internal Audit Office and submitted to the General Manager for approval to ensure that the design and implementation of the internal control system can be adjusted promptly in response to changes in the operating environment.

 

圖片2.png

 

1.3.2 Ethical Management System: Establish corporate governance and risk control mechanisms to ensure implementation of the Ethical Corporate Management Best Practice Principles.

The Company has established the “Ethical Corporate Management Best Practice Principles” to ensure that business activities are conducted honestly, fairly, with integrity, and transparently. In internal regulations, the annual report, the Company website, various promotional materials, and external events, the Company declares its ethical corporate management policy so that managers, employees, suppliers, customers, and other businessrelated organizations and personnel can understand the Company’s ethical corporate management principles and standards.

 

圖片3.png

 

The Company has established multiple reporting channels, including a telephone hotline, a reporting email inbox, a P.O. Box, and a reporting system on the Company website. The Internal Audit Office handles all reports and keeps whistleblowers’ identities confidential. Confidentiality is maintained throughout the complaint handling process to protect and safeguard whistleblowers’ rights. In 2024, the total number of complaints received and processed was zero.

 

If any complaints are received, they are carefully verified and reviewed before being duly handled by the relevant department, and the audit results confirm whether there has been any material corruption or bribery violations of operating regulations.

 

Whistleblowing Channel

Company website: http://www.century.com.tw/tw/duty/47/

Century Iron & Steel Whistleblower Mailbox: jack.leecentury.com.tw

Tel.: (03) 473-0201 ext.215

Fax: (03) 473-5235

 

 

 Information Security System: Prevent, monitor, and reduce the impact of various information security risks on operations

 

Information security management is closely linked to sustainable development and plays a vital role in corporate governance. Manufacturing enterprises also face an increasing number of information security threats, including data breaches, ransomware attacks, and supply chain vulnerabilities. Therefore, we must take effective measures to ensure that the Company’s data and information systems are adequately protected. This not only safeguards the Company’s interests but also is key in maintaining the trust of customers and partners.

 

圖片4.png

 

ž   Information Security Policy and Organization

1756366463233710.pngTo strengthen information security risk control and protection, CT established the Information Security Management Committee in August 2023, which is responsible for planning and promoting the establishment and maintenance of the Information Security Management System (ISMS). The Committee adopts the PDCA (PlanDoCheckAct) information security management cycle mechanism, formulates information security standards and operational procedures, and follows the “electronic data processing operation cycle” of the internal control system to control potential threats and vulnerabilities, thereby achieving management planning for proactive prevention, continuous monitoring, and emergency response. It became the first Taiwanese company certified to ISO 27001 by TÜV Rheinland Taiwan, with the certificate valid from March 7, 2024 to March 6, 2027. This milestone not only demonstrates the Company’s strong commitment to information security but also integrates it into the overall framework of sustainable operations, further enhancing the Company’s risk management capabilities and competitiveness and showcasing the Company’s outstanding performance and contributions across various fields.

 

ž   Resources Invested in Cybersecurity Management

In 2024, the Company’s budget for information security remained stable. To ensure the security of systems and data, the Company has continued to enhance the application of relevant technologies and protective measures. At the same time, the Company has continued to invest in employee training, risk management, and emergency response capabilities to ensure that it can respond swiftly to potential threats.